Here is a bit of info on securing a wireless lan....

Running a wireless lan is great. You can use a computer anywhare in the house and sometimes further. Sadly - with this flexibility comes some risk. You can never secure your wireless network 100% but you can make it harder for people to use the network or monitor your trafic. The highest risk for home users is going to be from people living nearby with wireless networks. When I moved into my new home 8 months ago and set up my wireless network someone nearby was running a wireless network. With two or three clicks of the mouse I was able to browse the internet and see the persons computers. I managed to alert this person via netsend and he then secured the network.

Some Information on wireless networks - http://www.mcc.ac.uk/wireless/article.html

There are several steps you can take to make it harder for nearby users to break into your network. These are listed bellow.

1. WEP or Wired Equivalent Privacy.

WEP is a system that encodes packets going to and from your wireless card and router/access point. It is a fairly good system but it is not fool proof. There are several WEP modes available on most routers/access points. The higher the WEP level the more protection you have. The type of web that your cards and router will support will be detailed in the products user guide. WEP should be enabled all the time and should be treated as minimum protection for your wireless network. Be aware that WEP encoding/decoding will slow down your connection. This can be a problem if you are using a slow computer as the WEP system will use a great deal of system resorces.
More information on WEP can be found here - http://www.wi-fiplanet.com/tutorials/article.php/1368661

2. The SSID or Service Set Identifier.

The SSID is like the workgroup on your home network. It is the name of the wireless network. You need to have the SSID to connect to a wireless lan. Once you have set up your wireless network you can safely disable the router or access point from sending out the SSID. Do not leave the SSID on its default name. Some cards or wireless lan scanners can still pick up the SSID so the system is by no means infalable. It will stop casual computer users from joining your network though. I recomend that you make a note of the SSID as your cards will no longer be able to detect the SSID name and you will need to input this information.

3. MAC filtering. or Media Access Control filtering.

The MAC address is a unique string of information in hexadecimal format. Every network card has a different MAC address. Its like a fingerprint for the network card and allows the network to identify the card. One way of making life very hard for unauthorised users is to enable the MAC filter on your router or access point. This will only allow listed MAC addresses access the network. It will not however stop people from sniffing the network trafic. For this you need to use WEP. The mac address can usualy be found on the underside of a wireless network card. If you cant find it you can discover the address from windows. For windows 95/98/ME click on start then run. In the box type winipcfg in the box that appers click the more info button and ensure that the network card is slected from the drop down menu in the middle of the box. The hexadecimal string next to physical address is your MAC address. For 2000/XP/NT click on start then run. In the box type cmd and press enter. In the black box that apears type ipconfig /all in the lines of text that apears you will see an entry called physical address. This is your mac address.

4. Using IPSEC To Further Protect The network.

If you have windows 2000 or XP pro then you may be able to use IPSEC. IPSEC is a encrption system that windows uses to send encoded data to other computers or a server. This method will only work if your pc is talking to another pc and not if your pc is talking to a router. Windows 9x based operating systems do not fully support IPSEC.

If you need any further information or you are stuck with a problem then please read the user guide that was dispatched with the product. If you are still stuck then read it again. If that does not help then please post and we will be happy to offer advice and help.



A brief description of WPA:

WPA is a security technology for wireless networks.
(Also Known As: Wi-Fi Protected Access)

WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.

Why WPA is better than WEP:

One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or "passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. (Many Thanks to s1lv3r for this info)

Good guide! I really should get round to securing my network:D

Good guide! I really should get round to securing my network:D

Thanks Ramrod.... If you need a hand give me a shout :)

I agree, a very helpful guide.
I need to further protect my wireless network, I only have one pc left to add to the network, just waiting for my daughter to behave herself! (She got the wireless card and "the internet" for xmas, trouble is, she has had her pc "confiscated" for bad behaviour before I could install the card!)
This weekend is looking good, maybe I'll finish it off then!

nice 1 mate, cant think of any thign to add, still quite new to all this wireless lark....*sigh* i remember the good old days of token ring and BNC :D.....

my WAP has gone tits up, just orderd a nice linksys 54g router combo thingywhatsit. :)

Thanks Ramrod.... If you need a hand give me a shout :)Cheers. Managed it myself. Bit hit or miss though. This networking business really is a black art...


128 bit WEP enabled now :D
...dunno what it means, but it sounds good and I feel safer :angel:
Cheers Stu! Would rep you but it seems I'm not tarty enough :D

Cheers. Managed it myself. Bit hit or miss though. This networking business really is a black art...


128 bit WEP enabled now :D
...dunno what it means, but it sounds good and I feel safer :angel:
Cheers Stu! Would rep you but it seems I'm not tarty enough :D

Nice one m8 :)

Have you set up the mac filter and withheld the SSID ?

Whats the make and model of the router/wap. I'l pm you a step by step.

Nice one m8 :)

Have you set up the mac filter and withheld the SSID ?

Whats the make and model of the router/wap. I'l pm you a step by step.Netgear wgr614....I'll check about the other stuff :)
edit....can't see a setting to withold the SSID or to set up a mac filter... :confused:

Apparently my laptop is arriving Tuesday with all my wireless stuff - at the moment i have a pc setup as a fileserver/router - so I may need some help with setting it all up for wireless then :)

Ramrod - Will research this for you

dilligaf1701 - No problem m8... Give me shout when you have the new gear.

Netgear wgr614....I'll check about the other stuff :)
edit....can't see a setting to withold the SSID or to set up a mac filter... :confused:

---------------------------------------------

O.K. m8...

Launch Browser and enter http://192.168.0.1

Enter username and password (I do hope you have changed it from the default) The default username and password is - Username admin - password is password.

Click on the wireless link. Look at image 1 for info.

Turn of tickbox " allow broadcast of network name (ssid) " NB - you will need to make a note of this name as if you have set up the clients on the network using autodetection then they will stop working. You will need to enter the ssid or network name on each client. I also recomend that you change the name of the ssid (option above) from the default one.

For mac filtering - Click on the " setup access list " button. Put the mac address of all your wireless cards here. You can find the mac address by using the method in the guide..

Any probs - let me know...

HTH

Ramrod - Will research this for you


cheers m8 :)....but I don't have a 'allow broadcast of name' option :confused:
....and my router is set to only communicate with the laptops mac address :)

cheers m8 :)....but I don't have a 'allow broadcast of name' option :confused:
....and my router is set to only communicate with the laptops mac address :)

Thats good..... If you have wep enabled then I would not worry to much..... :)

Hmmmm. What version of firmware do you have instaled ?

Do you have that page at all ?I have a page like that.
Firmware 1.1 release 01

" ....and my router is set to only communicate with the laptops mac address "

Have you enabled the mac filter then ?

" ....and my router is set to only communicate with the laptops mac address "

Have you enabled the mac filter then ?ermmmm, how do you do that? :D

Just noticed under 'router status' that broadcast name is 'on'

ermmmm, how do you do that? :D

Click on the setup access list button.

BTW- How have you restricted access to the laptop only if you have not enabled the mac filter ?

Click on the setup access list button.

BTW- How have you restricted access to the laptop only if you have not enabled the mac filter ?
Someone else set it up for me :D

Someone else set it up for me :D

Then it may be enabled allready... Can you screenshot the wireless setup pages for me please.

Then it may be enabled allready... Can you screenshot the wireless setup pages for me please.How do I take a screenshot and where is it stored ?

How do I take a screenshot and where is it stored ?

Get the page you need up on the screen. Hit the printscreen button. Start ms paint and hit CTRL+V - the app will ask to enlarge - click yep....

click on save as - choose .jpg from the list and select the file name and location.

Get the page you need up on the screen. Hit the printscreen button. Start ms paint and hit CTRL+V - the app will ask to enlarge - click yep....

click on save as - choose .jpg from the list and select the file name and location.
And where do I find ms paint-in Xp pro?:dunce: ps, I do have photoshop
*edit* off out till tonight now, speak to you later, thanks for the help so far :)

Got that screenshot yet m8 ?

Got that screenshot yet m8 ?No! I can't find ms paint :cry:

No! I can't find ms paint :cry:start>all programs>accessories>paint

start>all programs>accessories>paint
Yep looked there, no 'paint'
I do own photoshop though. Where will the screenshots be saved?

Yep looked there, no 'paint'
I do own photoshop though. Where will the screenshots be saved?
don't know about photoshop :(

Have you tried typing in mspaint under the run command?

Or has it been totally removed from your system?

don't know about photoshop :(

Have you tried typing in mspaint under the run command?

Or has it been totally removed from your system?Evidently removed from system. Do you know where screenshots are saved?

Evidently removed from system. Do you know where screenshots are saved?No I don't sorry - but I DO have another idea.

How about Word? Not the best option I admit.

But - if you press 'print-screen' then open word and choose edit>paste you'll get your screen shot.

Sorry I can't be of any more help

No I don't sorry - but I DO have another idea.

How about Word? Not the best option I admit.

But - if you press 'print-screen' then open word and choose edit>paste you'll get your screen shot.

Sorry I can't be of any more helplol. don't have word either (and I bought this PC as a business expense :naughty: :D )
....but I believe the mac filter is enabled as I (?)re-entered the computer name and mac address and access control is turned on :)

lol. don't have word either (and I bought this PC as a business expense :naughty: :D )
....but I believe the mac filter is enabled as I (?)re-entered the computer name and mac address and access control is turned on :)
I sure hope you get it sorted :) - and I hope I don't get this kind of problem when I get my wirless stuff :(

As I posted in another thread - dell surprised me and the laptop that i ordered was delivered earlier - and aside from a dead pixel near the top of the screen i'm pretty impressed.

I got a copy of works 7 free with it - and all I can say is I see why it's free!!! I thought works has a 'proper' copy of word in it.

Ramrod, Photoshop should work the same as MSpaint. just load up the program goto edit ---> paste then it should ask if you want to paste as a new image, click yes and then you should be sorted. Simply save as .jpg and there you go :D

Ramrod, Photoshop should work the same as MSpaint. just load up the program goto edit ---> paste then it should ask if you want to paste as a new image, click yes and then you should be sorted. Simply save as .jpg and there you go :D
Tried that. The paste option is 'greyed out' :shrug:

lol. don't have word either (and I bought this PC as a business expense :naughty: :D )
....but I believe the mac filter is enabled as I (?)re-entered the computer name and mac address and access control is turned on :)

You should be o.k. m8... Someone will have to know the wep key to use the network :)

I sure hope you get it sorted :) - and I hope I don't get this kind of problem when I get my wirless stuff :( Cheers m8. I think it is sorted, we're just trying to confirm it :)

I sure hope you get it sorted :) - and I hope I don't get this kind of problem when I get my wirless stuff :(

As I posted in another thread - dell surprised me and the laptop that i ordered was delivered earlier - and aside from a dead pixel near the top of the screen i'm pretty impressed.

I got a copy of works 7 free with it - and all I can say is I see why it's free!!! I thought works has a 'proper' copy of word in it.

If you need a hand just let me know... :)

Tried that. The paste option is 'greyed out' :shrug:

Try File---> New. then try pasting?/

This is better than I thought! All the help Ramrod is getting will come in handy for me!!
Keep up the good work folks! :-)

Try File---> New. then try pasting?/ :nworthy: :D

Here you go Stu:
*edit* ermm...you may need photoshop to open that :D
strange, I resize all my other pics for here with photoshop and it doesn't do that

I would remove that and edit out your MAC address.

I would remove that and edit out your MAC address.Removed...silly me :D

New, censored screenshot :D

Removed...silly me :D
Whats in the Wireless settings Menu option down the left hand side?

Whats in the Wireless settings Menu option down the left hand side?
Dont know if this will be legible :(

Dont know if this will be legible :(

I would have expected it to be on that screen. Its not!!

OK what about within the WAN menu?

I would have expected it to be on that screen. Its not!!

OK what about within the WAN menu?ermm....what are you looking for? :confused:

ermm....what are you looking for? :confused:

Sorry, the option to hide your SSID.

MAC filtering looks to be on, but you may have to click on that dot to the left of the device name, and hit apply.

Everything cool guys ?

Fel asleep last night and missed all the by the look of it. :)

MAC filtering looks to be on, but you may have to click on that dot to the left of the device name, and hit apply.When I do that it just takes me back ons screen and when I click on connections again the dot is empty again.
Everything cool guys ?Probably :)

Ramrod - Will research this for you

dilligaf1701 - No problem m8... Give me shout when you have the new gear.
Just to let you know I got my wireless access point and laptop card this morning - and it's all working and secure now :)

Despite belkin putting the wrong cd in the box :( Still once I sussed that out and downloaded the drivers it was all pretty straight forward.

Guys, of relevance to this thread

For specific instructions for securing your WLAN for Linksys users see the following guide....

Linksys KB - Securing your wireless network (http://kb.linksys.com/cgi-bin/om_isapi.dll?clientID=619236&QuestionText=mac%20address%20filtering&SelectName1=&advquery=%5bs%5d%5bRank%2c%2050%3a%5bSum%3a%20mac% 20address%20filtering%5d%5bMerge%3a%20%5bThesaurus %3a%20mac%20address%20filtering%5d%5d%5d&infobase=linksysrev.nfo&record={3DC}&softpage=IKW_ENU_JDocView)

Here is a bit of info on securing a wireless lan....

<snip>
A brief description of WPA:

WPA is a security technology for wireless networks.
(Also Known As: Wi-Fi Protected Access)

WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.

Why WPA is better than WEP:

One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or "passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. (Many Thanks to s1lv3r for this info)

I'm also offered RADIUS and WPA RADIUS. These look like they are less secure than WPA but more secure than WEP (as those are top and bottom of the list).

How do they fit into this security scenario?

I'm also offered RADIUS and WPA RADIUS. These look like they are less secure than WPA but more secure than WEP (as those are top and bottom of the list).

How do they fit into this security scenario?

To use radius you need a radius server like the ad in to ISA server. Its not realy needed for a home network. WPA is generaly regarded to be more secure than wep but to be honest you need a fair bit of hardware and determination to break 128 bit wep. Not something the average person is going to try.

HTH

Great article Stu, copied it to http://www.cableforum.co.uk/kb/78/how-to-secure-your-wireless-network

Just in case any of you are not aware.

When using WEP or even better WPA you need to make sure you use a very strong password.

There is a pretty good password generator here (https://www.grc.com/passwords.htm)

You may find it usefull :)

Hi CF and all, new member but been following a lot of the posts recently (keeping an inPhormed view).

My question reference securing wifi is how much does higher encryption slow down todays typical laptops.

I secured my daughters (Vista home basic, 1gb ram, pentium M....yep wish we waited for dual core but I digress), with WPA+PSK 128 bit key. Ever since she has experienced occasional freeze of her computer.

Ideally we want good security, recently I enabled MAC filtering too, but would lowering the key to 64 bit help her CPU cope better?, I have a feeling this is the root of her problems.

1. :WELCOME:

2. I'm with you, I don't think the encryption is what's causing her problems (although it's certainly possible.

You can rule encryption out as the cause of the problems quite simply, just turn it all off again :) If her system speeds up then it's the encryption causing the slowdown, if it doesn't then we know that we need to be looking for something else.

---------- Post added at 07:32 ---------- Previous post was at 07:32 ----------

Forgot to say.....don't leave the encryption switched off - a slightly slower computer (until we can figure out what's up) is always better than an insecure one.

Hi Raistlin, turning off encryption does seem to help the system slightly, but we cant replicate the circumstances where the system locks up. I think I need to delve into the depths of her event logs.
I think this problem is going to take time to narrow down though so will get back if I find anything in there. I also think her machine isnt quite up to running a 'settled in' Vista, with multiple communications programs open, Firefox with multiple tabs each looking at different streams of Anime cartoons, Live messenger with multiple conversations going on.... but we cant change that because thats how my daughter wants the computer to perform.
I have checked how many background apps are running using msconfig and to be fair there doesnt seem anything unusual there, apart from Kirby (scheduler). Its running Avast for protection (we got rid of Norton from day one - too heavy on any system really), occasional sweeps with Spybot and CCleaner, an up to date hosts file from mvps.org..... the problem originally started soon after we established a wifi setup for her (other computers in the house are on LAN), previously her wifi connection was through a BT home hub (which I eventually slaved on a static IP through a Netgear DG834v2, because we needed a scheduled firewall). Now we have changed provider through cable and have another netgear router (WGR614v6). So I dont think it has anything to do with the routers, and my old Compaq Presario r3000 (Athlon version) has no problems with wifi.

I can only conclude at the moment that something about her setup is one straw too many for the donkeys back, and increasing security is the only change I have done before the problem started. Vista SP1 has installed since the problem started so the problem has existed before and after SP1.

Edit: Forgot to mention the laptop is this one
http://support.packardbell.com/uk/item/?m=home&sn=109278000139

Edit 2: We also do occasional sweeps (in safe mode) with MWAV (Microworld Anti Virus - EScan).

Update to my last, I think I have solved the problem but still not sure exactly what was the cause.

The day after my last post I found references to similar problems related to using IPv6, I disabled it and since then the laptop has a more stable wifi connection, but also no system freezes have occured.

For anyone reading this with the same symptoms heres a link to turning off IPv6...

http://www.mydigitallife.info/2007/09/09/disable-and-turn-off-ipv6-support-in-vista/

I used a value of 20 (Prefer IPv4 over IPv6).

More evidence that securing your wireless network from wardrivers is essential...

The US authorities have charged 11 people in connection with the theft of credit-card details in the country's largest-ever identity theft case.
They are accused of stealing more than 40 million credit and debit card numbers before selling the information.The 11 suspects are alleged to have obtained card numbers, account information and password details by driving around neighbourhoods and hacking into wireless equipment.Link (http://news.bbc.co.uk/1/hi/business/7544083.stm)

Can I secure my WiFi router by using a VPN because I discuss with lots of my friends and they say yes.

I always unplug my modem when im done... Plus I have it restricted to my mac so it wouldnt be that easy for someone to hop on.......