Concerned about "open door"

I have a desk top, XP pro, USR 8054 router connected to NTL set top
box. I also have an IBM T40 centrino laptop, xp pro.

I have the following on the router:

1. SSID Broadcast = disabled
2. WEP key is 64 bit
3. MAC filter is on to restrict access to the laptop and the desktop
only
4. Authentication is = Open system.

On laptop:

5. Data encryption (WEP enabled) = on with the network key specified
6. Key is provided automatically = not ticked.

My problems are:

in 4 above, if i change this to Shared access and the "Network
authentication (Shared mode)" box on the laptop is ticked, the
wireless will not work.

Also in the system tray, if I right click to see available networks, I
can see Home (which I am not sure what it is) and the correct network.
However the correct network states that the connection may not be
secured because a network WEP key is not used. infact in 5 and 6
above I have it specified.

I am worried about the security here and any help will be appreciated.

(E-Mail Removed) wrote in news(E-Mail Removed):

>
> I have a desk top, XP pro, USR 8054 router connected to NTL set top
> box. I also have an IBM T40 centrino laptop, xp pro.
>
> I have the following on the router:
>
> 1. SSID Broadcast = disabled
> 2. WEP key is 64 bit
> 3. MAC filter is on to restrict access to the laptop and the desktop
> only
> 4. Authentication is = Open system.
>
> On laptop:
>
> 5. Data encryption (WEP enabled) = on with the network key specified
> 6. Key is provided automatically = not ticked.
>
> My problems are:
>
> in 4 above, if i change this to Shared access and the "Network
> authentication (Shared mode)" box on the laptop is ticked, the
> wireless will not work.
>
> Also in the system tray, if I right click to see available networks, I
> can see Home (which I am not sure what it is) and the correct network.
> However the correct network states that the connection may not be
> secured because a network WEP key is not used. infact in 5 and 6
> above I have it specified.
>
> I am worried about the security here and any help will be appreciated.

I can't really offer help to your particular question(s). However, I
would suggest using a 128 bit key. I don't do file sharing, but with
cable modem max of 3 Mbs speed, I have no loss in speed using 128 bit.
The 64 bit key has a 24 bit IV, and is therefore really only a 40 bit key
- 40 bit keys can be brute forced on a home computer within a few hours.
The 128 bit key is therefore really a 104 bit key, and that will not
succumb to a brute force attack.

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

On Sun, 06 Jun 2004 18:56:12 +0100, (E-Mail Removed) spoketh

>
>I have a desk top, XP pro, USR 8054 router connected to NTL set top
>box. I also have an IBM T40 centrino laptop, xp pro.
>
>I have the following on the router:
>
>1. SSID Broadcast = disabled
>2. WEP key is 64 bit
>3. MAC filter is on to restrict access to the laptop and the desktop
>only
>4. Authentication is = Open system.
>
>On laptop:
>
>5. Data encryption (WEP enabled) = on with the network key specified
>6. Key is provided automatically = not ticked.
>
>My problems are:
>
>in 4 above, if i change this to Shared access and the "Network
>authentication (Shared mode)" box on the laptop is ticked, the
>wireless will not work.
>
>Also in the system tray, if I right click to see available networks, I
>can see Home (which I am not sure what it is) and the correct network.
>However the correct network states that the connection may not be
>secured because a network WEP key is not used. infact in 5 and 6
>above I have it specified.
>
>I am worried about the security here and any help will be appreciated.

#4 is at the desired setting. See
http://arstechnica.com/paedia/w/wire...ecurity-2.html

If Shared mode is used, a potential attacker can get a clear-text and
cipher text of the challenge string. That should be enough to solve the
shared authentication key...

Although shared mode might appear to be better, it is in fact, not.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Taking a moment's reflection, (E-Mail Removed) mused:
|
| in 4 above, if i change this to Shared access and the "Network
| authentication (Shared mode)" box on the laptop is ticked, the
| wireless will not work.

Open is considered more secure since there is no check to see if the
authentication key is the correct one (long story). With Open Mode, the
client either has the right key and it works fine; or they have the wrong
key, and it doesn't work at all. With Shared Mode, there is a negotiation
and verification handshake that could expose your encryption key to
outsiders. While I cannot help with the reasons why, I hope the above at
least eases your mind that the more secure method *is* working.

| Also in the system tray, if I right click to see available networks, I
| can see Home (which I am not sure what it is) and the correct network.
| However the correct network states that the connection may not be
| secured because a network WEP key is not used. infact in 5 and 6
| above I have it specified.

Since you are not broadcasting your SSID, then this is likely not your
network (unless your network SSID is also "Home"). It is probably a
different network in a neighbour's house. It may be that the WEP status
being reported above is for the other network called "Home."

| I am worried about the security here and any help will be appreciated.

You can test your connection by disabling WEP on the client (while
leaving it enabled on the WAP), and then attempting to connect to your
network.

(E-Mail Removed) wrote in news(E-Mail Removed):

>
> I have a desk top, XP pro, USR 8054 router connected to NTL set top
> box. I also have an IBM T40 centrino laptop, xp pro.
>
> Also in the system tray, if I right click to see available networks, I
> can see Home (which I am not sure what it is) and the correct network.
> However the correct network states that the connection may not be
> secured because a network WEP key is not used. infact in 5 and 6
> above I have it specified.

You can change channels and disable the Wireless Zero Configuration
Service on XP that seeks out other networks in your area if that's a
concern to you.

Duane

On Sun, 06 Jun 2004 20:54:07 GMT, Duane Arnold <(E-Mail Removed)>
wrote:

>
>You can change channels and disable the Wireless Zero Configuration
>Service on XP that seeks out other networks in your area if that's a
>concern to you.
>
>Duane

Can you please explain the Zero configuration bit and how to set it?

thanks

(E-Mail Removed) wrote in news:(E-Mail Removed):

> On Sun, 06 Jun 2004 20:54:07 GMT, Duane Arnold <(E-Mail Removed)>
> wrote:
>
>>
>>You can change channels and disable the Wireless Zero Configuration
>>Service on XP that seeks out other networks in your area if that's a
>>concern to you.
>>
>>Duane
>
> Can you please explain the Zero configuration bit and how to set it?
>
> thanks
>

http://www.winnetmag.com/Windows/Art...294/23294.html

Most people just turn it off.

http://www.ifelix.co.uk/tech/2000.html

Duane

Also change SSID name
"Duane Arnold" <(E-Mail Removed)> wrote in message
news:Xns9500A1C4CA714notmenotmecoml@216.148.227.77 ...
> (E-Mail Removed) wrote in news(E-Mail Removed):
>
> >
> > I have a desk top, XP pro, USR 8054 router connected to NTL set top
> > box. I also have an IBM T40 centrino laptop, xp pro.
> >
> > Also in the system tray, if I right click to see available networks, I
> > can see Home (which I am not sure what it is) and the correct network.
> > However the correct network states that the connection may not be
> > secured because a network WEP key is not used. infact in 5 and 6
> > above I have it specified.
>
> You can change channels and disable the Wireless Zero Configuration
> Service on XP that seeks out other networks in your area if that's a
> concern to you.
>
> Duane
>