Wireless Security - Comments Page 1

What about enabling mac addressing, and only allowing computer with specific mac addresses to connect to the router?

EDITOR'S NOTE: That sounds like it should work, even if it is a bit more tedious. But I'm not sure if it's as secure as a WEP/WPA password approach. Anyone know for sure?

I believe that MAC addressing is a valid security measure when used WITH an encryption scheme like WEP/WPA. The reason is because MAC addresses can be spoofed, but spoofing the MAC address and crack the encryption would be a task too daunting for an amateur hacker to bother with. Not to mention that even WPA or WPA2 may be cracked someday with a faster computer than what's out now.

My advice: Enable WEP/WPA, and if you know your way around computers, take the extra step of enabling MAC filtering AND (if the router supports it) DISABLE SSID broadcasting. This will keep outsiders from sniffing out your WIFI network from a laptop outside your home or business.

Any one of those measures may protect you, but all 3 plus a good software firewall/antivirus will make your computer network as secure as can be w/o investing thousands for an enterprise security solution.

All MAC addresses are transmitted from the client to the WAP (Wireless Access Point) in cleartext. As with "hiding" the SSID, it makes it a little harder for someone to gain access (in that they cannot actually stumble on your network by mistake), but it's a trivial matter to monitor your network traffic with a wireless card and read the headers of all of the packets, and reconstruct valid MAC addresses from the data.

Then all the hacker needs to do is wait until one of your clients disconnects, and connect with its MAC address. So, at the lowest end, to prevent completely casual "accidental" access, disable broadcast of your SSID. One step up, to slow down the really casual network cracker, you can use MAC filtering.

A step above that is WEP security. If you use it, make sure your WEP key is long and complex, and understand that a good hacking program can break it in about 5-10 minutes. Change your key frequently, keep your radio power as low as you can get it and still maintain a connection, and password-protect any servers you have on the WAP.

The next best, by far, is WPA and WPA2. Use a long and complex password to protect against dictionary attacks, and you should be pretty safe. The very best is to use wires. ;)

Thanks for the info! I had WPA and encryption, but after reading this and the comments I went to WPA-PSK, mac address filtering and disabled the ssid.

The more security options you use the less chance anyone can get in on your wireless network. Unfortunately my Nintendo DS only supports WEP otherwise i would only go with WPA. I have WEP, MAC Filtering, Do not Broadcast SSID and finally disable DHCP on router and use an unusual IP range, something like 192.168.3.99 for the router configuration. All this wont stop a determined hacker from reaching your wireless network but unless you have someone local who is hell bent on getting into it you should be safe. Oh and change the router password and encryption key about once a month just in case. It seems daunting to the novice but just take it one step at a time and search on the web for each of the steps... Hope this helps a few people

Pssst...WEP stands for Wireless Equivalant Privacy, even though I like the netslang version of Wireless Encrypted Privacy. WPA2 is better, but thanks for the tips!

EDITOR'S NOTE: We're both wrong! It's actually "Wired Equivalent Privacy" -- oops.

how do you hide the SSID?

EDITOR'S NOTE: You have to login to the router with your web browser (usually http://192.168.0.1) and poke around in the security options.

Why not spend a few bucks and install Network Magic? It has security features that make locking down your wireless network easy.

I use a Verizon wireless broadband card and live in an apartment complex. I stupidly created an ad hoc wireless network to test transferring a file. Thought better of it and tried deleting it. Couldn't delete it! Since then here's what's been going on. The names and number of names keeps changing in my administrator preferences, dvd-rom tray keeps opening and closing every 10 seconds,will not let me go on a webpage to sign in to my email accounts, both yahoo and gmail. Though ir let me sign up for a @live.com account. I use Norton 360, found nothing. Now I just tried writing to you and halfway thru the page disappeared, so I went offline and am going to try to paste this in fast. I NEED HELP!!!

EDITOR'S NOTE: I recommend you do a System Restore to some date before the problem occurred. That should get you back to good. You might need to remove the broadband card and go offline first.

Hello Bob, I'm a first time poster to your website. Hope this question is not ask to often. I use desktop PCs everywhere. I was ask by a friend to setup encryption on his wireless LAN. I did so on his router (Linksys N) and setup WEP. On his Laptop PC, he did not have WEP. Where can I go to load WEP to his Dell Laptop?

EDITOR'S NOTE: I could be wrong on this, but I think WPA support must be built into the wireless adapter on a hardware level. You could disable the internal wireless adapter in the laptop, and add a new external adapter which supports WPA. Or just go with WEP. It's pretty robust, unless you have guys in dark sunglasses hanging around.

Just a couple of thoughts on WEP and WPA, in the YMMV zone.

My wife has the only Mac in our house (we have two PCs running XP in addition). Due to differences in the way the Mac OS asks/asked for the WEP key in plaintext before scrambling it, we literally can't run WEP as we cannot establish consistent keys across all machines.

On the other hand, although I've tried WPA we had trouble with connections dropping out. I diagnosed this as due to something to do with the key exchange/refresh, after I and colleagues experienced exactly the same happening at work. Both sites have strong signals so that's not the reason.

Hi there! I was wondering if my provider can trace back the number of users (pc laptop, wifi enabled gadgets) that have accessed our router? and could they possible trace every internet activity as well? i've asked one of their customer service representatives and he said they don't have the information...

EDITOR'S NOTE: It's certainly posible, since by logging into your router, you can see the wifi connections yourself. But I don't know why they'd bother to do so. And if you've changed your router password, that should prevent anyone but you from logging in. As for your internet activity, everything you access is done via the ISP's server. So they COULD log it all...

Is there a way that you know of that will let you use a USB Stick to allow temporary access to a wireless network with wpa that would remain on the stick and not get installed onto the laptop, for guests?

The company I used for my Wireless LAN Setup was very knowledgeable and available 24 hours a day for any problems I may have run into. Check out their site http://www.turn-keytechnologies.com. I hope this helps you.