-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
Wireless Security
- Thread starter Vercogen
- Start date
kiepie
Executive Member
Maybe change the encryption key. And the password for the router. Don't know if that could be enough.
I only changed the key and have no problems.
Gunny
Expert Member
Use the mac address filter and setup WEP encryption with a shared passphrase that should be enough.
thanx for the info........ ermm..... but......
how do you do this step by step please lol
me<----
manual + google
I agree with Bwana use WPA if the AP supports it
The_Techie
Resident Techie
Only if you are extremely paranoid, or if your neighbour is a Linux/Mac freak who spends all his time trying to crack all of the surrounding wireless networks You'll be fine with WEP, but if you're hyper-paranoid then go with WPA or WPA2. I personally use 128-bit WEP and haven't had any problems with security.
On how to set it up: use the manual and/or Google. Good luck!
You'll be fine with WEP, but if you're hyper-paranoid then go with WPA or WPA2. I personally use 128-bit WEP and haven't had any problems with security.On how to set it up: use the manual and/or Google. Good luck!
Why just close the door if you can lock it, especially with bandwidth costing what it does.Only if you are extremely paranoid, or if your neighbour is a Linux/Mac freak who spends all his time trying to crack all of the surrounding wireless networks
On how to set it up: use the manual and/or Google. Good luck!
Assuming your hardware supports it WPA isnt any more difficult to set up and the benefits over WEP are undeniable.
The_Techie
Resident Techie
WARNING: LONG POST!
Oh sure, assuming that this country is full of people sitting on a few grands (if they are that desperate) worth of wireless equipment just waiting to crack your network as soon as they find it. The benefit of WPA or WPA2 over WEP is that it takes a few more minutes to break (believe me, we had to test it a while back). WEP lasts anything from a few minutes to almost forever, depending on network traffic, while WPA also lasts a few minutes to almost forever, also depending on network traffic.
And there is no need to lecture me about how these work, I am well aware that WPA changes the encryption key every packet, while WEP uses a standard encryption every packet and that it is resent every time. While it seems that you can't break WPA because it always changes, it is not only possible, but very simple. Except, of course, if there is little/no network traffic. However, this also applies to WEP so that cannot be considered a benefit over WEP. I'm having trouble finding an advantage of WPA over WEP that can't be neutralized by anyone with sufficient know-how. If they can break WEP then they can break WPA, it's as simple as that.
So yes, it is probably not difficult for a network newbie to set up WPA but that doesn't mean you'll benefit from it. WEP works just as well in an area where die-hard script kiddies are few and far between. I haven't had one hack attempt on our wireless network, and that is with over 300 people having access to the network. I can only assume that there aren't many script kiddies in my area. Personally I agree with you about wireless security, but I'm just playing Devil's Advocate here.
If you are like me (that is, hyper paranoid), WPA2 Shared-Key with MAC address filtering will work just fine
If you are a normal person who doesn't believe and/or know that they are out to get you, a basic form of encryption will suffice.EXAMPLES
Network 1: No encryption of any kind, only MAC address filtering. MAC addresses are extremely easy to spoof, so highly vulnerable to script kiddies. However, it is used in an area with few people having access to the network and has never had any problems with security. Verdict: Extra security unneccesary.
Network 2: 64-bit WEP encryption without MAC address filtering. No need for MAC address spoofing and the only thing needed to get the key is a few network packets (by few I mean a lot, but they increase exponentially if you have the right programs). However, it is lives in an area where few people have access to the network. In fact, everyone has trouble connecting to this network at a range of 10 meters because of the poor router. So, the wireless signal can't carry outside the house. Verdict: Extra security unneccesary.
Network 3: 128-bit WEP security with MAC address filtering. MAC addresses are easy to spoof and network traffic can easily be monitored. A lot of people have access to the network. However, not one person in the range of the wireless network knows what a network is. Verdict: Extra security unneccesary.
My view: It isn't necessary to go to extreme lengths to close your network tighter than a badger's sphincter. If you know that there aren't too many script kiddies in your neighbourhood, a basic form of encryption (WEP) will do just fine. However, if you know how to set it up, extra security is always a good idea. You never know when it might come in handy.
Phew, I'm tired now... It comes down to this: If you have the time and know-how, make your network as secure as possible (WPA or WPA2 and MAC address filtering). If you don't have the time and know-how, just set up a basic form of security (WEP) to deter those pesky neighbours of yours.
Only if you are extremely paranoid, or if your neighbour is a Linux/Mac freak who spends all his time trying to crack all of the surrounding wireless networks
On how to set it up: use the manual and/or Google. Good luck!
I think WPA is easier to setup the WEP. at least with WPA it is easy to remember a key like: thisismyWPAkeythatWILLnotgetbrokeninalongtimesocomegetme!
hope that is under 64 letters
not true... a wireless card of most sorts USB/PCMCIA + a Live CD of your favourite linux distro. is that expensive?
I find this statement very interesting give the part in brackets.
WPA is phonemically stronger then WEP. WPA is only weak if a weak passphase is used.
WEP is certainly very easy to crack and if there is not enough traffic then you just generate traffic... (how is not the point of this thread) ok yes so it is a little over the head of a script kiddy. but not much
you need very little traffic to break WPA because it is a different method of attack to WEP.
certainly not true. you can have all the know how in the world you will not crack a very good passphase on WPA unless you had super super to the power of lots of computers to crack it.
WPA is much stronger then WEP simple as that
me too
The_Techie
Resident Techie
You're proving my point for me. If they want to break your network, they'll break your network, whether they have expensive hardware or not. Whether you have WEP or WPA, they'll get through eventually. And you can also use a similar method to break WPA to the one you use to break WEP which will need a bit of network traffic, but granted that's one of many approaches, and we'll not discuss how to do it either. I'm glad to see there are other people who know what they are talking about, I was starting to feel alone
http://www.youtube.com/watch?v=8bue_e7J-kc (am I allowed to post a link? I hope so.) This is one of the many videos flying around of people breaking WPA with a shared passphrase. Whether this video is real or not is debatable, but it's one of many. Here's another one:
http://www.youtube.com/watch?v=Ep3CRtzAM_E
Note that these were all performed on normal PCs, not super super to the power of lots of computers. People also thought that WEP would need a few strong computers and a lot of time to crack, but they found the vulnerability and exploited it, same with WPA. The amount of time needed to crack a long passphrase is substantially higher, so keep those as long as possible!
And how do you find what I wrote in the brackets interesting, if I might ask? It's no superhuman task to break wireless security, the same with breaking Windows passwords or any other form of security. It all comes down to either brute force (not recommended) or exploiting the weaknesses.
But remember, I'm actually agreeing with you. I'm all for good security, but the point I've been trying to make all along is that you have to adjust your level of security to the situation and/or user know-how. If you know how to set it up, by all means go for it! Just remember that a basic form of security is better than none at all.
Settled?
I'm glad to see there are other people who know what they are talking about, I was starting to feel alone http://www.youtube.com/watch?v=8bue_e7J-kc (am I allowed to post a link? I hope so.) This is one of the many videos flying around of people breaking WPA with a shared passphrase. Whether this video is real or not is debatable, but it's one of many. Here's another one:
http://www.youtube.com/watch?v=Ep3CRtzAM_E
Note that these were all performed on normal PCs, not super super to the power of lots of computers. People also thought that WEP would need a few strong computers and a lot of time to crack, but they found the vulnerability and exploited it, same with WPA.
The amount of time needed to crack a long passphrase is substantially higher, so keep those as long as possible!And how do you find what I wrote in the brackets interesting, if I might ask? It's no superhuman task to break wireless security, the same with breaking Windows passwords or any other form of security. It all comes down to either brute force (not recommended) or exploiting the weaknesses.
But remember, I'm actually agreeing with you. I'm all for good security, but the point I've been trying to make all along is that you have to adjust your level of security to the situation and/or user know-how. If you know how to set it up, by all means go for it! Just remember that a basic form of security is better than none at all.
Settled?
If you have a good WPA passphase then they will not crack it.
the quality of that is so shocking that i stopped it 10 seconds into it. if it got any better apologies. the second one is much better
from the second video
Conclusion for cracking WEP and WPA
WEP is much easier to crack then WPA
this nulls you statement "The benefit of WPA or WPA2 over WEP is that it takes a few more minutes to break"
yes brute forcing a 64 character passphase will take forever. were as a WEP key is far easier because it is not a brute force attack.
again i say cracking WPA and WEP are two different attacks, one is brute force/dictionary with the other is a "voting" system
if you had tested all this stuff in a lab you would know that you cant crack a good WPA passphase
Yes.
I state again "WPA is phonemically stronger then WEP. WPA is only weak if a weak passphase is used." eg a dictionary word.
The_Techie
Resident Techie
My point is that both are breakable. I never argued that WPA is worse than WEP, I was playing Devil's Advocate to prove that you can't completely secure your wireless network, just like you can't completely secure your house. There is always a way in.
My apologies about the poor quality of the video, but that is a matter to take up with the author. I would also have prefered a better quality video.
Oh, and on your comment on a good WPA passphrase: you can crack a good passphrase. But it will take a good while to do this and that is why it is used, to discourage anyone from spending that amount of time on breaking your network and instead moving to one that is not protected. That is why they say it is much easier to break WEP than break WPA, not "You had better hope that it is encrypted with WEP because WPA is impossible to break."
Oh, here is a quote from an article I stumbled across: "Consequently, it's actually easier to crack WPA than it is to crack WEP." I haven't had the willpower to read it, but I can post a link to the article if you want?
Note, however, that I do not say WPA can be broken quicker than WEP. I state again: "If you have the time and know-how, make your network as secure as possible (WPA or WPA2 and MAC address filtering). If you don't have the time and know-how, just set up a basic form of security (WEP) to deter those pesky neighbours of yours."
My apologies about the poor quality of the video, but that is a matter to take up with the author. I would also have prefered a better quality video.
Oh, and on your comment on a good WPA passphrase: you can crack a good passphrase. But it will take a good while to do this and that is why it is used, to discourage anyone from spending that amount of time on breaking your network and instead moving to one that is not protected. That is why they say it is much easier to break WEP than break WPA, not "You had better hope that it is encrypted with WEP because WPA is impossible to break."
Oh, here is a quote from an article I stumbled across: "Consequently, it's actually easier to crack WPA than it is to crack WEP." I haven't had the willpower to read it, but I can post a link to the article if you want?
Note, however, that I do not say WPA can be broken quicker than WEP. I state again: "If you have the time and know-how, make your network as secure as possible (WPA or WPA2 and MAC address filtering). If you don't have the time and know-how, just set up a basic form of security (WEP) to deter those pesky neighbours of yours."
I'm confused - Is my set-up so different than yours? Why is time even a factor?
It may well be of course that OsX is different because the set up is the same either way for me - you either choose WEP or WPA.
The_Techie
Resident Techie
Whoops, I forgot to post the link to that article. My bad.
http://www.informit.com/articles/article.asp?p=369221&rl=1
The level of wireless security you want comes down to personal preference. I personally want the best security, but some people only want to deter people in their immediate vicinity. Go with what you feel is adequate.
http://www.informit.com/articles/article.asp?p=369221&rl=1
The level of wireless security you want comes down to personal preference. I personally want the best security, but some people only want to deter people in their immediate vicinity. Go with what you feel is adequate.
The_Techie
Resident Techie
I'm confused - Is my set-up so different than yours? Why is time even a factor?
It may well be of course that OsX is different because the set up is the same either way for me - you either choose WEP or WPA.
I agree, just choose the one you want. I just argued for WEP because it might be more standard amongst older software/hardware (although how relevant that is these days is debatable, more and more devices are WPA or WPA2 compliant)
The_Techie
Resident Techie
I'm not going to debate this any longer, I've already stated my point: Go with WPA if you can, but at least enable WEP as a bare minimum. In order of desirability: WPA2, WPA, WEP128, WEP64.
So stop arguing with me about what to use, dammit
So stop arguing with me about what to use, dammit
Juggy
Executive Member
Not that "Wireless Security" isn't an oxymoron
Almost as bad as British Intelligence... AnyhooAbout all you can do is the follwoing
1. WPA(2) with a long passphrase utilising numbers/letters/special characters.
2. Don't broadcast your SSID.
3. Use MAC authentication.
4. Change your router username and password to something complex, preferably not your name or pets name etc also using numbers/letters/special characters.
5. Make sure you use the statefull firewall on the router and make sure you have a firewall on your windows installation.
6. Ensure windows is up-to-date with all security patches etc.
7. Use a decent AV scanner, AVG Free is one of the preferred.
This is how I've got mine setup and have never had problems and there are about 6 SSID broadcasts in my area of which 2 are open.
Last edited:
The_Techie
Resident Techie
Not that "Wireless Security" isn't an oxymoron
About all you can do is the follwoing
1. WPA(2) with a long passphrase utilising numbers/letters/special characters.
2. Don't broadcast your SSID.
3. Use MAC authentication.
4. Change your router username and password to something complex, preferably not your name or pets name etc also using numbers/letters/special characters.
5. Make sure you use the statefull firewall on the router and make sure you have a firewall on your windows installation.
6. Ensure windows is up-to-date with all security patches etc.
7. Use a decent AV scanner, AVG Free is one of the preferred.
This is how I've got mine setup and have never had problems and there are about 6 SSID broadcasts in my area of which 2 are open.
/me applauds JUGGY's post