wireless security

Hi,

Just a few quick questions to ask about setting up a wireless router
securely. Just been reading the 'stealing neighbour signal' thread with
interest and made me wonder what I could do to make my wireless network
more secure.

1. I've changed the default SSID to something else and try to change
this regularly.

2. I've tried to hide the SSID (not broadcast it), but is there a way to
allow WinXP to automatically connect to this everytime it logs in (as a
non-admin account, which also leads me to another question regarding
WinXP, I'm using a non-admin account, this means that I have to manually
start up the 'Wireless Zero Configuration' as a service everytime I try
to connect. When using an Administrator account, there is no need to do
this. Is there a way to automate this?)

3. I'm using WEP as encryption. Or should I really be using something
else? All I want is an even balance between security and performance.

4. I'm used MAC filtering on router, the only incoming access allowed is
my laptop wireless MAC address, all others denied.

5. I've set up logging as well on router, and do check this from time to
time (when I can be arsed)

Is there anything else I could do? I have a Linksys Wireless G broadband
router (WRT54G).

By the way, where I live in my neighbourhood, I can see upto 4 different
wireless networks at one time, none of which have had their default SSID
changed and none are secure. People tend to just take the router out of
the box and plug it in, without any configuration. I personally think
it's upto the manufacturers to make security set by default.

Thanks for your help

J


J

"J" <(E-Mail Removed)> wrote in message news:dc58gb$974$(E-Mail Removed)...
> Hi,
>
> Just a few quick questions to ask about setting up a wireless router
> securely. Just been reading the 'stealing neighbour signal' thread with
> interest and made me wonder what I could do to make my wireless network
> more secure.
>
> 1. I've changed the default SSID to something else and try to change this
> regularly.
>
> 2. I've tried to hide the SSID (not broadcast it), but is there a way to
> allow WinXP to automatically connect to this everytime it logs in (as a
> non-admin account, which also leads me to another question regarding
> WinXP, I'm using a non-admin account, this means that I have to manually
> start up the 'Wireless Zero Configuration' as a service everytime I try to
> connect. When using an Administrator account, there is no need to do this.
> Is there a way to automate this?)
>
if the name is hidden from 'browsing' it just needs to be typed in manually
when i've set up wireless access for people, i've just created a profile
with network name, encryption type key etc and then this profile is
automatically loaded when they log on.
i can't remember having to do any more than this.
the actual zero config service should be running all the time - not sure why
you need to restart it.
> 3. I'm using WEP as encryption. Or should I really be using something
> else? All I want is an even balance between security and performance.
>
if you have the choice WPA is more secure: some varieties of WEP can be
cracked in seconds
> 4. I'm used MAC filtering on router, the only incoming access allowed is
> my laptop wireless MAC address, all others denied.
>
every little helps - but mac addresses can be set up in software i.e.
spoofed
> 5. I've set up logging as well on router, and do check this from time to
> time (when I can be arsed)
>
> Is there anything else I could do? I have a Linksys Wireless G broadband
> router (WRT54G).
>
> By the way, where I live in my neighbourhood, I can see upto 4 different
> wireless networks at one time, none of which have had their default SSID
> changed and none are secure. People tend to just take the router out of
> the box and plug it in, without any configuration. I personally think it's
> upto the manufacturers to make security set by default.
>
couldn't agree more
sounds like you're on the right track with this; the WPA encryption is the
biggest thing
> Thanks for your help
>
> J
bob

"Bob Lawn" <(E-Mail Removed)> wrote in message
news:dc5f41$jn2$(E-Mail Removed)...
>
> "J" <(E-Mail Removed)> wrote in message news:dc58gb$974$(E-Mail Removed)...
>> Hi,
>>
> you need to restart it.
>> 3. I'm using WEP as encryption. Or should I really be using something
>> else? All I want is an even balance between security and performance.
>>
>>
> couldn't agree more
> sounds like you're on the right track with this; the WPA encryption is the
> biggest thing
>> Thanks for your help
>>

I agree with the use of WPA if your wireless device supports it (mine
doesn't).

For maximum security feel free to try my free random key generator
http://www.soroban.co.uk/wepkeygen.htm

John Steele

I have set-up quite a few wireless networks in central London and all
are based upon WPA

With WPA my set-up is a RADIUS server for authentication (which can be
bolted onto your ADS or even use RSA security methods) and then use of
certificates for valid client machines - using TKIP (Temporary Key
Integral Protocol) the WEP key is changed every so many thousands of
packets/cycles.. again another added bonus is to reduce the signal
strength of a AP as not to leak the signal outside of the building.

Another method is to use the 802.11a standard (as most hackers would
assume all wifi networks are on the 802.11b/g standard - and the 'a'
standard not being very common)

I have done extensive testing with the above and it seems to be secure
and meets all the requirements for a WPA set-up.

Currently looking into WPA2

On top of that you could try our free WIFI blocking software at
http://www.myWIFIzone.com - now works with WPA.

Bob Lawn wrote:

>>2. I've tried to hide the SSID (not broadcast it), but is there a way to
>>allow WinXP to automatically connect to this everytime it logs in (as a
>>non-admin account, which also leads me to another question regarding
>>WinXP, I'm using a non-admin account, this means that I have to manually
>>start up the 'Wireless Zero Configuration' as a service everytime I try to
>>connect. When using an Administrator account, there is no need to do this.
>>Is there a way to automate this?)
>>
>
> if the name is hidden from 'browsing' it just needs to be typed in manually
> when i've set up wireless access for people, i've just created a profile
> with network name, encryption type key etc and then this profile is
> automatically loaded when they log on.
> i can't remember having to do any more than this.
> the actual zero config service should be running all the time - not sure why
> you need to restart it.

Yeah, thanks, I think I've figured it out and created a profile so it
just connects to it. You can actually choose your 'preferred networks'
and list them in order, so if it can't find one, it'll go and look for
the next one in the list. Quite clever!

As for the wireless zero configuration service, it does run
automatically, but only if you're logged in with admin privileges.
Otherwise, it doesn't start up and you have to do this manually. I'm
just trying to see if there's a way to start it up even when using a
non-admin account.

>>3. I'm using WEP as encryption. Or should I really be using something
>>else? All I want is an even balance between security and performance.
>>
>
> if you have the choice WPA is more secure: some varieties of WEP can be
> cracked in seconds

Yep, I've switched to WPA, thanks for the tip.

>>4. I'm used MAC filtering on router, the only incoming access allowed is
>>my laptop wireless MAC address, all others denied.
>>
>
> every little helps - but mac addresses can be set up in software i.e.
> spoofed

Yeah, but there is no such thing as a completely secure system. I just
want to be as secure as I can so the would-be hacker would just look at
it, and say it's too much trouble to try and break in.

>>By the way, where I live in my neighbourhood, I can see upto 4 different
>>wireless networks at one time, none of which have had their default SSID
>>changed and none are secure. People tend to just take the router out of
>>the box and plug it in, without any configuration. I personally think it's
>>upto the manufacturers to make security set by default.
>>
>
> couldn't agree more
> sounds like you're on the right track with this; the WPA encryption is the
> biggest thing

Thanks for your help, I'm quite new at networks overall, especially
wireless, I actually bought an access point before realising that what I
really needed was a router. Stupid!!

John Steele wrote:

> I agree with the use of WPA if your wireless device supports it (mine
> doesn't).
>
> For maximum security feel free to try my free random key generator
> http://www.soroban.co.uk/wepkeygen.htm
>
> John Steele
>
>

Thanks John, I've downloaded it and will look into it when I get home.
So does WEP require you to constantly change the key every time?

Mine does support WPA, and initially will be using that, but I need to
play around with WEP as well in order to learn more about it.

AAL wrote:
> I have set-up quite a few wireless networks in central London and all
> are based upon WPA
>
> With WPA my set-up is a RADIUS server for authentication (which can be
> bolted onto your ADS or even use RSA security methods) and then use of
> certificates for valid client machines - using TKIP (Temporary Key
> Integral Protocol) the WEP key is changed every so many thousands of
> packets/cycles.. again another added bonus is to reduce the signal
> strength of a AP as not to leak the signal outside of the building.

Can you explain in detail how this can be done? I mean the use of
certificates. I also have no idea how you can reduce the signal strength
either. I saw no option on my Linksys router to do this.

> Another method is to use the 802.11a standard (as most hackers would
> assume all wifi networks are on the 802.11b/g standard - and the 'a'
> standard not being very common)

Good idea, but this reduces performance as well, you need to keep a good
balance between security and performance. Anyway, Mine only support b/g,
so can't really do this.

> I have done extensive testing with the above and it seems to be secure
> and meets all the requirements for a WPA set-up.
>
> Currently looking into WPA2

Thanks for your help

myWIFIzone wrote:
> On top of that you could try our free WIFI blocking software at
> http://www.myWIFIzone.com - now works with WPA.
>

Thanks, have downloaded it and will install it later tonight, will let
you know what I think of it.

"J" <(E-Mail Removed)> wrote in message news:dc7o1t$35q$(E-Mail Removed)...
> Bob Lawn wrote:
>
>
> As for the wireless zero configuration service, it does run automatically,
> but only if you're logged in with admin privileges. Otherwise, it doesn't
> start up and you have to do this manually. I'm just trying to see if
> there's a way to start it up even when using a non-admin account.
>
on my kids machine it runs all the time - and they're no admins!
what often happens is that the card manufacturers software can
(deliberately) stop the service and the latter may be started automatically
at user login.
you can usually use either ms zero config or the manufacturers s/w, but not
both.
perhaps its that.

bob