Securing my wireless

I just bought a linksys WRT54GX wireless router and I have some questions on security of the wireless network. I've read the manuel with what it can do and what I should do. I have disabled SSID broadcast and I plan on doing MAC address filtering but I also want to do encryption (it says it supports 128bit). when it comes to actual security there are a bunch of options like WPA pre-shared key and RADIUS. I've read up on them and I think I have an idea of what they are. I THINK pre-shared key is what I would use but do not understand much of what TKIP or AES is. With AES you set a 128bit number (I think) for encryption but how and where do I give that code to my wireless laptop to crack the code?

thanks for the help...I'm a big time noob when it comes to wireless



Spec

I only feel it is insufficent because of what I have read from posts here and internet articles. Almost all said some type of encryption is needed to be actually secure not just filtering. As for first hand experience, I have no idea



Spec

karl pell said:

I'm curious why you feel that MAC address filtering would be insufficient to secure your wireless network ... I ask because I would stop there and am wondering if I would be mistaken in doing so. Are you in an urban area or one with a lot of war driving/flying/diving/skulking?

Click to expand...

Just using MAC filtering is actually not very secure. It is easy to spoof a MAC. Your best bet is to use all the options that are available together to make your network as secure as possible.

if I was to use a pre-shared key with AES how would I go about giving my laptop the encryption code?

im not sure about the AES and that stuff, only familiar with WEP.

and with just mac filtering, someone can get in in under 5 minutes. likely less than 2. it's very easy to clone a mac address, and i wouldnt trust it at all. I know that with WEP you go to connect to the AP, it wil ldetect network type, then ask for the encryption key. have you tried that? as long as you have a comp on a wired connection to the router you can always change it back if it doesnt work. so i'd try setting it in the router, save changes, let it restart, and try connecting to it. you might want to leave SSID broadcasting on for now till you are sure you can connect.

and i believe that the card you're conneting with ahs to sopport the wpa stuff as well, or you wont be able t oconnect. ,ight be stuck with WEP.

Use WPA, and make sure you dont use a passphrase that can be bruteforced with ease, use random numbers and letters and make as long as possible. Also use MAC filtering and turn off SSID. Thats how I run my wireless network, Orlando is full of war drivers...myself included it's scary to see how poorly secured or even unsecured most wireless networks are. Dont be one of them.

I will probably end up using WPA. I have not recieved my laptop nor router yet and was just asking before I got everything so I kinda had an idea of what to expect.

I'm assuming there is a way to connect to a wireless network when SSID is off and I guess there is some setting in the NIC to add in the encryption key?



Spec

if you want to secure your wireless enable wep and turn ssid broadcast off.

Another option you can try, in addition to the above mentioned (which i strongly suggest you do), you can reduce the signal strength of the wireless connection. By that i mean, reduce the wireless routers effective range so that the network lies only in your house instead of in your neighbour's...that make sense?

I read a good thread here on OC forums about wireless security, (tbh there are loads) try searching the forums them.

D.L

I'm assuming since you're getting a new laptop, it has windows xp. Winxp has a built in wireless configuration utility that will automatically scan for wireless networks. It relies on ssid broadcasts though, so if you turn it off, you have to manuall set up a wireless network. Here's how I set up my wireless network.

On the router:
Disable ssid broadcast and change the ssid from whatever the default is (probably linksys)
Enable mac address filtering
Enable encryption, do WPA Pre-Shared Key and I used TKIP, but you can use AES
Make a WPA Shared Key (random letters, numbers, and symbols).
Save those settings.

On your laptop:
Start->control panel->network connections
Right click wireless network connection->properties
Wireless networks tab
Under preferred networks, remove anything that already exists.
Click add.
Here you can specify your ssid, then in network authentication, change it to wpa-psk, data encryption is either tkip or aes, then type in your key.
Click OK for the new wireless network, then OK again on your properties window.
Windows should pick up the new wireless network. If it doesn't, restart your computer and then it should work.

Hopefully that helps.