Wireless Router - Security though??

Jack_Flash

All,

I just bought myself a wireless router for the house however I have no idea how to set up the security arrangements on it. Can ye help at all?

_CreeD_

Essentially you want to use the best encryption it can handle, WPA2 - WPA - WEP in order of best to pitiful. Check the manual for the router and most likely it will show you how to launch a conifguration wizard (walkthrough) or at least how to log in and set this up (also make absolutely sure you changed the credentials you use to login with....and don't lose them ). You will need to set a network name (SSID), encryption type (above) and a shared key (PSK or Pre Shared Key). When you have that done run through the wireless setup on your client PC and essentially enter the same details and you should be set.
For your pre-shared-key use a long passphrase and change some of the letters to numbers, also interspersing characters helps. e.g. mysupersecurewifi could be ?MySup3rS3cur3W1F1? which is not that much harder to remember and is a LOT tougher to crack. Change this key periodically (say every 3 months or so).

Guvnor

Would I be right in thinking that wireless is by it's nature less secure than a fixed connection?

IIRC I saw a chap on tv saying he would never input his CC details over a wireless system.

FruitLover

Guvnor wrote: »

Would I be right in thinking that wireless is by it's nature less secure than a fixed connection?

IIRC I saw a chap on tv saying he would never input his CC details over a wireless system.

It all depends on the security precautions you take. I'd say the majority of home wireless networks are insecure, but if you're using strong encryption and authentication methods (e.g. running an IPSec VPN client over the wireless link and tunnelling all traffic through that) you're doing well.

PaddyTheNth

_Creed_ wrote:

For your pre-shared-key use a long passphrase and change some of the letters to numbers, also interspersing characters helps. e.g. mysupersecurewifi could be ?MySup3rS3cur3W1F1? which is not that much harder to remember and is a LOT tougher to crack. Change this key periodically (say every 3 months or so).

Make sure that you use a key which is more than 20 characters long.

Do not use WEP...end of story. It can be cracked in a very very short time. As was said, WPA2 is preferable if the router will support it.

I'd be pretty confident that I was secure if I was using WPA/WPA2 with a strong passphrase unless I was a major target like a bank or a major transaction processing facility.

mick.fr

Guvnor wrote: »

Would I be right in thinking that wireless is by it's nature less secure than a fixed connection?

IIRC I saw a chap on tv saying he would never input his CC details over a wireless system.

The media used has no importance. This is the encryption technology that counts.
You could capture network traffic on wired cables if nothing is encrypted.

Diver79

If you want to be extra careful you can also setup MAC address filtering and limit your DHCP pool to the exact amount of Computers that will ever access the network at one time.

A MAC address is the hardware address of your wreless adaptor. It is totally unique to the card. This means that no client is allowed on the network unless its MAC address has been pre-allowed.

Limiting your DHCP pool is like saying I only want to allow x number of computers on the network at any one time.

Most routers will have these settings.

nobodythere

MAC address filtering is pretty easy to get around, since you can change your MAC address someone can try to impersonate you. If you want to be secure: WPA2, random password of 63 characters including symbols and numbers.

WPA can only be bruteforced, though there is a new attack in the works that is currently not secured against: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Weakness_in_TKIP

If your router supports AES instead of TKIP use that

PaddyTheNth

grasshopa wrote: »

WPA can only be bruteforced, though there is a new attack in the works that is currently not secured against: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Weakness_in_TKIP

That vulnerability is negated by using a passphrase of more than 20 characters.

Diver79

Indeed you can clone MAC addresses, though Im not familiar with it. How would a malicious user find out your MAC ddress in order to clone it, or even find out what MAC addresses are filtered?

Conor108

Dont know an awful lot about wifi security but I think another good security measure is having even WPA but being surrounded by WEP networks as I am and most would be in housing estates. If someones wardriving or whatever they're gonna go for networks on WEP with the default eircom123456 SSID:)

nobodythere

Diver79 wrote: »

Indeed you can clone MAC addresses, though Im not familiar with it. How would a malicious user find out your MAC ddress in order to clone it, or even find out what MAC addresses are filtered?

You can detect clients on the network without having the encryption key, they'll show up in kismet/airodump-ng whatever you're using. You can then use macchanger to change your wireless card to their MAC, and either try to deauthenticate them from the network or else wait for them to turn their laptop off etc.