Re: To WEP or not to WEP (WiFi)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCraig White at <-
MCraig White at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: G Gambill
Date:  
To: plug-discuss
New-Topics: Free VPN (was Re: To WEP or not to WEP (WiFi))
Subject: Re: To WEP or not to WEP (WiFi)
> From: Craig White <>
> Date: Tue, 01 Feb 2005 19:21:45 -0700
>
> On Tue, 2005-02-01 at 18:30 -0700, George wrote:
> > Someone posted on this list (I think) a comment that allowed me to infer
> > that WEP in and of it's self is not good enough.
> >
> > The options on the router seem to be:
> > disable (default)
> > WEP
> > 802.1x and RADIUS
> > WPA-PSK
> > WPA
> >
> > What other steps might be well advised in order to "lock down"
> the network?
> >
> > Any comments will be carefully attended to.
> ---
> home or business (wireless AP)?

Home.
>
> how secure do you want it?

Very secure from someone making changes. Not worried about someone
listening.

> ---
> > While I have taken every reasonable precaution to minimize the
> risk of virus
> > transmission through email, I cannot accept liability for any
> damage which
> > you sustain as a result of software viruses.
> >
> > It is the responsibility of the recipient to ensure that they
> have adequate
> > virus protection.
> ---
> is this really necessary?
>

Probably not.

> From: Craig White <>
> Date: Tue, 01 Feb 2005 20:06:30 -0700
>
> On Tue, 2005-02-01 at 19:30 -0700, Donn Shumway wrote:
> > George,
> > I have been experimenting with Wifi on Linux for a few weeks and I
> > have to say I have not had much success (with anything faster than
> > 802.11b with WEP). However, regarding security, my typical steps for
> > securing the connection are:
> > 1) Use WPA-PSK minimum for encryption. If you're on Linux, this may
> > not be possible, so use WEP 128-bit.

Didn't see a WEP 128-bit option. I assume this is the same as simple WEP.

The Linux box (Samba server) joins next week. Does this mean I should not
worry about WPA-PSK? Maybe the Linux box should stay on the switch. I see
no reason why this wouldn't work while still allowing WPA-PSK? Any
thoughts.

> > 2) Set the router's MAC address filtering to only accepts known MAC
> > addresses and deny all others.
> > 3) Do not broadcast your SSID.
> > 4) Change the name of your router. A lot of manufacturers put the
> > router model name in this field, like my Linksys WRT54G. There's no
> > sense telling anyone who does find your network what model your using.
> >
> > I am not an expert, but this has worked pretty well for all the
> > wireless routers I have setup.
> >
> > Does anyone else have any suggestions?
> ---
> of course but he should declare where and how secure.
>
> WEP isn't very secure
> WPA-PSK is better
> a VPN tunnel is even better but you have to set the wireless AP up so it
> denies traffic access to the LAN otherwise - tough for someone to do.

Interesting thought. Is there a free VPN that likes MS and Linux?

>
> If you choose Donn's suggestions above - implement one step at a time
> and make sure your wireless can get there so you aren't chasing all
> possible problems at once...
>

Good point. Very good point!

> i.e.
> start with open - no encryption - and connect

Got that.

> stop ssid broadcast and then connect
> start MAC address filtering and connect
> add WEP encryption keys and connect
> add WPA-PSK encryption keys and connect (WPA not supported on 802.11b -
> need 802.11g)
>

I need to figure each of these out. Might be back with more questions.

> only at last point can you feel as though you have some semblance of
> security (wonder how long it will take to break WPA-PSK?) Breaking WEP
> keys is reportedly a few minutes.
>
> If this is a business - I figure the only safe thing to do is to put
> wireless access on outside of LAN firewall so they can access internet
> and only access LAN via VPN connection.
>

Good point.

FWIW, I am using static IP only. Small network

Each Win box has a Norton Firewall which only accepts certian IP address in.
I haven't found the Win equivelant of host deny all excptt for host allow.
8-(

Craig, thanks

Don, thanks

George


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-i want to help at the install festRe: i want to help at the install fest->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)