Which wireless security should I run?

Discussion in 'Mac Basics and Help' started by munckee, Feb 26, 2006.

  1. munckee macrumors 65816

    Joined:
    Oct 27, 2005
    #1
    I got a linksys wireless router yesterday. Setup was a breeze, but I'd like to get the security encryption running. It offers:

    WPA Personal
    WPA Enterprise
    WPA2 Personal
    WPA2 Enterprise
    Radius
    WEP

    Which should I run? Any tips for it? I know one of them requires a "$" in front of the password or something?

    Thanks!
     
  2. prostuff1 macrumors 65816

    prostuff1

    Joined:
    Jul 29, 2005
    Location:
    Don't step into the kawoosh...
    #2
    To be honest i dont know. You could try MAC filtering instead of the password protection...or you could use MAC and password.

    I have a linksys WRT54G v. 3.1 and i have never been able to get the password protection to work. If anyone can help me that would be great also.
     
  3. stevep macrumors 6502a

    stevep

    Joined:
    Oct 13, 2004
    Location:
    UK
    #3
    I don't bother with anything other than MAC address filtering, and hiding the network name just to stop casual passers-by.
     
  4. tivoboy macrumors 68030

    Joined:
    May 15, 2005
    #4
    what is your concern?

    And where do you live?
    If you are concerned with ACCESS then you can turn off the SSID and use MAC address filtering and that will highly limit any casual passersby.

    Are you concerned with the DATA travelling wirelessly over the air and that someone could SNIFF it and decode it and VIEW your data, then you need to ENCRYPT it with an encryption schema: Generally, WPA is fine, WAP2 is better. Start with what you feel is necessary and you are confortable with. All encryption programs will slow perforance a bit.

    The ABOVE items, turning off SSID broadcasting and using MAC address filtering will NOT affect performace at all.

    From there, you could always setup a VPN connection with another computer and use a secure tunnel to transport your data.
     
  5. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #5
    Unless you have a computer you can dedicate as a keyserver, all the ones with Enterprise on the end and the Radius one are out. So it's really just WEP, WPA Personal, or WPA2 Personal. If all your devices support it, just go with WPA2 Personal, and do the MAC filtering. :)
     
  6. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #6
    I would be wary of relying on SSID hiding and MAC filtering for security. Passively sniffing out wireless packets and spoofing a MAC address is not very difficult at all these days, and doesn't take a lot of time at all.

    WEP can be cracked in as little as 15 minutes on a busy network, especially if packet re-injection is used.

    WPA and WPA2 are good choices, as long as you pick a nice strong password. They can still be cracked using dictionary attacks.

    The only trouble I've had with WPA/WPA2 is that attempting to set up a Wireless Distribution System across devices from multiple venders using WPA/WPA2 can be a real pain in the butt, and doesn't always work.
     
  7. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #7
    Some Linksys/AirPort setup advise can be found (deeply buried) in this thread.
     
  8. Spies macrumors regular

    Joined:
    Feb 21, 2006
    Location:
    United Kingdom
    #8
    WEP + MAC + Hidden SSID is quite safe.

    You can't sniff the MAC because of encryption and you can't get a decent sample of data to get the key because you can't get the MAC.
     
  9. whocares macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #9
    Looks like I got all my bases covered then. Phew. :cool:


    I am considering putting aluminium foil all over my walls though, just is case. :eek: :eek: :p
     
  10. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #10
    An interesting and relevant video. Breaking open a WEP network in 10 minutes with KisMac and a Prism-based adaptor.

    link
     
  11. Spies macrumors regular

    Joined:
    Feb 21, 2006
    Location:
    United Kingdom
    #11
    This is why you run MAC filtering aswell, it prevents such attacks occurring.
     
  12. munckee thread starter macrumors 65816

    Joined:
    Oct 27, 2005
    #12
    Thanks guys. Looks like WPA/WPA2 + MAC filtering + SSID is the answer. Now for the next dumb question: How the heck do I set all that up??

    We'll have three Mac's running wirelessly and one PC. I live in NYC, so there are a lot of other networks around and a lot of people who would gladly mooch off our connection as well.
     
  13. briangig macrumors regular

    Joined:
    May 16, 2005
    #13
    what os is the PC running? If I'm not mistaken, XP SP2 is required for WPA2, anything else doesnt support it. As for setting it up, it's pretty straight forward. Any specific questions?
     
  14. munckee thread starter macrumors 65816

    Joined:
    Oct 27, 2005
    #14
    It's my roommate's I'll have to ask him.

    How do I set up the SSID?

    I'm assuming if we have a friend over who wants to jump on our network, we have to go into the router and allow their mac address, etc.

    We may actually not want to do quite so much. We're really just trying to avoid the casual user from borrowing off our network, etc.
     
  15. whocares macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #15
    Yes. However he should be able to just casually plug in with an ethernet cable. Maybe not ideal - but plug'n play. ;)
     
  16. briangig macrumors regular

    Joined:
    May 16, 2005
    #16
    One option is to enable Wireless MAC Filtering. if you have friends coming over, disable it, they will be able to get online no problem. Then when they leave, enable it, it should remember your MAC addresses (my WRT54G did, but I'm running a different firmware).
     
  17. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #17
    For a business or anyone that has info that really needs to be secure, you should use a very good encryption, hide the SSID, MAC filtering, etc, etc.

    For the normal home user, WPA is enough. Anything less is easily breakable. There is no need to use anything else if you turn on WPA. Adding anything else just makes things more of a hassle and doesn't add that much more security.

    WPA is as strong as the password you use. Make it a random, non-easily guessed password, and you'll be perfectly fine.
     
  18. imac abuser macrumors 6502a

    imac abuser

    Joined:
    Mar 1, 2004
    #18
    I would say dependent on where you live. I live on 10 acres in the middle of no where i dont use any encryption lol. But if you live in an apartment building or something just use the 64 bit encryption using the wep key last 10 of the mac address and your all set. If your uber paranoid block the ssid from broadcasting but dont trip.. It's cool to have people see your name they cant get on your network, and you can pull reports on your firewall with linksys if you think someone is attacking you.

    Chris
     
  19. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #19
    Not necessarily. The very weakness exploited in WEP that makes it easy to crack is the fact that it will transmit cleartext (unencrypted) IV packets over the network.

    All one needs to do is passively collect these packets, break the encryption, identify a valid MAC address on the network, and then spoof it.

    See here for a demonstration of cracking a WEP + Hidden SSID + MAC filtered wireless network.
     
  20. superbovine macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #20
    I always like helping people like you, first you try and understand the concept then you ask how to do it. it always easier to help these people.

    your linksys router should have come with a manual, I'd suggest you read it to setup wpa. it is pretty straight forward. usually linksys router can connect via a web browser http://192.168.1.1. Some linksys router don't like safari so I would suggest firefox. The default login is usually admin/admin. I would suggest if wireless isn't enable you connect via a straight cable to setup the router. After it is setup, you just select the wireless icon on the top right and select "other". After type in your network ssid which which should be viewable because you hide it then select your encryption type and password.

    On the XP machine the support section of linksys.com has a wizard that will walk you through it step by step. It will depend heavily on the wireless card drivers and the support software on the XP machine. some wireless card have a special program to configure it, and others you just configure in the driver config menus.

    btw change the admin/admin thing ;)
     

Share This Page