[Webinar] Streamline your web hosting managementRegister Today


Wireless Security?

Posted on 2008-02-07
Medium Priority
Last Modified: 2013-11-12
Hi there,

I installed a Wireless Belkin Router (G Plus, High Speed Model 7231-4) lat night and was wondering if someone could tell me if the security I have set up is sufficient enough.

I have basically just created a WEP key using the pass phrase i came up with. I was going to turn on the MAC address filtering but wasn't sure as I thought it would be sufficient enough just using the WEP key method...

Is this network secured?
Question by:brookba

Expert Comment

ID: 20839416
Mac Filtering is like your house/apartment where you house is available publically but can be accessed with the help of house key which you have it. Similiarly Mac filtering works some time knows or spoof the mac then he can access your network.

WEP Security: Do have combination of Letter and Alphanumeric Phrase so that nobody could predict your phrase and get into your network and I always use this for Home/Personal network.

Hopefully this help you in understanding the security of 2 methods you had asked for.

Expert Comment

ID: 20839623
WEP encryption is interceptible and can easily be hacked.
It will take a person with bad intentions about 15 to 30 minutes to hack your wep key.
A mac address can also be filtered out of the wireless communication.

Best solution:
Disable SSID Broadcast
Use WPA/PSK or WPA2/PSK (if all your Wireless Clients support it)
Enable Mac Filtering
If you don't have to much machines you can even disable the DHCP on the router and work with fixed IP addresses (Then i also propose to not use the default 192.168.x range. But choose another non standard range).
If your router support VLAN's you can put your own manually assigned ip address in the VLAN with internet access.
The disadvantage is that adding a new wireless devices requires some configuration.
So it all depends on how safe you want to be.

Accepted Solution

arzka earned 2000 total points
ID: 20840861
As most already told you, you'll never be secure with a wireless connection. This isn't as bad as it may sound at first. I'll try to explain the options and the good and bad sides for each:

1.) Encryption. You can use none -> WEP -> WPA -> WPA2

Real life example: Like with your house, you want to have a lock at the door, so not just anyone can walk in. You probably also want the best available lock. Consider encryption as the lock. If all your equipment supports WPA, use it. WEP is better than nothing, but not much.
Downside: none, if all your equipment supports the encryption you've selected.
Security: all of the encryption methods mentioned can be broken. The better encryption you have, the more time it takes. That's the only difference. If someone wants in, they will get in.

2.) MAC filter.
Real life example: If someone guesses your encryption password, this stops them. Kind of like adding a fingerprint reader to your door's lock - you need a valid fingerprint in addition to key before you're let in. Like people could cut off a person's finger and use that to bypass the fingerprint reader, a MAC address can be faked.
Downsides: adding new equipment to your WLAN is slightly more difficult - you must always remember  to add the MAC address to the list.
Security: stops anyone "accidentally" entering your network even if they guess the password. If someone really wants to get in, it won't stop them.

3.) Disabling SSID Broadcast

Real life example: If you don't advertise your network, it may go unnoticed and keep you safer. If you go to a dangerous part of town, you probably don't talk loudly about the $2000 you're carrying around in cash or display all your nice heavy gold necklaces - you keep quiet, so you don't draw attention. It won't prevent you being robbed, but it makes it less likely. WLAN sniffers can see also networks that don't broadcast the SSID.
Downsides: You must configure every appliance manually since they can't see the network automatically.
Security: Not really anything to do with security unless we're talking about Microsoft kind of security.

4.) Disabling DHCP server / using static IPs

Real life example: If your network doesn't provide any information about itself to someone who might be able to join in, they'll need to work more to figure out how to take advantage of it. Again, using WLAN sniffers they can figure out most of that information themselves, and then it's just a matter or time and trouble, not whether they get in or not.
Downsides: You need to configure all the network settings manually to your machines.
Security: See the previous one.

5.) Running VPN on your local network

You can always run a VPN server on your firewall/DSL gateway assuming it's one that supports it, and allow traffic anywhere only through VPN. Without a VPN client nobody can access your system.
Downsides: You need a VPN server, and VPN clients. You need knowledge of installing the whole system. You need to secure every single computer in your local network so they really are only accessible through VPN and nothing else. All of this might affect your ability to use them outside your own network. Using portable equipment like mobile phones, iPhone, iPod Touch, Nokia N700/N800 series, PSP, game consoles is not possible in the network.
Real life example: NSA headquarters vs. your house.
Security: If you want REAL security, this is what you should be doing in the first place. Then again, in most cases if security is needed this badly, you don't want a WLAN anyway.

I would turn on the WPA security if all your computers/other equipment support it. Feel free to use MAC filters and disable SSID if you want, but I wouldn't go any further than that. If you really need something more, you need to REALLY work on it. The question is: does someone really, REALLY want to break into your network or do you just want to keep your neighbours out? If they do, do you want to give them a chance to do so?
LVL 18

Expert Comment

ID: 20842442

That was absolutely one of the best overviews of wireless security I have read!



Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question