Wireless Encryption program suggestions?

[Fergie]

I just set up our apartment for wireless internet. Loving it so far as my wife and I can use both comps now, and now use the laptop on trips and such.

My concern is though is that I dont have any encryption on the wireless set-up and would like to get some good program suggestions from you guys here.

So please, let me know what it good, and easy to work with, and what I should stay away from.

Thanks

Fergie

 

[GSequoia]

What kind of wireless is it? Every one that I've dealt with had an encryption option from the router, generally they have a web based setup on the router, just plug it's (internal) IP address into a browser and start playing around.

 

[Fergie]

I am using a Belkin wireless router. It is 802.11 b/g, which is pretty standard,from what I have read.

I am using it stand alone right now. The cable outlets, my internet provider is the cable company, are in weird locations. I have a 5100 Surfboard connected to the router, and then my desktop is in the other room, and my wife's laptop is next to that. Hers is brand new, and I just got a wireless cars for mine.

I'll look at the manual and see what all is there, but I didnt remember seeing anything. However, on looking at the box, it saya the router features WPA pre-shared key, WPA(radius server), 128-bit WEP and 64-bit encryption.

I'll get back to you guys in a bit on it.

Fergie

 

[GSequoia]

Little box about 6" x 3" x 1" witha small 4" or so antenna on it? If os that's the same model I have so I can talk you through some setup if you need.

Sequoia

 

[sirmatthew]

I think that just about every router is the same, Just the quality goes up with the price.

And the encryption comes with each router, so yea just look in the manual and you should be fine.

The more bits of encryption you have the more secure the conection will be, but the highter the bits the slower you go.

 

[Fergie]

I just looked at all the info and couldnt find a way to set-up the encryption. i can open the utility up and configure the "belkin54g" network, but I cant figure out the encryption process.

Is there an item on the box i should be looking for, or a key code somewhere?

Fergie

 

[Stick]

It should be under security somewhere. I have a different brand and the encryption is included with the router.

 

[KGNickl]

Go to the windows command prompt (cmd.exe from on the start menu) then type "ipconfig" whatever you ip adress that comes up take that and type it into a web browser. That should bring you up to your wireless routers webbased menu and somewhere should be security. A 64 Bit key is 10 characters long while a 128 bit is something like 20. Just use 64 unless your paranoid. Then when you login on the other PC where the name is you also enter under it the PW you set which is usually just a bunch of numbers and letters mixed. Then read the instructions about all the different password options and different security but I just use WEP w/ a shared key and 1 generic password. Simple but can turn out to be a headache is your not sure what to do.

 

[casm]

My concern is though is that I dont have any encryption on the wireless set-up and would like to get some good program suggestions from you guys here.

My recommendation would be to configure the access point to keep other people off of your network in the first place. To lock your AP down relatively well is pretty easy:

- Turn off SSID broadcast
- Enable WEP at 128-bit (64-bit shouldn't be used anymore unless you have wireless cards that can only handle 64-bit)
- Enable MAC address controls on the AP

This will keep all but the most determined person off of your AP - and really, given the number of fully-open APs out there, it's still likely to be easier to find an open access point and use that rather than spend the time doing the traffic capture and analysis required to crack into yours. Hope this helps.

 

[Fergie]

Okay, so do I use the WAN IP or the regular IP?

Fergie

 

[BillR]

Let me know if you want me to look at it. I just set mine up and locked it down pretty well.

 

[Fergie]

Let me know if you want me to look at it. I just set mine up and locked it down pretty well.

Yeah, that would porbably be the best, but I will most likely call you in a frantic state when I've fraged my comp.

I'm gonna dink around with it today and see what I can get done, and if it doesnt work I'll give you a call. Speaking of calls, I'll be in downtown a little after 1030, so expect one then.

Fergie

 

[RichP]

Yeah, that would porbably be the best, but I will most likely call you in a frantic state when I've fraged my comp.

I'm gonna dink around with it today and see what I can get done, and if it doesnt work I'll give you a call. Speaking of calls, I'll be in downtown a little after 1030, so expect one then.

Fergie

I love it, 'let me screw everything up first before you look at it' :twak: LOL, one of the fastest ways to get me out of the house at nite at like 9pm on a service call are the famous words 'well, I'll play with it tonight and see if I can fix it before you come over in the morning'
:fuse:

 

[casm]

Okay, so do I use the WAN IP or the regular IP?

Hm... Let's make sure we're both applying the terminology in the same ways before getting into it. Out of curiosity, which make and model of router is it?

WAN = your router's connection to your ISP.
LAN = the client machines on your network. This includes both wired and wireless clients.

The changes we're talking about making here effectively pertain to the LAN side, since what we're trying to do is secure the wireless connection from unwanted access. However, they don't affect your IP addresses, just the characteristics of the wireless connection.

Think of it this way: your wireless connection has two basic components (I'm oversimplifying here, but the idea's still valid). One is the radio signal that lets your client machines connect to the AP; the other is the IP address used to identify those machines on your network. To draw an analogy, consider the radio signal equivalent to a telephone line and the IP address equivalent to a telephone number. One (radio signal, phone line) is a medium used to transport your traffic, the other (IP, telephone number) is a method used to identify who that traffic is coming from and where it should go to.

With that in mind, the changes we'll be making effect the radio signal, not the IP addressing of your network. The idea is that by making it as difficult as possible to discover and use the AP's signal, the casual idiot will be discouraged from using your AP and move on.

OK, on to the technical/configuration side.

- Disabling SSID broadcast. Each wireless network is given a name (SSID). By default, the majority of access points broadcast this name along with their signal. This is not good because it's the most basic piece of information needed to associate with (and ultimately connect via) an AP. Really, though, because you know your network's name and can configure your clients directly to use that name, you don't need to tell the whole world about it.

- WEP. This is the method by which your radio traffic is encrypted and is accomplished by sharing a key used to encrypt the traffic with between the AP and the client machines. As long as the keys match, everyone can connect to the AP and send traffic through it. If the keys don't match, the AP rejects the client's attempt to send traffic through it.

Note that WEP does not encrypt your IP traffic, *only* your radio traffic - effectively, it makes the link between the client machines and the AP impractical to eavesdrop on. Having said that, WEP is not the be-all, end-all of wireless security. Given a suitably-determined attacker with enough time and enough captured traffic, your WEP keys can be derived. For this reason, you should only use 128-bit WEP encryption to make this sort of attack as unattractive a prospect as possible.

- MAC address controls. Every ethernet-based network card, wired or wireless, has what's known as a MAC address; each address is specific to each card. By specifying which MAC addresses are allowed to connect to the AP and rejecting all others, you've added another layer of protection against an attacker associating with and connecting through your AP. There are a number of ways of obtaining the MAC address of a wireless card: if you're using PCMCIA cards in a laptop, for example, the MAC address is usually printed on the card itself somewhere. If not, there are other ways of obtaining it; if you can't get the addresses off of the cards themselves, post back and I'll show you how to obtain them.


Now, there's also one other very important thing I forgot to mention initially: management of the AP.

Basically, most access points allow you to manage them from either the WAN or LAN side. If your AP is connected to your ISP via the WAN port, this is bad: pretty much anyone on the Internet can now attempt to log in to and manage it. In most cases (particularly if the administration password hasn't been changed from the factory default), this can lead to an attacker ultimately gaining access to your home network. For this reason, you should set it to *only* allow administration from the LAN side.

And that's about all I have for now... Feel free to let me know if you have any other questions, but seeing as how you've got some folks locally who can help you out you might want to sit down with them and go over the configuration. This stuff's a lot easier to digest when someone's giving you a hands-on demo than trying to explain it over a forum

 

[Fergie]

Thanks for all the help guys. I was able to fix it the way I wanted it too. I am using 128-bit encryption. Also, big thanks to BillR. I am going to configure it so only my wife and I's comps can use the router. I'm gonna do this by making it so only their MAC IDs are allowed.

Thanks for all the help!

Fergie

PS- RichP...screwing with stuff gets you more intimate with how to fix it.

 

[Yucca-Man]

I am going to configure it so only my wife and I's comps can use the router. I'm gonna do this by making it so only their MAC IDs are allowed.

Don't forget that detail if you ever have to change your NIC - it will have a different MAC address and you'll beat your head on the table for awhile before remembering that detail.

 

[Fergie]

One more thing I forgot...how do I get the MAC address?

Cant find them on the cards. Is there a way to do it through the control panel or device manager?

Thanks again for the help.

Fergie

 

[casm]

One more thing I forgot...how do I get the MAC address?

- Go to Start | Run, type 'cmd' (no quotes) and press enter.

- Make sure the wireless card is inserted.

- Type 'ipconfig /all' (again, no quotes) and hit enter.

You'll get some output that looks like this:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For Comple
te PC Management NIC (3C905C-TX)
        Physical Address. . . . . . . . . : 00-04-76-CF-AB-FD
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 127.0.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 127.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.1
                                            10.0.0.2

This is for a wired NIC, but the output will be similar. If more than one NIC is listed, check the description for each one until you find your wireless card.

What you're interested in is what's referred to as the Physical Address above. This is the MAC address, just shown under a different name. Note that your AP may require you to substitute the dashes in the address for colons when entering it - so 00-04-76-CF-AB-FD in the example above would become 00:04:76:CF:AB:FD. Thank Microsoft for deciding to find their own way of doing things again...

 

[Fergie]

That didnt work. It said that the file/path wasnt there.

I am running 98, so would that matter at all?

Fergie

 

[GSequoia]

Win98 you can go to start - run - WINIPCFG, from there you'll be able to find the mac address (might have to tell it to give you more info..I forget, it's been awhile)