Well, WEP is not secure (can be easily broken).
If you filter only to connect to specific MAC addresses, that's good. Know that a MAC address can be spoofed.
Someone who really wants in can get in, but not easily.
WPA would be MUCH more secure.
connected..." on
network:
Could be failed access attempts, but the way it sounds, you are using open system instead of shared key (not disputing what you said). Open system allows one to associate with the AP but not authenticate to use the network. These associations are logged. Shared key wont allow you to associate unless you have the key. Open is supposedly more secure do to the 4 way handshake of shared. In shared unencrypted challenge text is sent from the AP to the client, the client then encrypts it with the key. A hacker can then determine the key by knowing the challenge text, thus he knows your encryption key. Open system doesnt open this door but weakness in the IV allow it to be hacked anyway so damn if you do damn if you dont. WPA is the way to go if you use a good passphrase, otherwise it is susceptible to dictionary attacks.
I have a WAP54G v2 and I think I have it locked down pretty tightly altho when I review the log for it it still says "Wireless PC connected..." on occasion with different MAC addresses that are not associated with my network. Here are the measures I've taken so far to secure my network:
WEP 128bit enabled DHCP server in router off, all static IPs assigned to my systems starting with 10.x.x.x SSID Broadcast disabled and changed to something other than the default 'linksys'. MAC filtering enabled Using Channel 11 Using Shared Key
With this setup, 1. according to the log, are these 'wireless pcs' actually connecting to my network or are these just failed attempts? and
Thanks for the info there. I would rather use WPA but I also have a WML11B on my network and (unless I've missed something in the setup) it doesn't seem to accept any form of security other than WEP. I have the latest firmware in my WML11B but WEP is all that shows in the security setup menu.
it is one more obstacle to overcome. the typical wardriver is not likely to bother finding the hidden ssids since the visible ones are so plentiful.
as for things breaking, most access points offer ssid hiding and users are hiding them. it really doesn't matter if it is out of spec or not, the fact is, there *are* hidden ssids out there and software needs to deal with it without breaking.
sure it can be spoofed, but it is yet one more obstacle.
sure it can be sniffed but it is yet one more obstacle.
also, if there is no traffic at the time the intruder is attempting to connect, what is he going to sniff?
the more obstacles the better. unless someone is specifically targetting *you*, all that really matters is that it is harder to crack than the network up the street.
if they *are* targetting you, then you probably have bigger problems than just the wireless network being compromised. and if that is the case, just unplug it.
every little bit counts. security comes in layers, and while any item by itself may be trivial to breech, taken as a whole, it is more secure.
"Another Anonymous" wrote in news:vWvQd.29752$ snipped-for-privacy@fe2.columbus.rr.com:
The most important things in network security (wired or wireless) are AUTHENTICATION and ENCRYPTION.
For a wireless network, the most secure is WPA (encryption + authentication using a RADIUS server). However, most home users will not have this, so the best available is WPA-PSK.
If you cannot use WPA-PSK for any reason then use WEP with Open System authentication.
Note that there are several reasons why you may not be able to use WPA-PSK, ranging from not all your devices supporting it to using a WDS link (Wireless Distribution System, eg using a repeater or wireless client bridge) where in general it will not work.
While there are known weaknesses in WEP, the ease of cracking its encryption is often exaggerated. However, there is a serious weakness in its authentication mechanism when using Shared Key authentication which causes the exposure of both plaintext and matching ciphertext. If the traffic is sniffed, this allows the encryption key to be easily deduced. So, although it does not have explicit authentication, use Open System. Traffic from stations not correctly encrypted with a valid key will be dropped, so you will be OK.
This (WPA-PSK or WEP with Open System authentication) should be all you need.
Other points:
- ensure you change the router's logon and password details. You don't mention this, but I guess you have done it...
- enable SSID broadcast. Attempts to hide it are *not* a security measure. It is designed to be broadcast. Useful things will stop working when it is disabled. It is *always* transmitted and cannot be successfully hidden.
- MAC address filtering adds very little to your security. Sniffing a valid MAC address and spoofing it is very easy, far easier than cracking WEP encryption. By all means use it if it makes you feel better, but it will be a false sense of security.
- using static IPs provides no security. IP addresses are always transmitted and if the traffic is sniffed, a valid IP address can be immediately deduced.
What you are doing with most of such attempts at security is protecting yourself from your friendly next door neighbour, who is likely harmless anyway. They provide *no* protection from anyone with the right tools. And perhaps worst, they give you a false sense of security.
I tend to rant a little about security. All of the measures which are often recommended appear attractive - but I do wonder whether any person who recommends them has ever tried a few practical experiments which would soon demonstrate the fact that they are either worthless, or offer very limited protection...
Hope this helps
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.