Security, WEP, WPA etc

I use WEP on my network currently becuase when I tried to setup WPA or WPA2
it needed a Radius server which I don't have. Is there anyway I can setup
something better then WEP without needing a Radius server can someone give
me instructions?

WEP is better then nothing as there is a person in my neighbourhood who has
the same wireless router as me supplied by the same ISP who has only
followed the basic instuctions to get his router on the Internet ie enter
ISP username and password he hasn't changed anything else on the router.
Therefore I can see his unsecured network SSID using default name and
connect to it and get an IP address via DHCP I can even log into his router
as he hasn't changed the password.

Everything is the same as mine was out of the box, I don't know exactly
where the signal is coming from so I can't knock on his door and show him
how to secure it but it must be some distance away as I`m getting about
665mbit/s downstream 380mbit/s up and he's got a 2mbit/s connection like
mine (I live on an estate with about 70 flats all around). There is no point
me leeching off his line because a) I pay for my own broadband connection b)
I get the full 2mbit/s in my home c) his SSID is not always available so I
guess he must turn it off which would leave it unavailable for leeching at
times

Its not that having someone leeching off your line is particular dangerous
its if your running file and print services (which he is not and neither am
I) is when it could be more dangerous although still probably not that bad
as he's not doing anything important with computers otherwise his network
would be secure (I hope). Still to have the power to change his router
password, leech off him and generally mess with his connection is not a good
thing to have in just anybodies hands I literally own him right now.

Trouble is when you get people who are not familiar with wireless networking
taking the self-install option off the ISP and only doing the minimum
required to get themselves up and running becuase they either can't be
bothered to configure it any further becuase a) they switch it off after use
so people can't leech off them all day b) they just don't know how or forgot
how to log into the routers web configuration and make changes.

First thing I did when I got mine was change the routers password, get WEP
security in place, change my SSID, change the default IP address of the
router, change the default scope of the DHCP, and add my laptops MAC address
to the DHCP static table but as I say I would like to use something better
then WEP as its not impossible to break, but if WPA is only available if you
have radius servers then I`ll stick with WEP.

Hi
WPA or WPA-AES (WPA2) do not need any RADIUS server.
All new 802.11b/g model can do WPA-PSK and many of them can do WPA-AES
(WPA2).
There is (USA price) devices (Access Points and Client cards) for less than
$40 each, capable of WPA-AES.
From the weakest to the Strongest.
No Security
MAC
WEP
WPA-PSK
WPA-AES
WPA2
-------------------------------------------
Wireless Security - <http://www.ezlan.net/Wireless_Security.html>
WEP, WPA, and the Future - <http://www.ezlan.net/wpa_wep.html>
The security must be set according to lowest capable Wireless component.
I.e. even most of you Wireless are capable to do WPA2, but one device is
only capable to do WEP, the whole system must be configured to WEP.
Jack (MVP-Networking).


"Nick Le Lievre" <(E-Mail Removed)> wrote in message
news:45e465f0$0$26695$(E-Mail Removed) .com...
>I use WEP on my network currently becuase when I tried to setup WPA or WPA2
>it needed a Radius server which I don't have. Is there anyway I can setup
>something better then WEP without needing a Radius server can someone give
>me instructions?
>
> WEP is better then nothing as there is a person in my neighbourhood who
> has the same wireless router as me supplied by the same ISP who has only
> followed the basic instuctions to get his router on the Internet ie enter
> ISP username and password he hasn't changed anything else on the router.
> Therefore I can see his unsecured network SSID using default name and
> connect to it and get an IP address via DHCP I can even log into his
> router as he hasn't changed the password.
>
> Everything is the same as mine was out of the box, I don't know exactly
> where the signal is coming from so I can't knock on his door and show him
> how to secure it but it must be some distance away as I`m getting about
> 665mbit/s downstream 380mbit/s up and he's got a 2mbit/s connection like
> mine (I live on an estate with about 70 flats all around). There is no
> point me leeching off his line because a) I pay for my own broadband
> connection b) I get the full 2mbit/s in my home c) his SSID is not always
> available so I guess he must turn it off which would leave it unavailable
> for leeching at times
>
> Its not that having someone leeching off your line is particular dangerous
> its if your running file and print services (which he is not and neither
> am I) is when it could be more dangerous although still probably not that
> bad as he's not doing anything important with computers otherwise his
> network would be secure (I hope). Still to have the power to change his
> router password, leech off him and generally mess with his connection is
> not a good thing to have in just anybodies hands I literally own him right
> now.
>
> Trouble is when you get people who are not familiar with wireless
> networking taking the self-install option off the ISP and only doing the
> minimum required to get themselves up and running becuase they either
> can't be bothered to configure it any further becuase a) they switch it
> off after use so people can't leech off them all day b) they just don't
> know how or forgot how to log into the routers web configuration and make
> changes.
>
> First thing I did when I got mine was change the routers password, get WEP
> security in place, change my SSID, change the default IP address of the
> router, change the default scope of the DHCP, and add my laptops MAC
> address to the DHCP static table but as I say I would like to use
> something better then WEP as its not impossible to break, but if WPA is
> only available if you have radius servers then I`ll stick with WEP.
>

"Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
> WPA or WPA-AES (WPA2) do not need any RADIUS server.
> All new 802.11b/g model can do WPA-PSK and many of them can do WPA-AES
> (WPA2).
> There is (USA price) devices (Access Points and Client cards) for less
> than $40 each, capable of WPA-AES.
> From the weakest to the Strongest.
> No Security
> MAC
> WEP
> WPA-PSK
> WPA-AES
> WPA2

In my router config I got WPA, WPA-PSK, WPA2 & WPA2-PSK. I guess PSK stands
for Pre-Shared Key but what is a pre-shared key and how do I create one?

"Nick Le Lievre" <(E-Mail Removed)> wrote in message
news:45e472a9$0$26694$(E-Mail Removed) .com...
> "Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>> WPA or WPA-AES (WPA2) do not need any RADIUS server.
>> All new 802.11b/g model can do WPA-PSK and many of them can do WPA-AES
>> (WPA2).
>> There is (USA price) devices (Access Points and Client cards) for less
>> than $40 each, capable of WPA-AES.
>> From the weakest to the Strongest.
>> No Security
>> MAC
>> WEP
>> WPA-PSK
>> WPA-AES
>> WPA2
>
> In my router config I got WPA, WPA-PSK, WPA2 & WPA2-PSK. I guess PSK
> stands for Pre-Shared Key but what is a pre-shared key and how do I create
> one?

and in my 3945ABG settings I have options for WPA-TKIP, WPA-AES-CCMP, WPA2
TKIP and WPA2 AES-CCMP.... if I had my router set to WPA-PSK or WPA2-PSK
would I have to set the 3945abg to WPA-TKIP or WPA2-TKIP in order to connect
and tell me how I create a pre-shared key

Hi
Usually by entering a passphrase that creates a key.
Read your Router's manual.
Jack (MVP-Networking).

"Nick Le Lievre" <(E-Mail Removed)> wrote in message
news:45e472a9$0$26694$(E-Mail Removed) .com...
> "Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>> WPA or WPA-AES (WPA2) do not need any RADIUS server.
>> All new 802.11b/g model can do WPA-PSK and many of them can do WPA-AES
>> (WPA2).
>> There is (USA price) devices (Access Points and Client cards) for less
>> than $40 each, capable of WPA-AES.
>> From the weakest to the Strongest.
>> No Security
>> MAC
>> WEP
>> WPA-PSK
>> WPA-AES
>> WPA2
>
> In my router config I got WPA, WPA-PSK, WPA2 & WPA2-PSK. I guess PSK
> stands for Pre-Shared Key but what is a pre-shared key and how do I create
> one?
>

Nick Le Lievre wrote:
> "Nick Le Lievre" <(E-Mail Removed)> wrote in message
> news:45e472a9$0$26694$(E-Mail Removed) .com...
>> "Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi
>>> WPA or WPA-AES (WPA2) do not need any RADIUS server.
>>> All new 802.11b/g model can do WPA-PSK and many of them can do WPA-AES
>>> (WPA2).
>>> There is (USA price) devices (Access Points and Client cards) for less
>>> than $40 each, capable of WPA-AES.
>>> From the weakest to the Strongest.
>>> No Security
>>> MAC
>>> WEP
>>> WPA-PSK
>>> WPA-AES
>>> WPA2
>> In my router config I got WPA, WPA-PSK, WPA2 & WPA2-PSK. I guess PSK
>> stands for Pre-Shared Key but what is a pre-shared key and how do I create
>> one?
>
> and in my 3945ABG settings I have options for WPA-TKIP, WPA-AES-CCMP, WPA2
> TKIP and WPA2 AES-CCMP.... if I had my router set to WPA-PSK or WPA2-PSK
> would I have to set the 3945abg to WPA-TKIP or WPA2-TKIP in order to connect
> and tell me how I create a pre-shared key
>
>

TKIP, AES, and AES-CCMP are different encryption schemes, in order from
weaker to stronger. If WPA doesn't specify, then it is WPA (TKIP). You
have to use the same encryption scheme on both sides of the link (router
and wireless adapter).

Pre-sharing a key means that you manually have to set the "key" or
"passphrase" both in the router and in the wireless adapter. Set up
encryption in the router first and then setup the wireless adapter,
using either the configuration utility that came with the adapter or
using Windows XP Wireless Zero Configuration.

IMPORTANT: Make sure that the box for "Enable IEEE 802.1x authentication
for this network" is NOT checked:
In Network Connections, click the wireless connection, and then, under
Network Tasks, click Change settings of this connection. On the Wireless
Networks tab, click a wireless network in the list, and then click
Properties. On the Authentication tab, make sure that the "Enable IEEE
802.1x authentication for this network" check box is NOT selected.
(see
http://screenshots.modemhelp.net/scr...tication.shtml)



--
Lem MS MVP -- Networking

To the moon and back with 64 Kbits of RAM and 512 Kbits of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer

"Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
> Usually by entering a passphrase that creates a key.
> Read your Router's manual.
> Jack (MVP-Networking).
>

I created a 13 character passphrase and used WPA2-PKS when I tried to
connect it asked for the security passphrase and I entered my 13 character
passphrase and that was it - connecting to it was much the same as using a
WEP key and it now says Authentication Level: WPA2-Personal Encryption Type:
AES - CCMP . However now I notice a decrease in my broadband speed... I went
to adslguide.org.uk and it said the downstream was about 580kbit/s and then
I tried to download something and it never went above 70kb/s whereas before
I was getting 228kb/s. Question does setting WPA2-PKS have affect on
broadband performance?

Hi
Security involves encryption that take processing power, the decrease of WEP
use to be noticeable. WPA decrease is usually not noticeable since it is
within the margin of the regular fluctuation that is common to Wireless
connection.
The decrease that you indicated seems to be something else, or very low
quality hardware.
Jack (MVP-Networking).

"Nick Le Lievre" <(E-Mail Removed)> wrote in message
news:45e48902$0$26698$(E-Mail Removed) .com...
> "Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>> Usually by entering a passphrase that creates a key.
>> Read your Router's manual.
>> Jack (MVP-Networking).
>>
>
> I created a 13 character passphrase and used WPA2-PKS when I tried to
> connect it asked for the security passphrase and I entered my 13 character
> passphrase and that was it - connecting to it was much the same as using a
> WEP key and it now says Authentication Level: WPA2-Personal Encryption
> Type: AES - CCMP . However now I notice a decrease in my broadband
> speed... I went to adslguide.org.uk and it said the downstream was about
> 580kbit/s and then I tried to download something and it never went above
> 70kb/s whereas before I was getting 228kb/s. Question does setting
> WPA2-PKS have affect on broadband performance?
>

"Jack (MVP-Networking)." <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi
> Security involves encryption that take processing power, the decrease of
> WEP use to be noticeable. WPA decrease is usually not noticeable since it
> is within the margin of the regular fluctuation that is common to Wireless
> connection.
> The decrease that you indicated seems to be something else, or very low
> quality hardware.
> Jack (MVP-Networking).
>

Yeah I reckon its something else maybe peak time of usage at my ISP as I
disabled WPA2 and went back to unsecured and run another test and it was
still a long ways off what I usually expect. Although I`ve not noticed
before it seems my ISP are incapable of guaranteeing a 2mbit/s connection
probably something to do with the 50:1 contention ratio. I`ll check again
later or tommorow during working hours to see if its back up to around
2mbit/s speed.

"Jim" <(E-Mail Removed)> wrote in message
news:ux1Fh.1375$(E-Mail Removed) ...
>>> In my router config I got WPA, WPA-PSK, WPA2 & WPA2-PSK. I guess PSK
>>> stands for Pre-Shared Key but what is a pre-shared key and how do I
>>> create one?
>>
>> and in my 3945ABG settings I have options for WPA-TKIP, WPA-AES-CCMP,
>> WPA2 TKIP and WPA2 AES-CCMP.... if I had my router set to WPA-PSK or
>> WPA2-PSK would I have to set the 3945abg to WPA-TKIP or WPA2-TKIP in
>> order to connect and tell me how I create a pre-shared key
>>
> The fine manual tells you how to do set the various types.
> Jim

Its ok thanks to the instructions here I`m all set once I set WPA2-PKS on
the router and entered a key (I used a 13 character key like WEP 128) I was
able to connect on my laptop and it automatically set AES CCMP as the
encryption not TKIP. So looks like I have maximum security possible outside
of using a radius server which I suppose is better still. Now if I hadn't
noticed how slow my broadband connection is getting then I would be really
happy... it goes down to what you might expect from a 512kbit/s connection
considering the upgrade to 2mbit/s was a free one from 512kbit/s I`m not too
unhappy its still as good as a 512kbit/s connection in worse case scenario.