Wireless Security

HI guys,
  I have a wireless router and I am trying to figure out if there is a way i can have a splash screen prompting for a password to get on to the wireless network/ internet.  Basically to ensure that nobody is leeching off of my connection.  Also are there any other methods for securing my wireless G network?
LVL 5
Devario JohnsonSoftware EngineerAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
click save settings and exit the router

on the PC got to the proerties of the wireless card, or run the setup utility that came with the card

type in the SSID you created earlier, enable WEP and type in the key (64 bit) that you also wrote down earlier

and away you go

0
 
Pete LongTechnical ConsultantCommented:
does the router have a WEP or WPA option?
0
 
Devario JohnsonSoftware EngineerAuthor Commented:
yes it does...it is a lynksis
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Devario JohnsonSoftware EngineerAuthor Commented:
it has wep (wireless G)
0
 
Pete LongTechnical ConsultantCommented:
tip top

same as mine :) click the link below

http://192.168.1.1

put in the password you set up (username is blank) it you didnt set one up its "admin"
0
 
Pete LongTechnical ConsultantCommented:
click wireless change the name of the default SSID from linksys to something else (you will remember)
0
 
dewman03Commented:
First off,

A login prompt with a username / password will only exist in a EAP 802.1x enviorment. This means that you need an authentication server. Some high end access points have the abality to run their own authentication server. If you dont have a high dollar Cisco Access Point or no authentication server, then I would suggest WP with WPA. WEP has been broken and is not very secure. It will however require all the clients who connect to know the WEP key, so thats kinda like a login. Also, WPA, WPA rides ontop of WEP and alos is KEY based. Again the KEY can be automatically distributed if you have an authentication server, if not, then you have WPA-PSK, which is WPA-PreSharedKey. That is, you give all the client you want to connect your Magic wpa key.

So those are your options for a sudo-password login enviorment. For further security, I would highly recommend MAC address filtering. This will allow you to deny access to everyone except the MAC address you determine acceptable. ALSO, note that if you Turn MAC filtering ON then Add your Ethernet MAC, or you wont be able to Access The Access Point over the Wire.
0
 
Pete LongTechnical ConsultantCommented:
click the wireless security tab

change the security mode to WEP
set default transmit key to 1
0
 
Pete LongTechnical ConsultantCommented:
type in a word (anything) in the passphrase box and click the generate button

write down the FIRST key eg DCB42F63C9 (yours will be different)
0
 
Devario JohnsonSoftware EngineerAuthor Commented:
cool, I have a Voice over IP telephone appending from one of the ethernet ports in the back of the wireless router...will these setting interfere with that as there is no way for me to go adding information to the vonage box
0
 
JRasterCommented:
One of these devices will do exactly what you want.  
http://www.dlink.com/products/?pid=173
Its not free though.  
If you want free, NoCat has a linux software you can run on a old box that can do that stuff.  
Basicly its turning your AP into a HotSpot.  
All the above info should be fine for locking down your AP for only you.  
0
 
Pete LongTechnical ConsultantCommented:
iWEP applies to wireless only (wireless encryption protocol) your phone is hardwired it wont be affected :)
0
 
mikebernhardtConnect With a Mentor Commented:
The SSID isn't hard to get-- it's in clear text inside the wireless frames. So are the MAC addresses of allowed users, and anyone can spoof their MAC- it's right in the properties for the wireless card. So you won't stop someone with a wireless PC and some of the freeware tools out there for breaking into wireless networks. But you'll stop the casual neighbor.

WEP encrypts your data but it's not very secure and also easily broken by the same freeware tools. If you can do rotating WEP keys, do it- as many and as fast as it will let you. The only real security is 802.1x as mentioned by dewman03, which involves centralized authentication and strong encryption.
0
 
Devario JohnsonSoftware EngineerAuthor Commented:
i wish i had known about all of this b4 i got the router but this is what I have now, I set it so that It only assigns 3 dhcp addresses...I have 3 clients...my pc my roomates laptop and the telephone....wouldnt that be secure ?
0
 
mikebernhardtCommented:
Well, anyone can give themselves a static IP address regardless of DHCP so that won't help. But listen, it's not like everyone is lining up outside your house with a wireless sniffer to abuse your connection. The point was just that you can't absolutely guarantee the security and you should be aware of that. The many suggestions above will help, do whatever you can. If you're doing sensitive stuff and you're still worried, use the wired connection if it's not too inconvenient.

There are people who drive around with a wireless laptop looking for wireless nets they can abuse. But people with the right equipment can listen in on your cell phone conversations too, even if it's digital. It's not likely though.
0
 
Pete LongTechnical ConsultantCommented:
>>It only assigns 3 dhcp addresses

it can lease up to 252 addresses

the router takes one
you cant use .0 or .255

My http://www.linksys.com/Products/product.asp?grid=33&scid=35&prid=601 is leasing over 30 addresses including this one www.petenetlive.com
0
 
Pete LongTechnical ConsultantCommented:
on the setup page just up the setting that says "maximum number of DHCP users"
0
 
Devario JohnsonSoftware EngineerAuthor Commented:
no when i said it only assigns 3 dhcp addresses I mean that Is what I set it at to ensure that no more than 3 are given out.  Say if someone has a laptop they borrowed from the school library and just noted that there was activity...this way there will be no activity becasue no more than 3 ip addresses will be issued once the 3 are already filled which they are by my 3 nodes.
0
 
mikebernhardtCommented:
It helps only if someone doesn't just guess that you're using 192.168.1.x or whatever. You still have 250 more addresses that will work- they just have to be statically configured by the user. Again, it won't help much with a hacker...
0
 
Devario JohnsonSoftware EngineerAuthor Commented:
Under Status>local network>dhcp clients table you can see who all is onthe network is there a way I can see who all is logged on to my router be it dhcp or not?
0
 
mikebernhardtCommented:
If you can view your arp table then you can see all MAC addresses and IP addresses. DHCP doesn't show you who's on the network. It just tells you who has a lease on an IP address. They may not be on at that moment and statically configured IPs won't be there. You may also be able to configure your firewall config to log stuff, and then you could see what IPs are doing some things.

0
 
Devario JohnsonSoftware EngineerAuthor Commented:
cool thanks for all the help guys.
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
All Courses

From novice to tech pro — start learning today.