I'm wireless now - what about safety?

We installed a wireless router at my office - works great to the
notebooks. Our account is "unlimited" and expensive. Here's the
question:

Should we install security measures? If so, I see that WEP is simple -
will that do?

It would be fine with us if passers-by found our little AP convenient,
but what's the risk of malicious acts regarding our system? Is there a
middle-ground?

Thanks?

(E-Mail Removed)f wrote:

> We installed a wireless router at my office - works great to the
> notebooks. Our account is "unlimited" and expensive. Here's the
> question:
>
> Should we install security measures? If so, I see that WEP is simple -
> will that do?
>
> It would be fine with us if passers-by found our little AP convenient,
> but what's the risk of malicious acts regarding our system? Is there a
> middle-ground?
>
> Thanks?
>
I assure you that allowing "passers-by" to access your net is *not* a
good idea. Not only can they suck up huge amounts of bandwidth, they
might spam the internet with your account, get into your hard drives, do
weird things that you think honest, hard-working, good hearted people
wouldn't do. I'd enable WEP 128 bit security and filter by MAC addresses
(this way only computers that you specifically allow to communicate with
the AP are allowed).

OORAH!!@USMC.ret wrote:

> Rôgêr wrote:
>
>
>>I assure you that allowing "passers-by" to access your net is *not* a
>>good idea.
>
>
> That's really a shame - I thought we might become a resource to others, but
> obviously can't do that if it is risky.
>
> Thanks for the input. WEP I understand -- what's "MAC"?

Another acronym, it means that every piece of networking equipment has a
unique number, like a Social Security number type of thing. You can
allow computers with a specific MAC address to communicate with your AP,
others need not apply.

>> I would do the following

1 - Disable SSID broadcast. That way people cant see you are there with
tools like netstumber. An access poin/router spewing its SSID attracts
attention. If people pick it up they are more likely to try and hack your
setup.
2 - Enable MAC filtering. Allows only the MAC address of cards you specify
to connect to your setup.
3 - Enable WEP at 128.
4 - Assign IP's instead of using DHCP.
5 - Enable IP filtering.

Eyman

Some thoughts:
Re: 1: And change the default SSID

Re: 2: Note that MAC addresses are always in plaintext, therefore they can
be sniffed (and then used in spoofing).

Re: 3: And change your WEP keys weekly

Re: 4: Note that IP addresses would be protected by your using WEP. So, it
should be ok to use DHCP (I do). For IP addressing to be a security issue,
WEP would have to be cracked.

Re: 5: same as 4.

Scott <(E-Mail Removed)> wrote in news:(E-Mail Removed):

> I have a question as well. I've heard that enabling WEP will slow
> the wireless network speed by 15%. Is this the case?

My use of 128 bit WEP does not slow down my Internet download speed - both
my wired and wireless machines download at the RoadRunner maximum of 2 Mb.
I don't share files on my home network, so can't comment on what effect it
might have at those speeds.

--
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity

Tom McCune wrote:
> Scott <(E-Mail Removed)> wrote in news:(E-Mail Removed):
>
>> I have a question as well. I've heard that enabling WEP will slow
>> the wireless network speed by 15%. Is this the case?
>
> My use of 128 bit WEP does not slow down my Internet download speed -
> both my wired and wireless machines download at the RoadRunner
> maximum of 2 Mb. I don't share files on my home network, so can't
> comment on what effect it might have at those speeds.

mh h.;/

"Bigguy" <(E-Mail Removed)> wrote in
news:AobSa.3350$(E-Mail Removed):

>> mh h.;/
>
> Oops sorry!! the cat just made his first post to a NG.... ;-)
>
> Guy

I was wondering what that meant. I guess my wife isn't the only one to
allow the cat to use the computer. :-)

--
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity

Scott wrote:
> CZ,
>
> I have a question as well. I've heard that enabling WEP will slow
> the wireless network speed by 15%. Is this the case?
>
> Scott
>
> CZ wrote:
>
>
>>>>I would do the following
>>>
>>1 - Disable SSID broadcast. That way people cant see you are there with
>>tools like netstumber. An access poin/router spewing its SSID attracts
>>attention. If people pick it up they are more likely to try and hack your
>>setup.
>>2 - Enable MAC filtering. Allows only the MAC address of cards you specify
>>to connect to your setup.
>>3 - Enable WEP at 128.
>>4 - Assign IP's instead of using DHCP.
>>5 - Enable IP filtering.
>>
>>Eyman
>>
>>Some thoughts:
>>Re: 1: And change the default SSID
>>
>>Re: 2: Note that MAC addresses are always in plaintext, therefore they can
>>be sniffed (and then used in spoofing).
>>
>>Re: 3: And change your WEP keys weekly
>>
>>Re: 4: Note that IP addresses would be protected by your using WEP. So, it
>>should be ok to use DHCP (I do). For IP addressing to be a security issue,
>>WEP would have to be cracked.
>>
>>Re: 5: same as 4.
>
>

Enabling WEP between my Linksys BEFW11S4 and my Toshiba Sat. laptop
does slow down transfers of long files between my laptop and my
wired PCs (plugged into the same router). Based on a couple of
quicky wristwatch measurements, the cost of WEP seems to be 10-15%;
but note -- that cost is probably specific to that router and/or
to that laptop.

WEP did not seem to affect transfers over the cable. No surprise,
since WiFi, even at its poor efficiency, is faster than cable.
--
Cheers, Bob

>> I've heard that enabling WEP will slow
the wireless network speed by 15%. Is this the case?

Scott:

I will not use WiFi w/o WEP, so I have never tested it in that scenario.
I have read that the WEP hit can be 15% to 50% of non-WEP usage.

With 128 bit WEP I get about twice what my DSL line is, so there is not any
problem with Internet usage.
For Windows networking, WiFi is slow to very slow.

Per some tests that I have done:
My 100baseT tests 72,000 kbps/8 = 9,000 kBps
WiFi spec = 11 mbps = 11,000 kbps/8 = 1,374 kBps
10baseT = 10 mbps = 10,000 kbps/8 = 1,250 kBps
My 10baseT tests 8,000 kbps/8 = 1,000 kBps
WiFi @ close range 3,500 kbps/8 = 440 kBps WEP, max per tests
Above is: Client to AP to wired computer
WiFi @ close range 2,300 kbps/8 = 290 kBps WEP, ave per tests, 2x
DSL
Above is: Client to AP back to client
My DSL: 1,254 kbps/8 = 156.7 kBps
My 56k USR modem 56 kbps/10 = 5.6 kBps

Note that WiFi is always faster when destination through an AP is not a WiFi
client.

"CZ" <(E-Mail Removed)> wrote:
> Enable MAC filtering. Allows only the MAC address of cards you specify
>to connect to your setup.

The setup screen has a 12 digit MAC address, with an option to clone
MAC address. Does that mean MAC filtering has been enabled? (Not
sure where the address came from)

> Enable WEP at 128.

Is there a downside to using 256?