Solved

Wireless Security

Posted on 2004-09-01
23
661 Views
Last Modified: 2010-04-11
HI guys,
  I have a wireless router and I am trying to figure out if there is a way i can have a splash screen prompting for a password to get on to the wireless network/ internet.  Basically to ensure that nobody is leeching off of my connection.  Also are there any other methods for securing my wireless G network?
0
Comment
Question by:Devario Johnson
  • 10
  • 7
  • 4
  • +2
23 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
does the router have a WEP or WPA option?
0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
yes it does...it is a lynksis
0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
it has wep (wireless G)
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
tip top

same as mine :) click the link below

http://192.168.1.1

put in the password you set up (username is blank) it you didnt set one up its "admin"
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
click wireless change the name of the default SSID from linksys to something else (you will remember)
0
 

Expert Comment

by:dewman03
Comment Utility
First off,

A login prompt with a username / password will only exist in a EAP 802.1x enviorment. This means that you need an authentication server. Some high end access points have the abality to run their own authentication server. If you dont have a high dollar Cisco Access Point or no authentication server, then I would suggest WP with WPA. WEP has been broken and is not very secure. It will however require all the clients who connect to know the WEP key, so thats kinda like a login. Also, WPA, WPA rides ontop of WEP and alos is KEY based. Again the KEY can be automatically distributed if you have an authentication server, if not, then you have WPA-PSK, which is WPA-PreSharedKey. That is, you give all the client you want to connect your Magic wpa key.

So those are your options for a sudo-password login enviorment. For further security, I would highly recommend MAC address filtering. This will allow you to deny access to everyone except the MAC address you determine acceptable. ALSO, note that if you Turn MAC filtering ON then Add your Ethernet MAC, or you wont be able to Access The Access Point over the Wire.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
click the wireless security tab

change the security mode to WEP
set default transmit key to 1
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
type in a word (anything) in the passphrase box and click the generate button

write down the FIRST key eg DCB42F63C9 (yours will be different)
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 75 total points
Comment Utility
click save settings and exit the router

on the PC got to the proerties of the wireless card, or run the setup utility that came with the card

type in the SSID you created earlier, enable WEP and type in the key (64 bit) that you also wrote down earlier

and away you go

0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
cool, I have a Voice over IP telephone appending from one of the ethernet ports in the back of the wireless router...will these setting interfere with that as there is no way for me to go adding information to the vonage box
0
 
LVL 6

Expert Comment

by:JRaster
Comment Utility
One of these devices will do exactly what you want.  
http://www.dlink.com/products/?pid=173
Its not free though.  
If you want free, NoCat has a linux software you can run on a old box that can do that stuff.  
Basicly its turning your AP into a HotSpot.  
All the above info should be fine for locking down your AP for only you.  
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
iWEP applies to wireless only (wireless encryption protocol) your phone is hardwired it wont be affected :)
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 50 total points
Comment Utility
The SSID isn't hard to get-- it's in clear text inside the wireless frames. So are the MAC addresses of allowed users, and anyone can spoof their MAC- it's right in the properties for the wireless card. So you won't stop someone with a wireless PC and some of the freeware tools out there for breaking into wireless networks. But you'll stop the casual neighbor.

WEP encrypts your data but it's not very secure and also easily broken by the same freeware tools. If you can do rotating WEP keys, do it- as many and as fast as it will let you. The only real security is 802.1x as mentioned by dewman03, which involves centralized authentication and strong encryption.
0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
i wish i had known about all of this b4 i got the router but this is what I have now, I set it so that It only assigns 3 dhcp addresses...I have 3 clients...my pc my roomates laptop and the telephone....wouldnt that be secure ?
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Well, anyone can give themselves a static IP address regardless of DHCP so that won't help. But listen, it's not like everyone is lining up outside your house with a wireless sniffer to abuse your connection. The point was just that you can't absolutely guarantee the security and you should be aware of that. The many suggestions above will help, do whatever you can. If you're doing sensitive stuff and you're still worried, use the wired connection if it's not too inconvenient.

There are people who drive around with a wireless laptop looking for wireless nets they can abuse. But people with the right equipment can listen in on your cell phone conversations too, even if it's digital. It's not likely though.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
>>It only assigns 3 dhcp addresses

it can lease up to 252 addresses

the router takes one
you cant use .0 or .255

My http://www.linksys.com/Products/product.asp?grid=33&scid=35&prid=601 is leasing over 30 addresses including this one www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
on the setup page just up the setting that says "maximum number of DHCP users"
0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
no when i said it only assigns 3 dhcp addresses I mean that Is what I set it at to ensure that no more than 3 are given out.  Say if someone has a laptop they borrowed from the school library and just noted that there was activity...this way there will be no activity becasue no more than 3 ip addresses will be issued once the 3 are already filled which they are by my 3 nodes.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
It helps only if someone doesn't just guess that you're using 192.168.1.x or whatever. You still have 250 more addresses that will work- they just have to be statically configured by the user. Again, it won't help much with a hacker...
0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
Under Status>local network>dhcp clients table you can see who all is onthe network is there a way I can see who all is logged on to my router be it dhcp or not?
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
If you can view your arp table then you can see all MAC addresses and IP addresses. DHCP doesn't show you who's on the network. It just tells you who has a lease on an IP address. They may not be on at that moment and statically configured IPs won't be there. You may also be able to configure your firewall config to log stuff, and then you could see what IPs are doing some things.

0
 
LVL 5

Author Comment

by:Devario Johnson
Comment Utility
cool thanks for all the help guys.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
ThanQ
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now