Wireless router

Im thinking of getting a belkin wireless router for my single home pc.

formatting link
Just how secure are they compared with direct connection routers if WEP is used.I have read some reviews that suggests when WEP is enabled it can cause connectivity problems.Any comments/advice or suggestions or better/preferred routers would be welcome. tia me

Reply to
bassbag
Loading thread data ...

bassbag wrote in news: snipped-for-privacy@news.ispserve.co.uk:

I keep hearing the WEP is easily crack able now. You want WPA.

The one problem you would have is if the WEP or WPA key on the wireless card doesn't match the key being used by the router. It will show a signal strength between the two devices but the computer cannot obtain a DHCP IP from the router or cannot use a static IP on the router as the key mismatch and the will prevent the machine from accessing the Internet.

You may want to look at the Linksys WRT54G router, it can get free 3rd party firmware that can be implemented that allows logging to be implemented on the router so you can use something like free Wallwatcher to review the logs for inbound and outbound traffic in case someone is able to hack your wireless set up and use a DHCP or static IP on the router. The two 3rd party firmware's can stop inbound and outbound traffic by setting FW rules I hear.

formatting link
Duane :)

Reply to
Duane Arnold

Yes, but only to people who are technically savvy enough to do this which eliminates 99% of the peopel who work in the IT Industry and therfore 99.999& of all people.

WEP is less CPU intensive than WPA. The other issue is there can still be some incopmpatibility from different vendors with WPA. If you don't have a lot of visitors it isn't a problem.

Any encryption requires you to configure a joining laptop/device. This means no one can join the netork without you appropriately configuring their laptop's wireless. Linksys clients make this VERY difficult cause they support a LINKSYS-only method and a convuluted HEX/ASCII conversion of the key. I've found wireless print servers that I could not connect to a WEP network of a different hardware vendor. This is why most people can't get WEP/WPA to work.

If you don't believe you have hackers next door, your security is relatively safe. You just want to stop casual usage of your network by wandering strangers. Wireless technolphiles could use a wireless sniffer to watch the packet-by-packet conversation. However, as a professional networking person, I can tell you there are precious few people in the industry that have any real capability of understanding and reading packet traces. Even less that have access and can read a wireless sniffer. And fewer still could crack the WEP key to try and join your network.

You could use MAC filtering to prevent people from using your network. Some users have difficulty even managing that much-simpler router-ony change.

It largely depends upon your comfort level with technolgoy.

Reply to
DigitalVinyl

I am not a computer or computer security professional, but looking up a tool like aircrack I should be able to figure out how to perform the attack in a couple of hours, given suitable hardware (which I'm not interested in purchasing).

While it's always nice to be told that you are better than 99% of the computing industry, I have some trouble believing this. Of course, without tools, that would be true - but there are rather effective tools out there, or so I've heard.

Joachim

Reply to
jKILLSPAM.schipper

1) you are using Newsgroups. Ask around and find out how many people around you know what a newsgroup is. Most ask "what website is that?" 2) User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (OpenBSD/3.8 (i386)). I'm not sure if this is you, but if it is--you are using a Unix machine. You already know you are something of a rarity and are more capable than 75% of the public Windows users. 3) Most people will not make a concerted effort. If it can't be done in 15-30 minutes it is too hard. Its like the whole world is suffering from ADD

The world lives and dies on security through obscurity. And I'm not talking about computer security. All security relies 90% of the time on people not knowing what questions to ask, nor where to look, or how to use the information if they had it.

Lastly cracking a WEP key gets you on the network. It does not make spying any easier. You still have to do wireless sniffing or get in or attack a PC, assuming people haven't left themselves wide open--which is the bigger risk. And there's what people should pay attention to. The bigger more likely risks. The chance your neighbor is making a concerted effort to hack your WEP key is incredibly tiny. Meanwhile you may be sharing your laptop's hard drive out and everytime you go to a Starbucks with it people are browsing your harddrive.

I can speak from 15 years experience. The majority of IT workers have very little understanding of how a Wired network works. Even less of wireless. People know the basics... IP address, subnet, gateway, dns server, wins, WEP key... but go beyond those elementals and their understanding degrades quickly into guesstimation. The network is still mostly magic.

Reply to
DigitalVinyl

Okay, that's a point...

... and that's another (yes, the User-Agent: is correct) ...

... and I'll have to grant this ...

... as well as this, of course ...

... but I still maintain that being able to sniff all traffic on a network that has not been properly secured - which is what we are talking about - should be enough to grant you access to most of the juicy data, and some publicly available 'sploitz' are likely to net you the rest as well as the system.

Granted, computer security is a bit of a hobby, I read a lot of security-related lists - there's a reason I'm on OpenBSD (it's nice to be able to mostly trust the kernel), and I knew what to type into Google to get to some tools that would do the job. (Regardless of the fact that I do not own wireless, and am not likely to own it in the future - it's not trustworthy without a proven technology on top, and those - like IPsec - tend to be a little heavy on the old boxen I mostly use.)

And yes, I fully agree with you that such boneheaded stuff as leaving sharing enabled where not strictly necessary should be dealt with first. Still, that's no reason not to get the details right, too.

Maybe, but still - hacking a wireless network is not magic, it does not require reading packet traces, it just requires getting to know a new tool. Of course, actually knowing what you are doing is likely to be a big help - but not strictly necessary, in many cases.

And if you are the neighbour next door, optimizing the cracking speed is of little importance.

Joachim

Reply to
jKILLSPAM.schipper

Wrong, there are tools that can easily crack WEP avaliable for everyone to download, for non savvy neighbor, WEP can be cracked in 30 minutes, 3-7 minutes for people in the know. If you google enough, it can be had.

Reply to
maybenot

The average person doesn't know what WEP is and half the users on the internet can't figure out to do a decent google search. You can't search for what you don't know exists.

Read my other posts for my response to the whoop-de-do about having cracked a WEP key.

Reply to
DigitalVinyl

Sheesh, you must be living in yesteryears. Even my mom who is 82 yrs. old knows how to use google.

| Read my other posts for my response to the whoop-de-do about having | cracked a WEP key.

This one? "Lastly cracking a WEP key gets you on the network. It does not make spying any easier. You still have to do wireless sniffing or get in or attack a PC, assuming people haven't left themselves wide open--which is the bigger risk."

Your statement shows what you know. Anyone who can get to your network can do a lot of evil things. Let's assume the boxes in the network are totally close for sharing, which is impossible for users who doesn't know how to secure their wireless, I give you that, but I have access to your internet, what do you think i can use your internet for? Who gets blame if I use your internet to send spam, hack other peoples machine? Now that you know what evil things can happen with a cracked WEP, why not advice people to use a more secure encryption(WPA, WPA2) instead, WPA has been available since two years ago.

Reply to
maybenot

WPA implementation on clients is horrible though, and it's often unstable to the point of unusability. WEP is easy to set up and use on just about any device.

However, using WEP filters out a big percentage of intruders, but *lets the rest in*.

It's just like they have a wire on your network, minus any controls you've put in by filtering traffic from the WAP. But within that cloud, they see it all. They can read all your smtp and ftp passwords, your email, browse habits, learn your internal IP structure and important hosts, etc. etc, even with MAC filtering on, just by sniffing. A quick operation to read a MAC out of a sniff, wait for it to go offline, then apply it to the local device, gets they trusted access to your wireless cloud. Now they are free to go surfing for child p*rn (law enforcement's investigative methods will land them on your doorstep as the user of that public IP -- that's for real, I've worked on 5 such cases this year -- how would you like that sort of press?) or to hack away at all the inside hosts on your network. Do you ever log in to your firewall with telnet or http? Now they have that password. How secure are your workstations from each other? How secure are your internal network passwords -- once they have network access, a password cracker will get them on your servers with at least user access in short order if they're not very strong -- but a finite amount of time more if they are complex.

WEP is an invitation to disaster, but as one poster pointed out, it may be that nobody ever picks up the invitation.

-Russ.

Reply to
Somebody.

I disagree, you'll have problem with WPA if you are using a non standard hardware/drivers. As we all know WPA standard has been approved and ratified awhile ago. But there were hardwares that were pre-built before the standard was approved, in this scenario incompatible hardware/driver might arise. Newer firmwares and matured drivers should be available by now. For older hardwares/drivers it's a must that you upgrade to the latest firmware/drivers to prevent inconsistensy. For XPSP2 users MS updated their wireless clients(zero config) also, it is more choosy to what AP it connects to. The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services can be downloaded here.

formatting link

Reply to
maybenot

I have a competent engineer who can't get WPA to be stable on very recent Dell Axiom, I couldn't get it to connect on a very recent Dell Inpsiron, and I have a Toshiba that just refuses to communicate. And that's just some of our in-house devices. After patching my Dell 8500 it works fine for me, but WEP works for everybody in the door on their first crack, including guests in the boardroom.

Many Access points need just the right firmware to be stable, ie not always the most recent one, but the one that actually works based on real world experience. WEP, any old firmware will do.

YMMV.

-Russ.

Reply to
Somebody.

Nope, I live in the real world. The corporate world, tech support and consulting at companies with thousands of users. Any technology rollout that assumes compentency from the users is one that will end in disaster. That's why VPN rollouts have so many problems. They have to deal with people installing software on their home PCs and require people to change their behaviors and learn new ones.

Big deal. Everyone I know can "use" Google. However they still don't find stuff that I find using the same exact Google. Like i said before, if it can't be done easily in a few minutes people get confused and give up. BTW "a decent google search" is about using keywords and different binary operations, quoting strings, adding required words. That's what gets you good results. Many people would have no idea what I am talking about.

SO we should protect our network because I need to protect myself from the pedophile, mass-mail spammer-in-a-house, or black hat hacker next door who is looking to hijack my internet connection to pin crimes on me.

Again, do any of us think we live next to someone of this caliber? If you do you should seriously consider shutting down your wirelss phones and network until you have locked down everything. Also audit all the phone and cable lines coming off your house, cause they may have tapped into those. ANd change the codes on your garage door opener, answering machine, and security system cause he probably knows them too.

I believe in not buying into the media-driven fear-everything mentality that the country is paralyzed by. Most of these fears are so rare it's like insisting you get tested for ebola everytime you sneeze. People need to spend time learning to do the basics, not focusing on fearing wireless-internet access hijacking to disguise their illegal operations.

There is limit time and knowledge that people are going to expend on any area and there is much better value in learning about securign proteting your PC than trying to get 128bit WPA to work with all the devices you might want to work on wireless.

Reply to
DigitalVinyl

| >Sheesh, you must be living in yesteryears. | | Nope, I live in the real world. The corporate world, tech support and | consulting at companies with thousands of users. Any technology | rollout that assumes compentency from the users is one that will end | in disaster.

Typical tech/consultant thinking, everyone's not smart enough so let us do it for you and be paid at the same time. Your real world is about to be obsolete.

| >Even my mom who is 82 yrs. | >old knows how to use google. | | Big deal. Everyone I know can "use" Google. However they still don't | find stuff that I find using the same exact Google. Like i said | before, if it can't be done easily in a few minutes people get | confused and give up.

Exactly, if it can't be done easily, they'll give up but like what I said, there are tools available for everyone to download to crack WEP keys easily.

formatting link

BTW "a decent google search" is about using | keywords and different binary operations, quoting strings, adding | required words. That's what gets you good results. Many people would | have no idea what I am talking about.

No need for a google lesson, all you have to type is two words "crack wep", as simple as that.

| >| Read my other posts for my response to the whoop-de-do about having | >| cracked a WEP key. | >

| >This one? | >"Lastly cracking a WEP key gets you on the network. It does not make | >spying any easier. You still have to do wireless sniffing or get in or | >attack a PC, assuming people haven't left themselves wide open--which | >is the bigger risk." | >

| >Your statement shows what you know. Anyone who can get to your | >network can do a lot of evil things. Let's assume the boxes in the | >network are totally close for sharing, which is impossible for users | >who doesn't know how to secure their wireless, I give you that, but I | >have access to your internet, what do you think i can use your | >internet for? Who gets blame if I use your internet to send spam, | >hack other peoples machine? | >Now that you know what evil things can happen with a cracked WEP, why | >not advice people to use a more secure encryption(WPA, WPA2) instead, | >WPA has been available since two years ago. | | SO we should protect our network because I need to protect myself from | the pedophile, mass-mail spammer-in-a-house, or black hat hacker next | door who is looking to hijack my internet connection to pin crimes on | me. | | Again, do any of us think we live next to someone of this caliber?

LOL! Do you know how far wireless signals can reach, guess not?

| I believe in not buying into the media-driven fear-everything | mentality that the country is paralyzed by. Most of these fears are so | rare it's like insisting you get tested for ebola everytime you | sneeze.

If that's what you believe, so be it. My post is not to convince you at all, its the people who will read your advice and might think WEP will protect them from intruders.

Reply to
maybenot

| > I disagree, you'll have problem with WPA if you are using a non | > standard hardware/drivers. As we all know WPA standard has been | > approved and ratified awhile ago. But there were hardwares that were | > pre-built before the standard was approved, in this scenario | > incompatible hardware/driver might arise. Newer firmwares and | > matured drivers should be available by now. For older | > hardwares/drivers it's a must that you upgrade to the latest | > firmware/drivers to prevent inconsistensy. For XPSP2 users MS updated | > their wireless clients(zero config) also, it is more choosy to what AP | > it connects to. | > The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services can | > be downloaded here. | >

formatting link
| | I have a competent engineer who can't get WPA to be stable on very recent | Dell Axiom, I couldn't get it to connect on a very recent Dell Inpsiron, and | I have a Toshiba that just refuses to communicate. And that's just some of | our in-house devices. After patching my Dell 8500 it works fine for me, but | WEP works for everybody in the door on their first crack, including guests | in the boardroom.

Do you have Intel pro/wireless 2200 BG on those problematic pc's? If yes, they are known to be unstable but the latest intel drivers have corrected that.

| Many Access points need just the right firmware to be stable, ie not always | the most recent one, but the one that actually works based on real world | experience. WEP, any old firmware will do.

I agree but if you have not tried the latest firmware you will not know. Dell firmwares/drivers most of the time are two versions behind. Have you tried the manufacturer's chipset firmware?

Reply to
maybenot

This is, to some extent, true.

And securing your hosts is likely to be more useful than securing your network access (at least, if the choice is spending *no* time on one and

*too little* on the other). All this, I can understand.

However, I do not see why one would need, or want, wireless in such a case. If it's too difficult to set up (properly), just run a couple of cables - in almost any circumstance, it's just as effective. I know in the office I sort-of admin, we have one or more really long CAT5 cables lying around, to plug into wandering laptops (they are already connected to the switch). Much cheaper than wireless, much more secure than WEP, and much easier to set up than *any* wireless stuff. If just because it's hard to find two 10/100 Mbps ethernet cards that are incompatible.

Of course, it doesn't look too professional, which is not much of a problem for us but would be if it were a really big corporate office. Even so, running ethernet cables through, say, some desks or as part of an armchair could be both pretty and useful.

Time to, once again, teach some users that they do not have a *right* to the newest wizbang, *especially* if they are not willing to get it right.

(I know for a fact I don't have wireless because I think the hassles of getting proper security - most likely IPsec - in place on all attached hosts would outweigh any perceived 'easiness'.)

Joachim

Reply to
jKILLSPAM.schipper

Stay tuned for SSL VPNs, coming soon to a FortiGate near you. Browser-based VPN, just click OK a few times and supply appropriate authentication. Currently available on far more expensive boxes by Juniper, F5, Aviant.

I do criminal forensics. I've seen such cases, for real. You think you're not a target? Good for you. You don't worry about identify theft either, do you?

You don't have to live next to one, they have cars and laptops, and they go looking. Seriously.

Those have nothing to do with giving out unsecured wireless access to drivers-by. The equivalent would be putting an extension phone on the outside of your house and exterior pushbutton to open your garage, and giving the code for your answering machine in the OGM. And then saying nobody will ever bother.

Except that it happens every day in this country. In every city. It just goes unnoticed much of the time.

That's true. The problem is it's mass-marketed as simple mature technology, when in fact, it's not. In your last paragraphs, you've finally arrived at the truth. You just missed the closing statement:

"Such people should *not* be using wireless."

-Russ.

Reply to
Somebody.

We have done firmware/driver updates with some success and some failure. But this is my point, it's very hard to get it to work. If WPA has been out for 2 years, why am I still dicking with drivers and firmwares on a 4 month old PC? I'm not saying it's impossible, just far harder than it should be. And if you get a less common device like a PDA, you may well just be flat out of luck.

-Russ.

Reply to
Somebody.

Well put.

When Fortigate releases 3.0, I plan to use SSL VPN to secure a simpler wireless implementation, but the user experience will just be that of a splash screen with authentication and a couple of auto-download plugins.

-Russ.

Reply to
Somebody.

| > | > "Somebody." wrote in message | > | > news:tSgjf.4302$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | > | > | WPA implementation on clients is horrible though, and it's often | > | > unstable to | > | > | the point of unusability. WEP is easy to set up and use on just | > | > about any | > | > | device. | > | >

| > | > I disagree, you'll have problem with WPA if you are using a non | > | > standard hardware/drivers. As we all know WPA standard has been | > | > approved and ratified awhile ago. But there were hardwares that | > were | > | > pre-built before the standard was approved, in this scenario | > | > incompatible hardware/driver might arise. Newer firmwares and | > | > matured drivers should be available by now. For older | > | > hardwares/drivers it's a must that you upgrade to the latest | > | > firmware/drivers to prevent inconsistensy. For XPSP2 users MS | > updated | > | > their wireless clients(zero config) also, it is more choosy to | > what AP | > | > it connects to. | > | > The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services | > can | > | > be downloaded here. | > | >

formatting link
| > | | > | I have a competent engineer who can't get WPA to be stable on very | > recent | > | Dell Axiom, I couldn't get it to connect on a very recent Dell | > Inpsiron, and | > | I have a Toshiba that just refuses to communicate. And that's just | > some of | > | our in-house devices. After patching my Dell 8500 it works fine for | > me, but | > | WEP works for everybody in the door on their first crack, including | > guests | > | in the boardroom. | >

| > Do you have Intel pro/wireless 2200 BG on those problematic pc's? If | > yes, they are known to be unstable but the latest intel drivers have | > corrected that. | >

| > | Many Access points need just the right firmware to be stable, ie not | > always | > | the most recent one, but the one that actually works based on real | > world | > | experience. WEP, any old firmware will do. | >

| > I agree but if you have not tried the latest firmware you will not | > know. Dell firmwares/drivers most of the time are two versions | > behind. Have you tried the manufacturer's chipset firmware? | | We have done firmware/driver updates with some success and some failure. | But this is my point, it's very hard to get it to work. If WPA has been out | for 2 years, why am I still dicking with drivers and firmwares on a

4 month | old PC? I'm not saying it's impossible, just far harder than it should be. | And if you get a less common device like a PDA, you may well just be flat | out of luck.

I have to agree, at this time there are still few manufacturer that are a bit slow in applying the standard. They don't care as long as their hardwares works with theirs. Fortunately, so far, I have not encountered problems with mixed client/AP, I have mix clients chipsets(broadcom, atheros, intel) that works with my BG AP. Since all my clients are capable of g, I don't allow b access to my AP, that probably makes a difference.

Reply to
maybenot

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.