That might actually segement out some of the earlier devices, thereby avoiding much of the problem. Even very recent PDA's that suport wifi tend to be B only from my short review of current models.
-Russ.
"Somebody." wrote in message news:WuIjf.4383$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | | "maybenot" wrote in message | news:GeGjf.342$Ia2.71@trndny05... | >
| > "Somebody." wrote in message | > news:LUEjf.4362$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | > | | > | "maybenot" wrote in message | > | news:8ewjf.1643$s96.596@trndny01... | > | >
| > | > "Somebody." wrote in message | > | > news:q4rjf.4332$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | > | > | | > | > | "maybenot" wrote in message | > | > | news:Ynpjf.1293$s96.48@trndny01... | > | > | >
| > | > | > "Somebody." wrote in | > message | > | > | > news:tSgjf.4302$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | > | > | > | WPA implementation on clients is horrible though, and it's | > often | > | > | > unstable to | > | > | > | the point of unusability. WEP is easy to set up and use on | > just | > | > | > about any | > | > | > | device. | > | > | >
| > | > | > I disagree, you'll have problem with WPA if you are using a | > non | > | > | > standard hardware/drivers. As we all know WPA standard has | > been | > | > | > approved and ratified awhile ago. But there were hardwares | > that | > | > were | > | > | > pre-built before the standard was approved, in this scenario | > | > | > incompatible hardware/driver might arise. Newer firmwares | > and | > | > | > matured drivers should be available by now. For older | > | > | > hardwares/drivers it's a must that you upgrade to the latest | > | > | > firmware/drivers to prevent inconsistensy. For XPSP2 users MS | > | > updated | > | > | > their wireless clients(zero config) also, it is more choosy to | > | > what AP | > | > | > it connects to. | > | > | > The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning | > Services | > | > can | > | > | > be downloaded here. | > | > | >
| > | > Do you have Intel pro/wireless 2200 BG on those problematic pc's? | > If | > | > yes, they are known to be unstable but the latest intel drivers | > have | > | > corrected that. | > | >
| > | > | Many Access points need just the right firmware to be stable, ie | > not | > | > always | > | > | the most recent one, but the one that actually works based on | > real | > | > world | > | > | experience. WEP, any old firmware will do. | > | >
| > | > I agree but if you have not tried the latest firmware you will not | > | > know. Dell firmwares/drivers most of the time are two versions | > | > behind. Have you tried the manufacturer's chipset firmware? | > | | > | We have done firmware/driver updates with some success and some | > failure. | > | But this is my point, it's very hard to get it to work. If WPA has | > been out | > | for 2 years, why am I still dicking with drivers and firmwares on a | > 4 month | > | old PC? I'm not saying it's impossible, just far harder than it | > should be. | > | And if you get a less common device like a PDA, you may well just be | > flat | > | out of luck. | >
| > I have to agree, at this time there are still few manufacturer that | > are a bit slow in applying the standard. They don't care as long as | > their hardwares works with theirs. Fortunately, so far, I have not | > encountered problems with mixed client/AP, I have mix clients | > chipsets(broadcom, atheros, intel) that works with my BG AP. Since | > all my clients are capable of g, I don't allow b access to my AP, that | > probably makes a difference. | | That might actually segement out some of the earlier devices, thereby | avoiding much of the problem. Even very recent PDA's that suport wifi tend | to be B only from my short review of current models.
That's one reason I don't allow b access, they tend to pull the speed of the g to the b level in my limited test. PDA's use WPA encryption?
Yes. Yes. I can't wait for that to happen.
They seem to support it, but we were unable to get it to function, even using 2 totally different types of WAP. Again, WPA, while more secure, is more problematic to get working.
-Russ.
| > | > | > | > "Somebody." wrote in | > | > message | > | > | > | > news:tSgjf.4302$ snipped-for-privacy@nnrp.ca.mci.com!nnrp1.uunet.ca... | > | > | > | > | WPA implementation on clients is horrible though, and | > it's | > | > often | > | > | > | > unstable to | > | > | > | > | the point of unusability. WEP is easy to set up and use | > on | > | > just | > | > | > | > about any | > | > | > | > | device. | > | > | > | >
| > | > | > | > I disagree, you'll have problem with WPA if you are using | > a | > | > non | > | > | > | > standard hardware/drivers. As we all know WPA standard | > has | > | > been | > | > | > | > approved and ratified awhile ago. But there were | > hardwares | > | > that | > | > | > were | > | > | > | > pre-built before the standard was approved, in this | > scenario | > | > | > | > incompatible hardware/driver might arise. Newer | > firmwares | > | > and | > | > | > | > matured drivers should be available by now. For older | > | > | > | > hardwares/drivers it's a must that you upgrade to the | > latest | > | > | > | > firmware/drivers to prevent inconsistensy. For XPSP2 | > users MS | > | > | > updated | > | > | > | > their wireless clients(zero config) also, it is more | > choosy to | > | > | > what AP | > | > | > | > it connects to. | > | > | > | > The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning | > | > Services | > | > | > can | > | > | > | > be downloaded here. | > | > | > | >
| >
| > | > | > Do you have Intel pro/wireless 2200 BG on those problematic | > pc's? | > | > If | > | > | > yes, they are known to be unstable but the latest intel | > drivers | > | > have | > | > | > corrected that. | > | > | >
| > | > | > | Many Access points need just the right firmware to be | > stable, ie | > | > not | > | > | > always | > | > | > | the most recent one, but the one that actually works based | > on | > | > real | > | > | > world | > | > | > | experience. WEP, any old firmware will do. | > | > | >
| > | > | > I agree but if you have not tried the latest firmware you will | > not | > | > | > know. Dell firmwares/drivers most of the time are two | > versions | > | > | > behind. Have you tried the manufacturer's chipset firmware? | > | > | | > | > | We have done firmware/driver updates with some success and some | > | > failure. | > | > | But this is my point, it's very hard to get it to work. If WPA | > has | > | > been out | > | > | for 2 years, why am I still dicking with drivers and firmwares | > on a | > | > 4 month | > | > | old PC? I'm not saying it's impossible, just far harder than it | > | > should be. | > | > | And if you get a less common device like a PDA, you may well | > just be | > | > flat | > | > | out of luck. | > | >
| > | > I have to agree, at this time there are still few manufacturer | > that | > | > are a bit slow in applying the standard. They don't care as long | > as | > | > their hardwares works with theirs. Fortunately, so far, I have | > not | > | > encountered problems with mixed client/AP, I have mix clients | > | > chipsets(broadcom, atheros, intel) that works with my BG AP. | > Since | > | > all my clients are capable of g, I don't allow b access to my AP, | > that | > | > probably makes a difference. | > | | > | That might actually segement out some of the earlier devices, | > thereby | > | avoiding much of the problem. Even very recent PDA's that suport | > wifi tend | > | to be B only from my short review of current models. | >
| > That's one reason I don't allow b access, they tend to pull the speed | > of the g to the b level in my limited test. PDA's use WPA encryption? | | They seem to support it, but we were unable to get it to function, even | using 2 totally different types of WAP. Again, WPA, while more secure, is | more problematic to get working.
WPA clients is having difficulty connecting to a non SSID broadcasting AP, are you? In addition, add the MAC addresses of the clients allowed in the AP. I found those combinations better for the clients to find the AP efffectively.
This is not true.
And useless to have.
This is not true either.
Yours, VB.
A fountain of useful information always.
Your position as explained above boils down to:
-Russ.
No, I think the point he was trying to make is that WEP is very insecure and trivial to compromise which is true.
To maintain a secure wireless connection people need to make the move to equipment that supports WPA/WPA2. Any equipment that only supports WEP as an encryption solution is obsolete & a danger to network integrity.
This was discussed at the start of the thread; it's not news. The point made was that WPA is problematic for some client devices and some access point devices, and that using WEP at least keeps out the casual curb surfer. Everybody acknowledges that it is crackable.
Potentially true, depending what you're doing with it and what other restrictions you have beyond the WAP itself.
I would never advocate using WEP for core network access. For boardroom internet access or a hotspot though, where guests often show up with all manner of devices hoping for access, WEP is the best option.
Volker stated that WEP a) was useless and b) does *not* filter out a big percentage of intruders.
I maintain that this is not true. The big percentage of intruders just want quick access to download p*rn or grab their email. They don't want to sit around, collect several gigs of data, run some cracking tools, and get on that way, when driving 100 feet down the road gets them unsecured access someplace else. I think that this constitutes a "use" of the technology, a very appropriate one for some purposes.
Against a *targeted* attack, say for industrial espionage, WEP is indeed useless. But so is WPA if you key is only 5 or 10 characters long. Really anything short of properly configured IPSec over properly configured WPA with properly configured and administrated token authentication is subject to being beaten by a determined enough attacker. WPA is no magic bullet, either.
-Russ.
Trying to learn something about stuff I know little about here (I don't care too much for wireless, but expect to encounter it someday): why do you want to run WPA if you are already running IPsec (provided IPsec is Done Right, which is not that easy)?
Joachim
That's correct, so far, WPA's weakness is the key if it is too short or if they can attack it dictionarily, it is not recommended. You need at least 20 to 63 characters long of a non dictionary format. Available tools now willl take years before WPA keys can be cracked. And we are only talking about WPA personal(tkip, aes), WPA/WPA2 enterprise is another story. By the time they get close to getting your keys, there's already a newer stronger wireless encryptions.
IPSEc/VPN tunnels would tunnel whatever traffic you direct through the tunnel (which is not always all of your traffic). Your PC can still receive and speak on all other ports. I belive you can configure a server to be IPSEC only but that is a really rare thing and for a home PC-to-ISP-Interent setup, I don't even know if that is technically possible.
Ah yes - I can personally attest that it is very much possible only to allow IPsec traffic incoming and outgoing, but you are, of course, right that finding a peer that will accept all your outgoing traffic might be nontrivial.
That being said, searching for 'tunnel ipsec broker' on Google does return 48,100 hits, so I'm guessing it might not be impossible...
Joachim
To prevent potential access to the client computer or the WAP itself. If the network connection is unencrypted, another participant may be able to communicate directly with the client -- dependant on many factors of course -- while IPSec traffic continues along unaffected.
-Russ.
Okay, that's true. Still, in a proper IPsec setup most of this can be avoided. It's nice to know IPsec works as well over wireless networks, though (I couldn't see any reason why it wouldn't, but your post suggested this a little).
Thanks!
Joachim
...
The opposite of "often" ist not "any". It's just untrue, that WPA is unstable on many clients. There may be problems with some older software, and there may be problems with some b0rken WiFi implementations. But today most of the implementations have a good support for WPA now. So your original claim is misleading. This is, why I called it "not true".
May I request you to stop polemics, please?
WEP and WPA (or to be exactly, WPA-PSK) both try to secure a network connection through WiFi. WEP fails because of flaws in the specification. Even the IEEE recognized this fact, and reacted by opening the 802 working group to the public because of this fact. WPA does not fail if applied sensibly.
WPA is an industry standard but not an IEEE standard, it is a subset of
802.11i. The IEEE corrected now, and bring 802.11i aka WPA2 to us now.To talk about b0rken algorithms, modes, technics or methods is completely useless, especially if there are better solutions already. To tell FUD about the better solutions does not help at all, it's counter-productive.
You remember, this is a security newsgroup, don't you?
Yours, VB.
Yes.
Then we have a different definition of the term "intruder". If you don't want to have your Internet connection abused, implement security for it. You don't need WEP at all, also not for this point.
Yours, VB.
I cannot see a reason why someone wants to have this.
Yours, VB.
This is nonsense.
Yours, VB.
Useful as always.
-Russ.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.