Solved

Wireless Security

Posted on 2004-09-01
23
662 Views
Last Modified: 2010-04-11
HI guys,
  I have a wireless router and I am trying to figure out if there is a way i can have a splash screen prompting for a password to get on to the wireless network/ internet.  Basically to ensure that nobody is leeching off of my connection.  Also are there any other methods for securing my wireless G network?
0
Comment
Question by:Devario Johnson
  • 10
  • 7
  • 4
  • +2
23 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957585
does the router have a WEP or WPA option?
0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11957600
yes it does...it is a lynksis
0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11957607
it has wep (wireless G)
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 57

Expert Comment

by:Pete Long
ID: 11957649
tip top

same as mine :) click the link below

http://192.168.1.1

put in the password you set up (username is blank) it you didnt set one up its "admin"
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957665
click wireless change the name of the default SSID from linksys to something else (you will remember)
0
 

Expert Comment

by:dewman03
ID: 11957667
First off,

A login prompt with a username / password will only exist in a EAP 802.1x enviorment. This means that you need an authentication server. Some high end access points have the abality to run their own authentication server. If you dont have a high dollar Cisco Access Point or no authentication server, then I would suggest WP with WPA. WEP has been broken and is not very secure. It will however require all the clients who connect to know the WEP key, so thats kinda like a login. Also, WPA, WPA rides ontop of WEP and alos is KEY based. Again the KEY can be automatically distributed if you have an authentication server, if not, then you have WPA-PSK, which is WPA-PreSharedKey. That is, you give all the client you want to connect your Magic wpa key.

So those are your options for a sudo-password login enviorment. For further security, I would highly recommend MAC address filtering. This will allow you to deny access to everyone except the MAC address you determine acceptable. ALSO, note that if you Turn MAC filtering ON then Add your Ethernet MAC, or you wont be able to Access The Access Point over the Wire.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957675
click the wireless security tab

change the security mode to WEP
set default transmit key to 1
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957685
type in a word (anything) in the passphrase box and click the generate button

write down the FIRST key eg DCB42F63C9 (yours will be different)
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 75 total points
ID: 11957710
click save settings and exit the router

on the PC got to the proerties of the wireless card, or run the setup utility that came with the card

type in the SSID you created earlier, enable WEP and type in the key (64 bit) that you also wrote down earlier

and away you go

0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11957734
cool, I have a Voice over IP telephone appending from one of the ethernet ports in the back of the wireless router...will these setting interfere with that as there is no way for me to go adding information to the vonage box
0
 
LVL 6

Expert Comment

by:JRaster
ID: 11957789
One of these devices will do exactly what you want.  
http://www.dlink.com/products/?pid=173
Its not free though.  
If you want free, NoCat has a linux software you can run on a old box that can do that stuff.  
Basicly its turning your AP into a HotSpot.  
All the above info should be fine for locking down your AP for only you.  
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957798
iWEP applies to wireless only (wireless encryption protocol) your phone is hardwired it wont be affected :)
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 50 total points
ID: 11957818
The SSID isn't hard to get-- it's in clear text inside the wireless frames. So are the MAC addresses of allowed users, and anyone can spoof their MAC- it's right in the properties for the wireless card. So you won't stop someone with a wireless PC and some of the freeware tools out there for breaking into wireless networks. But you'll stop the casual neighbor.

WEP encrypts your data but it's not very secure and also easily broken by the same freeware tools. If you can do rotating WEP keys, do it- as many and as fast as it will let you. The only real security is 802.1x as mentioned by dewman03, which involves centralized authentication and strong encryption.
0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11957863
i wish i had known about all of this b4 i got the router but this is what I have now, I set it so that It only assigns 3 dhcp addresses...I have 3 clients...my pc my roomates laptop and the telephone....wouldnt that be secure ?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11957943
Well, anyone can give themselves a static IP address regardless of DHCP so that won't help. But listen, it's not like everyone is lining up outside your house with a wireless sniffer to abuse your connection. The point was just that you can't absolutely guarantee the security and you should be aware of that. The many suggestions above will help, do whatever you can. If you're doing sensitive stuff and you're still worried, use the wired connection if it's not too inconvenient.

There are people who drive around with a wireless laptop looking for wireless nets they can abuse. But people with the right equipment can listen in on your cell phone conversations too, even if it's digital. It's not likely though.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957950
>>It only assigns 3 dhcp addresses

it can lease up to 252 addresses

the router takes one
you cant use .0 or .255

My http://www.linksys.com/Products/product.asp?grid=33&scid=35&prid=601 is leasing over 30 addresses including this one www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11957965
on the setup page just up the setting that says "maximum number of DHCP users"
0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11958661
no when i said it only assigns 3 dhcp addresses I mean that Is what I set it at to ensure that no more than 3 are given out.  Say if someone has a laptop they borrowed from the school library and just noted that there was activity...this way there will be no activity becasue no more than 3 ip addresses will be issued once the 3 are already filled which they are by my 3 nodes.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11958745
It helps only if someone doesn't just guess that you're using 192.168.1.x or whatever. You still have 250 more addresses that will work- they just have to be statically configured by the user. Again, it won't help much with a hacker...
0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11958867
Under Status>local network>dhcp clients table you can see who all is onthe network is there a way I can see who all is logged on to my router be it dhcp or not?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11958899
If you can view your arp table then you can see all MAC addresses and IP addresses. DHCP doesn't show you who's on the network. It just tells you who has a lease on an IP address. They may not be on at that moment and statically configured IPs won't be there. You may also be able to configure your firewall config to log stuff, and then you could see what IPs are doing some things.

0
 
LVL 5

Author Comment

by:Devario Johnson
ID: 11959478
cool thanks for all the help guys.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11965095
ThanQ
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 NAT to IPv4 27 49
Fiber optic multimode cable issue 6 31
IPSec/L2TP 25 27
How to change the nameserver on Ubuntu Server 6 20
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question