Wireless Security?

Hi there,

I installed a Wireless Belkin Router (G Plus, High Speed Model 7231-4) lat night and was wondering if someone could tell me if the security I have set up is sufficient enough.

I have basically just created a WEP key using the pass phrase i came up with. I was going to turn on the MAC address filtering but wasn't sure as I thought it would be sufficient enough just using the WEP key method...

Is this network secured?
brookbaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shyamkumarreddyCommented:
Mac Filtering is like your house/apartment where you house is available publically but can be accessed with the help of house key which you have it. Similiarly Mac filtering works some time knows or spoof the mac then he can access your network.

WEP Security: Do have combination of Letter and Alphanumeric Phrase so that nobody could predict your phrase and get into your network and I always use this for Home/Personal network.

Hopefully this help you in understanding the security of 2 methods you had asked for.
0
KREDIERSCommented:
WEP encryption is interceptible and can easily be hacked.
It will take a person with bad intentions about 15 to 30 minutes to hack your wep key.
A mac address can also be filtered out of the wireless communication.

Best solution:
Disable SSID Broadcast
Use WPA/PSK or WPA2/PSK (if all your Wireless Clients support it)
Enable Mac Filtering
If you don't have to much machines you can even disable the DHCP on the router and work with fixed IP addresses (Then i also propose to not use the default 192.168.x range. But choose another non standard range).
If your router support VLAN's you can put your own manually assigned ip address in the VLAN with internet access.
The disadvantage is that adding a new wireless devices requires some configuration.
So it all depends on how safe you want to be.
0
arzkaCommented:
As most already told you, you'll never be secure with a wireless connection. This isn't as bad as it may sound at first. I'll try to explain the options and the good and bad sides for each:

1.) Encryption. You can use none -> WEP -> WPA -> WPA2

Real life example: Like with your house, you want to have a lock at the door, so not just anyone can walk in. You probably also want the best available lock. Consider encryption as the lock. If all your equipment supports WPA, use it. WEP is better than nothing, but not much.
Downside: none, if all your equipment supports the encryption you've selected.
Security: all of the encryption methods mentioned can be broken. The better encryption you have, the more time it takes. That's the only difference. If someone wants in, they will get in.

2.) MAC filter.
Real life example: If someone guesses your encryption password, this stops them. Kind of like adding a fingerprint reader to your door's lock - you need a valid fingerprint in addition to key before you're let in. Like people could cut off a person's finger and use that to bypass the fingerprint reader, a MAC address can be faked.
Downsides: adding new equipment to your WLAN is slightly more difficult - you must always remember  to add the MAC address to the list.
Security: stops anyone "accidentally" entering your network even if they guess the password. If someone really wants to get in, it won't stop them.

3.) Disabling SSID Broadcast

Real life example: If you don't advertise your network, it may go unnoticed and keep you safer. If you go to a dangerous part of town, you probably don't talk loudly about the $2000 you're carrying around in cash or display all your nice heavy gold necklaces - you keep quiet, so you don't draw attention. It won't prevent you being robbed, but it makes it less likely. WLAN sniffers can see also networks that don't broadcast the SSID.
Downsides: You must configure every appliance manually since they can't see the network automatically.
Security: Not really anything to do with security unless we're talking about Microsoft kind of security.

4.) Disabling DHCP server / using static IPs

Real life example: If your network doesn't provide any information about itself to someone who might be able to join in, they'll need to work more to figure out how to take advantage of it. Again, using WLAN sniffers they can figure out most of that information themselves, and then it's just a matter or time and trouble, not whether they get in or not.
Downsides: You need to configure all the network settings manually to your machines.
Security: See the previous one.

5.) Running VPN on your local network

You can always run a VPN server on your firewall/DSL gateway assuming it's one that supports it, and allow traffic anywhere only through VPN. Without a VPN client nobody can access your system.
Downsides: You need a VPN server, and VPN clients. You need knowledge of installing the whole system. You need to secure every single computer in your local network so they really are only accessible through VPN and nothing else. All of this might affect your ability to use them outside your own network. Using portable equipment like mobile phones, iPhone, iPod Touch, Nokia N700/N800 series, PSP, game consoles is not possible in the network.
Real life example: NSA headquarters vs. your house.
Security: If you want REAL security, this is what you should be doing in the first place. Then again, in most cases if security is needed this badly, you don't want a WLAN anyway.

I would turn on the WPA security if all your computers/other equipment support it. Feel free to use MAC filters and disable SSID if you want, but I wouldn't go any further than that. If you really need something more, you need to REALLY work on it. The question is: does someone really, REALLY want to break into your network or do you just want to keep your neighbours out? If they do, do you want to give them a chance to do so?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnjcesCommented:
arzka

That was absolutely one of the best overviews of wireless security I have read!

Kudos!

John
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.