Linksys home network problems

On 5 Aug 2006 16:13:25 -0700, snipped-for-privacy@yahoo.com wrote in :

Good stuff.

Why? DHCP isn't a security issue, and manual IP is error-prone hassle.

Won't help security -- a waste of time that just makes life harder.

Correction: WEP insecurity. WEP is so easily broken that it's essentially useless, just like SSID hiding, MAC filtering, and turning off DHCP..All you need is WPA or WPA2 with a strong passphrase.

1. Unhide the SSID.
2. Remove any MAC filtering.
3. Use DHCP instead of manual IP.
4. Troubleshoot with all security turned off
5. Then switch to WPA or WPA2 with a strong passphrase.

Does that mean "select WAP rather than WEP for security mode"?

What would be a strong passphrase? digits and alphabets (lower and upper case ) mixed?

Good learning for me.

[].

What's the different between WPA Pre-Shared Key and WPA RADIUS? Which one should I choose?

John,

I used static IP addresses because of the web server I'm running.

Good to know. I'll just leave it enabled.

I made sure I didn't have any MAC filtering set up. I disabled all security and instantly accessed the internet from all applications. I enabled WPA security with a strong passphrase and still had access from all applications. Odd...but sweet.

Thanks for your help!

On 5 Aug 2006 18:30:20 -0700, "Amanda" wrote in :

Absolutely.

I recommend diceware words (link in wikis below):

• For security that will stop most current attackers now, 20+ characters are enough.

• For security good for our lifetimes, 34+ characters.

On 5 Aug 2006 18:34:33 -0700, "Amanda" wrote in :

Definitely use RADIUS if you have a RADIUS server. You probably don't, so use PSK (pre-shared key) instead.

On 5 Aug 2006 21:57:18 -0700, snipped-for-privacy@yahoo.com wrote in :

Better DHCP servers can fix addresses for particular clients.

Glad it worked.

"Amanda" hath wroth:

WPA-PSK is "pre shared key". This is where you type in a >20 character encryption key into the router and all connecting devices.

A "strong passphrase" is one that you can't remember.

WPA-RADIUS is where you have a RADIUS server somewhere, that has a database of user logins, passwords, MAC addresses, certificates, etc, that are used to authorize user and authenticate the client using

802.1x authentication.

You probably want WPA-PSK or what Linksys calls "WPA Personal".

My linksys wireless router uses "WPA Pre-Shared Key". If I choose that, I will have to create a key for "WPA Shared Key:" field, right?

On 6 Aug 2006 06:59:38 -0700, "Amanda" wrote in :

That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is "WPA Enterprise".

Right. And diceware words are a good way to do that.

John Navas hath wroth:

That's because the Wi-Fi Alliance trademarked the terms WPA Personal, WPA Enterprise, and such. IEEE802.11i-2004 calls it PSK but doesn't even mention WPA. Even the acronym list doesn't mention WPA. The Wi-Fi Alliance apparently licenses the use of the various trademarked WPA and WPA2 terms:

(see trademarks section)

On Sun, 06 Aug 2006 11:30:07 -0700, Jeff Liebermann wrote: : John Navas hath wroth: : : >>> You probably want WPA-PSK or what Linksys calls "WPA Personal". : >

: >That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is : >"WPA Enterprise". : : That's because the Wi-Fi Alliance trademarked the terms WPA Personal, : WPA Enterprise, and such. IEEE802.11i-2004 calls it PSK but doesn't : even mention WPA. Even the acronym list doesn't mention WPA. The : Wi-Fi Alliance apparently licenses the use of the various trademarked : WPA and WPA2 terms: :

(see trademarks section) : To those of us of a certain age, "WPA" stands for "Works Progress Administration", the makework program set up by Franklin Roosevelt to combat the effects of the Great Herbert Clark Hoover Republican Depression of the

1930s. Unemployed laborers fixed roads, planted trees, spruced up national parks, etc. Unemployed mathematicians were put to work calculating logarithms by hand. Until the late 1950s, when computers started taking over such calculations, the "WPA tables" were considered the most accurate and reliable tables of logarithms ever published.

You shouldn't put the word *us* in there. You may be the only one.

Duane :)

Robert Coe hath wroth:

I'm not that old. Herbert Hoover was elected President in Nov 1928 and took office in January 1929. The initial market crash was on Oct

24, 1929. Hoover must have really been busy during his first 10 months in office to do all that damage. There was much more happening than the prez could possibly have caused: I will admit that the Republicans controlled both houses during the 1920's, until 1931, where the Democrats controlled just the House, and 1933 where the Democrats controlled both.

The old story is that the union representative was complaining to the owner about the huge steam shovel that just put 100 men out of work. The owner retorted with "why not 1000 men with teaspoons"? Progress is a difficult genie to shove back into the bottle.

That's when a computer was someone that did computation. The trend continued through WWII where rooms full of "computers" were employed calculating artillery ballistics and bombsight tables. I've repaired a few old mechanical calculators (Marchant, Monroe, Friden, Burroughs, etc) that I first used to grind numbers in the early 1960's for a long departed aircraft factory. Electronic computer? Whazzat?

The site also has a link " If all you need right now is a login password, click here". It says, after the instruction,

"Such passwords are suitable for systems that limit the number of bad login attempts an attacker can make and protect the file containing the encrypted passwords (this is called password shadowing on Unix-based systems). Unless you are sure this is the case pick a stronger password following the advice below"

What it said "below" as referred to was

" We are not experts on Windows, but at least one source we found says password hashes are not fully protected in Windows systems. If an attacker obtains the password hash, they can test millions of trial passwords in a matter of minutes. As a result, you should use a strong passphrase or string random characters."

So, is a passphrase pr passphrase(s) the solution to every online log in then?

If I have a strong passpharse for my wirelwess network, would it still be necessary to create passphrase(s) for my online activities or are the ones I created - different ones depending on the impoirtant of the account which I didn't write down in English - enough?

Btw, if I want a guest to get onto my wireless network to use internet via the guest's laptop, what is the procedure I need to do on that laptop? Just enter "WPA Shared Key:" to give the guest access. I will have to do it only once, right?

On 7 Aug 2006 06:33:05 -0700, "Amanda" wrote in :

That refers to a password of only 8 characters.

That refers to having Windows save entered passwords (e.g., for external websites). To avoid any problem, don't have Windows save passwords. I use and recommend Password Safe instead, both for generating and for saving. Originally created by noted cryptographer Bruce Schneier of Counterpane Labs, Password Safe is open source and free, and has been subjected to extensive peer review. I use 14 random characters when I can, otherwise as many as possible, and a different password for each different purpose.

Strong passwords and passphrases are only as good as the rest of your security. Again, that's why I use and recommend Password Safe.

If you're like most people, your current passwords and passphrases aren't terribly good.

Right. But that compromises your security. Ideally you want a hotspot-type router that can give them controlled access to the Internet without needing your wireless key and isolating them from your own wireless and wired clients. The least expensive way to do that is with third-party firmware in supported hardware like the Linksys WRT-54GL.

On 5 Aug 2006 18:34:33 -0700, "Amanda" wrote in :

Radiuz is a free external RADIUS service. I haven't used it myself, but I hear it works well.

John Navas wrote: [..]

I'd like to get confirmation about something. If I have the DHCP from the router enabled, the outside world sees only one static IP address while each PC on the network would have different dynamic IP addresses, right?

Which refers to a password of only 8 characters? You means the passwords for systems that limit the number of bad login attempts?

I never let wondows save my passwords.

I am not like most people:)- But I'll improve mine.

What of the guest is using his laptop given by his employer "Intel"? Am a I safer assuming that his laptop has high security? The guest is staying at my place temporarily.

That third-party firmware is not supported in WRT 54G, right? What "L" stands for in WRT-54GL.