Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A quick introduction to WiFi Security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A quick introduction to WiFi Security
Authored by: schaps on Dec 14, '04 12:47:50PM

Good summary-- I would add that if you can move to WPA, it's worth it. Much more reliable than WEP in my experience, especially with Apple products.

I would also add that if you are limited to WEP, just go with the 40 bit (often called 64 bit on many routers in the Windows world). Why? Because they are technically the same protocol-- so someone with the knowledge to put sample packets through an encryption cracker is going to break your encryption either way-- it's a matter of intent. But in the meantime, for your use, 128 bit encryption overhead takes a lot of processing power and is noticeably slower than 40 bit, especially on file transfers.

The same then goes for MAC restriction/control-- anyone who has just cracked your network encryption can spoof the MAC address in about 2 seconds. It is not worth the hassle of reconfiguring and adding MAC addresses for new users and false security anyway. With absolute certainty, if you don't use any encryption, MAC address filtering is quite worthless as a method of security except to keep casual users out. Unencrypted, your computer's wireless NIC broadcasts its MAC address constantly, easy to pick up with a packet sniffer and spoof.

Hiding your SSID broadcast will definitely improve your security from 'drive-by' hackers. If you are not currently using your wifi network when they pass by scanning, they'll pick nothing up to investigate. An SSID is like a homing beacon. But hiding it leads to other problems if you have close neighbors-- many knowledgeable folks scan for local networks with a Stumbler-type program to set their channel to something different to avoid interference. If you can't see your neighbor's network, however, you might set it the same channel and experience poor performance and range.

If you are limited to 802.11b WEP for compatibility with guests, get a separate access point for use when they are visiting (about $20 or less nowadays)-- just unplug it when it is not needed. You can then restrict your main wireless AP to 802.11g-only with WPA. In addition, you don't have to worry about your guest giving your encryption key to anyone else, and your household users do not have to change encryption keys/passwords when the guest leaves.
A more advanced trick with the above-- if the 'guest' AP has a static IP, you can usually set your primary router to restrict it to internet-only traffic-- keep them out of your network shares. How this is done varies among manufacturers.

One more important point-- most wireless users have very little to fear from hackers/crackers. Even the simplest of "locks" on your door make the next wireless AP which has no encryption look much more enticing. Unless you live in a densely-populated area, there are very few people who actually 'war-drive' looking for networks, and those that are are primarily looking for open networks to scam a free internet connection. A small fraction of those will poke around looking for open network shares. A very small number of those will actually try to crack into computers or shares on the network. Most of those only want to see if they can do it.

The vast majority of geeks who will actually take the time to try to break into a home network that is encrypted would only be doing it to say they could-- they have no malicious intent-- they have better things to do. DON'T get so scared of wireless that you fear using it.

That's all I have-- went to lunch in the meantime, there are probably a bunch of others with the same info who have already posted. I welcome any civil discussion of my points! If I'm wrong, I want to know it!




[ Reply to This | # ]
A quick introduction to WiFi Security
Authored by: CMYanko on Dec 14, '04 01:31:24PM

I am struggling with setting up either WEP or WPA between an iBook and a Linksys router. Mostly, I don't see where to make the corresponding changes on the iBook and the AirPort setup utility seems to only work with a AirPort base station.

---
-Curt Yanko



[ Reply to This | # ]
A quick introduction to WiFi Security
Authored by: lrivers on Dec 14, '04 02:40:44PM

You need to go "Other..." in the Airport menu so you can enter the password. It works once you do that...



[ Reply to This | # ]
A quick introduction to WiFi Security
Authored by: Gabroil on Dec 14, '04 09:51:35PM

You would probably better off using the Linksis user interface. It is accessed through the web browser. I don't recall the actual IP address, but it should be in the manual or, if you lost it, you can find it online.



[ Reply to This | # ]
A quick introduction to WiFi Security
Authored by: chris_on_hints on Dec 16, '04 08:16:38AM

1- plug the iBook into the internet (via wires!) and get its software up-to-date. Run software update a couple of times to make sure you get all the airport software updates.

2- my linksys router has the default IP address of 192.168.1.1 - put that into the web browser of a machine connected to it via ethernet and enter 'admin' as the password (username is blank)

3- set up the router as desired (see all the posts above)

4- if you leave SSID broadcast on, then your iBook should spot the network. I turn on the little airport menu in the menu bar for easy access. Enter the password when prompted. Go to system prefs : network : airport and tell it to connect to that network by default (and let it put the password into your keychain).

5- then turn off SSID broadcast. sorted.

6- by the way, change the password on your router to something REALLY hard to guess...



[ Reply to This | # ]