One of my subscribers and readers had a few wireless questions recently:
Yesterday, I installed a Linksys WRT54g router and have it working with the base computer by wire and distant desktop computer with a wireless adapter.
I have a lot of questions about networking as I find it very confusing, but
in this email will only ask about Security.
In the process of setting up the network, I had to push a button on the
front of the router that started a process “called setting up security”.
When finished, it said my network had WPA Personal security and gave me some numbers, etc.
Question 1: Is this security sufficient to keep neighbors from using my
system? Or do I need to go through the Security process to set up the only MAC addresses that will be accepted.
I answered that he should do the MAC address filtering also. WPA is crackable. Of course, MAC addresses are broadcast in the clear, so someone trying to crack can eventually figure out what the mac addresses are — given enough traffic.
Also, I told him to turn off “SSID Broadcast.”
Read my article at www.terryscomputertips.com/computers/wireless-security.php — there are some other issues you need to handle too, especially if you have a notebook.
In a followup message, things were headed the wong way:
Report on Security Setup. Terry, I tried to follow the directions from Linksys KB but when I got into the Router I found screens looked a bit different. After several tries of entering the MAC address that I wanted to be recognized, that computer would not connect to the internet. As a last resort I called Linksys hotline and talked to a female tech in India. It was so difficult to understand her it seemed we would never get the problem solved. It turned out that I had everything entered correctly, it was just that the Realtek adapter from CompUSA would not accept the Wireless Security mode WEP, so I had to disable it and have no security mode selected.
Question 1: If I have the system set to only accept the MAC of my wireless
computer, is disabling WEP a serious problem?
My answer was simple and straight forward — Yes. Take the wireless card back and get a card that will do WPA, if you’ve got XP on the machine. MAC addresses are broadcast in the clear either way.
With a windows box and wireless, with wireless set in “promiscuous mode” (where it listens to messages to other machines, too), several programs can trap your signal and display it in plain text for whomever is running them.
Combine that with email passwords and domain names in plain text — and you’ve given away everything but your credit cards and bank info. Hopefully you are using good SSL secure connections on them — they’ll take a couple days for the average computer to crack.
Get rid of that particular wireless card. Get Encryption — and WPA is better than WEP. WPA2 is even better.
Question 2: In the various attempts to get the wireless computer to work, I toggled between Enable and Disable of the SSID that was suggested to be disabled. It is now in Enable mode. What does SSID do and should I still disable it?
You are not disabling the SSID — it is necessary to identify the network. You are disabling “Broadcasting” of it — so that the only computers that _know_about_ your_SSID_ can find it.
Again, the next level hacker can send a query to get a SSID response, but the average home person won’t see it.