StarDestroyer.Net BBS

Hey guys, what can I do about makeing a wireless network safe? My friend needs a good way to keep his line within his house. People stealing his wireless goodness and all that good jive. Thanks a bunch.

Lt. Dan

Encrypt it. Most if not all wireless routers have built in encryption programs you can use.

The best way is to enable the strongest level of encryption available on the router

Encryption from strongest to weakest:

1. WPA2-PSK
2. WPA-PSK
3. WEP

Go to the manufacturer's website for specific info on enabling encryption.

Even basic WEP will keep most people out. MAC filtering can be useful too - not much in way of security, but it is a quick and simple barrier.

The people who are leeching probably are just doing so because it's convenient. Make it hard and they'll stop.

Go into the security settings and enable at bare minimum WPA with a strong encryption key. (Four characters is OK, but the more you have the longer it would take to crack. I've got mine set at sixteen characters.) Also, turn off SSID broadcast within the router if possible. Lastly, turn on MAC filtering and set it to ONLY allow cards with those addresses to connect.

This isn't an ironclad solution, but its better than shitty WEP and will keep the majority of the leeches out..

Vertigo1 wrote:Go into the security settings and enable at bare minimum WPA with a strong encryption key. (Four characters is OK, but the more you have the longer it would take to crack. I've got mine set at sixteen characters.) Also, turn off SSID broadcast within the router if possible. Lastly, turn on MAC filtering and set it to ONLY allow cards with those addresses to connect.

Better yet, use a passphrase (short sentance) as a password. It is more secure overall (unless you use only common english words - don't do that!) while being easier to remember then strong passwords (ie comparativly small number of relativly random characters). WPA can have passwords of up to 63 characters - no point in not using the capability, especialy since the wireless password isn't something you need to type in every day in all likelyhood.

Vertigo1 wrote:Go into the security settings and enable at bare minimum WPA with a strong encryption key. (Four characters is OK, but the more you have the longer it would take to crack. I've got mine set at sixteen characters.) Also, turn off SSID broadcast within the router if possible. Lastly, turn on MAC filtering and set it to ONLY allow cards with those addresses to connect.

This isn't an ironclad solution, but its better than shitty WEP and will keep the majority of the leeches out..

"majority of leeches out"?
WPA with a good passphrase is nigh-on unhackable, in any sort of reasonable timeframe.
WEP will keep the vast vast majority of people out - I ran a WEP access point for over a year (firewalled off from the rest of my home network) as an experiment - No hacks. If you've seen someone hack your wep network, I'd be very suprised.

Cracking even 64bit WEP takes some time, 128bit WEP takes alot of packet captures (Init vectors, really) - we are talking days of normal network activity (unless your wireless is very busy).

WPA-PSK? Get real. Unless you use a very short password/passphrase, it is much more difficult than WEP.

WPA2? Don't bother.

Also:
turning of SSID broadcast (f you are turning on WEP/WPA) does all of fuck-nothing.
Anyone running any sort of wireless sniffing program will find your network anyways (packets get broadcast...) and if you are worried they will crack WEP or WPA, then what the hell good is turning off SSID broadcast?
Except that it makes life harder on you.


Note:
For passphrase generation, I really do recommend DiceWare:
http://world.std.com/~reinhold/diceware.html

Just on the topic of "wireless issues" a guy from Hobart recently posted this image on an IT forum down here... Its about the most secure wireless networking device you can ever get.



Think he got ripped off when he bought this USB wireless device?

I use one just like it, works rather well. Overheating can be an issue, but I consistently get about 50 MPS connection rates. That's rather overkill given my current internet connection, but it's a good thing to have if Verizon starts switching Maryland over onto to their shiney new fiber lines.

Thanks a bunch. Ya, it's about a little more than just leeching. They started getting his passwords for email and shit like that, so I wanted to help put an end to it. Fucking asses in this world...

I'm using the WPA2-EAP-TLS w/ my Linux server functioning as a RADIUS server- totally overkill (since crackers aren't likely to break even regular WPA anyway), but it was educational and I already had SSL certs set up for VPN and webserver purposes anyway.