Wireless AP Question

e²Studios

macrumors 68020
Original poster
Apr 12, 2005
2,104
5
I currently have a Cisco Pix sitting as the router/firewall on my network; i do not need a all in one wireless router and WAP conbo deal as i think the routing and firewall portion would be a downgrade from what im currently using now. Currently for Wi-fi i have a Linksys WAP11 and i would like to get a Wireless G Access Point. From what ive seen All the airport bases are router/firewall and access points correct? Is there a WAP that Apple makes that will work with my Cisco gear and only act as a access point and not as a router/firewall? Currently im beginning to think the Linksys WAP54G is probably my best bet but before i went and ordered it i figured i would get some opinions from here.

Thanks
Ed
 

MacTruck

macrumors 65816
Jan 27, 2005
1,242
0
One Endless Loop
Get the Linksys. It is accessible through the web which makes it easy if you have a pc and its cheaper isn't it? I have the WRT54G and I love it.
 

e²Studios

macrumors 68020
Original poster
Apr 12, 2005
2,104
5
MacTruck said:
Get the Linksys. It is accessible through the web which makes it easy if you have a pc and its cheaper isn't it? I have the WRT54G and I love it.
From amazon i believe its $65 for the WAP54G, the cheapest apple one was $199 if i remember right. Is there a big concern to the WAP54G only supporting WEP and not WPA?

Ed
 

MacTruck

macrumors 65816
Jan 27, 2005
1,242
0
One Endless Loop
Dang, thats a big price difference. I use wep and think its secure enough. If someone can hack wep they can hack wpa. I would go with linksys.
 

MacTruck

macrumors 65816
Jan 27, 2005
1,242
0
One Endless Loop
Another feature that the linkys has and maybe the apple has it not sure is the mac address filter (not to be confused with Mac/Apple). Each network card has a MAC address assigned to it. Its like a serial number embedded in. On your router you can assign which addresses are allowed in and this is done in addition to wep. Now you can hack that too by spoofing the mac address and flashing your card with that number but come one, that has to be either the KGB or a really bored teenager that massively hates you. Ofcourse if you are a terrorist then know that the CIA and FBI can hack your system in 2 seconds. :eek:
 

e²Studios

macrumors 68020
Original poster
Apr 12, 2005
2,104
5
MacTruck said:
Another feature that the linkys has and maybe the apple has it not sure is the mac address filter (not to be confused with Mac/Apple). Each network card has a MAC address assigned to it. Its like a serial number embedded in. On your router you can assign which addresses are allowed in and this is done in addition to wep. Now you can hack that too by spoofing the mac address and flashing your card with that number but come one, that has to be either the KGB or a really bored teenager that massively hates you. Ofcourse if you are a terrorist then know that the CIA and FBI can hack your system in 2 seconds. :eek:
I use MAC address filtering atm with my current Linksys AP :) its a great feature to keep the neighbors kids from using my link to search for whatever it is teenagers search for these days... :D

Ed
 

Westside guy

macrumors 603
Oct 15, 2003
5,512
2,463
The soggy side of the Pacific NW
MacTruck said:
Dang, thats a big price difference. I use wep and think its secure enough. If someone can hack wep they can hack wpa. I would go with linksys.
This is absolutely wrong. WEP is intrinsically insecure. The WPA protocol is considered very secure. There have been no known WPA-specific hacks.

The "news" that went around a couple months ago, where someone was saying "this is how WPA can be attacked", turned out to just be a standard dictionary attack. In other words if the password is poorly chosen you can brute force it. This has nothing to do with WPA - it's equally true of any security protocol (UNIX password hashes, SSH, etc.).
 

MacTruck

macrumors 65816
Jan 27, 2005
1,242
0
One Endless Loop
Westside guy said:
This is absolutely wrong. WEP is intrinsically insecure. The WPA protocol is considered very secure. There have been no known WPA-specific hacks.

The "news" that went around a couple months ago, where someone was saying "this is how WPA can be attacked", turned out to just be a standard dictionary attack. In other words if the password is poorly chosen you can brute force it. This has nothing to do with WPA - it's equally true of any security protocol (UNIX password hashes, SSH, etc.).

So you are saying NOBODY could ever hack WPA? Anything written in computer code can be hacked. The fact you think WEP is so insecure is because its been around longer and has had more time for people to crack it. Nothing is foolproof.

Cops use radar to detect speeders, speeders use radar detectors, Air Force uses stealth to fool radar detectors, someone will come out with stealth detector.
 

Westside guy

macrumors 603
Oct 15, 2003
5,512
2,463
The soggy side of the Pacific NW
MacTruck said:
So you are saying NOBODY could ever hack WPA? Anything written in computer code can be hacked. The fact you think WEP is so insecure is because its been around longer and has had more time for people to crack it.
No, WEP is insecure because it was poorly designed. This is very widely know and well documented - do a little research and you'll see what I mean. WEP is intrinsically flawed. It was easily cracked by people who analysed the design of the protocol and showed that it was impossible to make WEP secure.

It's somewhat analogous to the difference between SSH protocol 1 and SSH protocol 2. Of course it's always possible someone will find a flaw in the newer protocol - but it hasn't happened yet. Saying "it might be cracked in the future, so it's no better than this older protocol that is demonstrably broken" is a rather difficult argument to support.
 

superbovine

macrumors 68030
Nov 7, 2003
2,872
0
MacTruck said:
So you are saying NOBODY could ever hack WPA? Anything written in computer code can be hacked. The fact you think WEP is so insecure is because its been around longer and has had more time for people to crack it. Nothing is foolproof.

Cops use radar to detect speeders, speeders use radar detectors, Air Force uses stealth to fool radar detectors, someone will come out with stealth detector.
He was only trying to point out that WPA was specifically designed to replace WEP because of it security flaws. So, yes WEP has been around longer, and was proved insecure so IEEE 802.11 group designed an encryption scheme to fix the flaws called WPA. Yes, it has been around longer, but it had it's design flaws. I am not saying WPA is perfect, but your understanding of the situation is wrong.

http://wifinetnews.com/archives/002594.html
Currently, all 802.11a, b, and g devices support WEP (Wired Equivalent Privacy) encryption which has had flaws and exploits well documented. The ultimate goal is 802.11i, a robust set of security improvements. On the road to 802.11i, the Wi-Fi Alliance has required WPA (Wi-Fi Protected Access), which fixes all of WEP’s problems, is a subset of 802.11i, and which allows full backwards compatibility for most 802.11a and b devices made before 2003.

http://www.nwfusion.com/news/tech/2003/0526techupdate.html

The inadequacy of the Wired Equivalent Privacy protocol has delayed widespread adoption of wireless LANs in many corporations. While most network administrators and end users understand the productivity benefits of cutting the Ethernet cord, most worry about the risk of doing so.

WLANs expose a network and hence, from a security perspective, must be treated like access networks rather than core enterprise networks. When corporate users connect through a LAN switch or hub, there is an assumption that they already are trusted users. IT might or might not use a protocol such as 802.1X or RADIUS for additional authentication.

To help address this gap in WLANs, the IEEE 802.11 Working Group instituted Task Group i to produce a security upgrade for the 802.11 standard. 802.11i is building the standard around 802.1X port-based authentication for user and device authentication. The 802.11i standard, which isn't expected to be complete until later this year, includes two main developments: Wi-Fi Protected Access (WPA) and Robust Security Network (RSN).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.