In terms of wireless network security, is WEP encryption the most secure choice?
I am the home user, and have multiple machines connect to the wireless router inside the house. I worry about the wireless security and people can hack the machines.
There are choices such as WEP 64 bits, WEP 128 bits, and PSK. I chose WEP 128 bits but not sure if this is the most secure choice.
Any other suggestions to make the wireless network more secury?
No, it is not WPA is more secure. WEP is breakable with sufficient captured traffic.
Yes, they can. Make your essid hidden, so that the outsider has to try to figure out what your essid is to connect. Then make sure you have some encryption configured. If you are worried, make sure that the key is changed periodically.
Use WPA not WEP 2. Use a password that is at least 20 characters long. ( This will handle the weakness in WPA ... as per the latest research on WPA :-)
or if you're wanting to up the security, you might want to consider a VPN (with a digital certificate), or a Radius authentication server (with digital certificates)
You *can't* hide the ESSID! You can turn off periodic broadcasting of the ESSID, but that does *not* hide it. It is, unencrypted, sent in every packet you transmit. The broadcast merely makes sure that you do in fact transmit a packet at short, regular intervals.
The point of doing that is to allow a short "scan" to detect the presense of a network. The value is that it can be *avoided* if it will interfere with another network. Hence if you turn off ESSID broadcasts the likelyhood that a neighbor will fire up his wifi access point on the same channel as yours, is much greater than if the ESSID broadcast is enabled.
If the neighbor is interested in cracking your network, the lack of an ESSID broadcast is *not* going to hide the existance of the network for longer than it takes you to use it. Which is to say that as soon as you actually do use it for traffic, your ESSID is available to the neighbor.
It has *nothing* to do with security, obscure or otherwise.
All of the Linksys routers support WPA. The earlier /firmware/ doesn't though, and either a Linksys upgrade or third party firmware can be downloaded and applied to add support for WPA.
Can you post the model number of your linksys? You did say earlier that among your choices was something called "PSK" (Private Shared Key). That may be a WPA mode.
If you go out to the Linksys web site, you can download a newer version of the firmware for the box. This will add WPA.
Other options: 1. Use a VPN (openvpn, poptop) 2. Use a Radius authentication server. 3. Use a different router. 4. Use this router as a front-end to another firewall, so you'll have WiFi (public, and open, and also have a secure private LAN).
There are also three other things to do here, which will provide some additional layers that someone would have to go through:
Properly configure a local firewall on your computers. The router will provide protection from someone coming in via the hardwired ISP WAN connection, but will not protect you from someone trying to do computer-to-computer access via wireless.
Disable the ESSID broadcast on the WAP. This disables the ability for someone to casually identify your WAP passively using common clients. Also change the ESSID from the default to something that is not associated with you or your location. The number of my neighbors who have WAPs in their homes was easy for me to determine, including their use of ESSID's that reflected their names or addresses or the defaults. I have spoken to each.
Use MAC address filtering on the WAP, which links the WAP connection to the physical ID's of the wireless NIC's on your computers. It is possible to spoof MAC addresses, but it is one more thing for someone to do to get into your network.
The key to security is layers. Do not depend upon a single protection mechanism.
Yes, make sure you have the latest firmware from Linksys for this router.
Well, PSK is a subset of WPA. I don't have one set up here right now, but I've played with them a lot lately. You ought to have an encryption style, which will be {none,wep,wpa} and upon selecting WPA you'll get another selection of {psk,radius,etc}, and then upon selecting PSK you'll get {tkip,aes?}.
You'll want WPA - PSK - TKIP with a non-dictionary passphrase.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.