Securing my home wireless network
Started by
Lhart919
, Apr 06 2008 07:55 PM
#1
Posted 06 April 2008 - 07:55 PM
Lhart919
-
- Member
-
- 3 posts
New Member
#2
Posted 06 April 2008 - 09:37 PM
lavagolemking
-
- Member
-
- 282 posts
Member
From a computer connected directly (by a cable) to the modem, I'd go to http://192.168.0.1/ (or something similar) in Internet Explorer, Firefox, or whatever you use to look at web pages in, to edit the settings. You should get asked for a user name and password. Enter admin for the user name, and leave the password field blank. If that doesn't work, try resetting the router. It should have a button labeled "reset" on the back somewhere, but if not, unplug it for a few seconds and plug it back in. You should see some settings in a web interface when you properly load the page. They may vary depending on the version of router you use, but look for the router's basic security settings. You should see an option for either WPA personal, or PSK. Select either one of those, and create a strong password. I normally don't suggest writing down passwords, but if it's the neighbors you're worried about, then taping a password to the router would make it inaccessible to them (as long as they're not in your house) but accessible to anyone in the house, which is what I'm guessing you want.
It is important not to use WEP or MAC filtering, if that is displayed as an option. Both of these are easily broken into by setting up a computer to simply listen to and analyze everything going into and out of it (since it is over the radio after all). WPA patches the known vulnerabilities of WEP, and MAC filtering doesn't get you very far to begin with. If you don't find anything else other than these settings, then it should keep them out, or at least give them an unwelcoming message when their machines are blacklisted, even if they are able to break in.
If you set a WPA (linksys routers sometimes call it PSK) mode network, then you neighbors would still see the network name (probably linksys), with a padlock by it, but that is all they would see. If they tried to monitor what went on, they would see a bunch of senseless gibberish (the traffic is encrypted) and in order to connect, or do anything else meaningful, they would need a copy of your password, or encryption key.
Note to mods: I didn't find any rules against posting advice here without approval/training, but I'm not perfect. If I am out of line (or made a mistake), please kindly delete my post and send me a private message so I know not to do it again, then accept my apologies. Thank you.
It is important not to use WEP or MAC filtering, if that is displayed as an option. Both of these are easily broken into by setting up a computer to simply listen to and analyze everything going into and out of it (since it is over the radio after all). WPA patches the known vulnerabilities of WEP, and MAC filtering doesn't get you very far to begin with. If you don't find anything else other than these settings, then it should keep them out, or at least give them an unwelcoming message when their machines are blacklisted, even if they are able to break in.
If you set a WPA (linksys routers sometimes call it PSK) mode network, then you neighbors would still see the network name (probably linksys), with a padlock by it, but that is all they would see. If they tried to monitor what went on, they would see a bunch of senseless gibberish (the traffic is encrypted) and in order to connect, or do anything else meaningful, they would need a copy of your password, or encryption key.
Note to mods: I didn't find any rules against posting advice here without approval/training, but I'm not perfect. If I am out of line (or made a mistake), please kindly delete my post and send me a private message so I know not to do it again, then accept my apologies. Thank you.
#3
Posted 06 April 2008 - 10:05 PM
John Hook
-
- Member
-
- 165 posts
Member
Lhart919,
I completely agree with lavagolemking's advice. You need to set up wireless security on your router if you want to block others from accessing your home's WiFi network. I would disagree with in the the average user probably wouldn't be able to get past WEP or MAC filtering - as EITHER of these would be MUCH better than NO security configured on your router (as currently is LIKELY the case).
If you're NOT technical and don't understand WPA from WEP from WHATEVER, I would use the disc that came with your router. If you insert this disc in your PC, it should walk you through a configuration wizard that will allow you configure SOME kind of wireless security (which is BETTER than NONE - which is what you currently have).
This is a good starting point. If you still need help - reply back to this post and someone should be able to offer you assistance. Also, you might want to check out the tech support pages on your router's website. Go to:
http://www.linksys.c...d=3731477881L02
Pick the picture/model of your product from this page - and you should be able to find step-by-step instructions for securing your router.
- John Hook
I completely agree with lavagolemking's advice. You need to set up wireless security on your router if you want to block others from accessing your home's WiFi network. I would disagree with in the the average user probably wouldn't be able to get past WEP or MAC filtering - as EITHER of these would be MUCH better than NO security configured on your router (as currently is LIKELY the case).
If you're NOT technical and don't understand WPA from WEP from WHATEVER, I would use the disc that came with your router. If you insert this disc in your PC, it should walk you through a configuration wizard that will allow you configure SOME kind of wireless security (which is BETTER than NONE - which is what you currently have).
This is a good starting point. If you still need help - reply back to this post and someone should be able to offer you assistance. Also, you might want to check out the tech support pages on your router's website. Go to:
http://www.linksys.c...d=3731477881L02
Pick the picture/model of your product from this page - and you should be able to find step-by-step instructions for securing your router.
- John Hook
#4
Posted 07 April 2008 - 12:02 AM
lavagolemking
-
- Member
-
- 282 posts
Member
Sorry. I left out a sentence from my original post. I meant to say use WEP/MAC filtering if and only if you can't find WPA, and then your neighbors should see the WEP encryption as a sign they aren't welcome, if nothing else. That way, if they can break into that, they will at least know you don't want them there.
John Hook, how would they use a CD to configure the security settings? I have yet to see a router with a driver CD. I've seen networking accessories that plug directly into the computer with driver CDs, but most routers I know of are configured over a local network connection in a web interface, which is why I mentioned the local IP. Correct me if I'm wrong, of course.
Most people I have spoken to (including my ISP's "head technician") don't even know what any of those terms are, so they'll probably see a password prompt, guess a few birthdays and names they might have overheard, then try someone else's network, if that. I am strongly recommending WPA because of flaws in the design of WEP, which mean many serious security flaws. If your neighbors are tech savvy, WEP is going to be comparable to putting a sticky note on your door saying "keep out". If they're like the majority out there, they will click "search", see your network, see a padlock, not know what all the computer talk means, and give up.
Anyway, best explain what they all these terms are, so the user isn't completely lost. I always try to explain things to clients, as it gets you better reviews, compliance, and maybe trust if that's an issue.
WEP - "Wired Equivalent Protection" was the original wireless encryption protocol. This was implemented by someone who meant well, but wasn't a security expert, so while the cypher wasn't bad, it had a number of instances where the cypher was misused and an attacker could thus break the code. In modern times, this can be done in a couple of minutes.
WPA - "Wi-fi Protected Access" is one of the current standards for wireless security. It patches all the known flaws in WEP and offers considerable security. Most effective way of breaking it is a dictionary attack (guessing common names, words, birthdays, etc.) so if you use a password like Q0L4fbml9dyfBazfGPTQDaZvBsSQhyKnA45FfDRPlk0gL2QFdTPgB8BDTiW7ka2, which doesn't appear in very many dictionaries, then nobody is going to connect to your network by any reasonable means. An improved version is known as WPA2, but WPA is sufficient for most cases, and some computers have trouble connecting to WPA2.
MAC filtering - The piece of the computer that connects to the internet over wireless (or otherwise) has what is called a MAC address. It can be thought of as a sort of a serial number, but it can be spoofed. If you only implemented MAC filtering, in effect blocking their machines, they could set one up to listen to the traffic and take the "serial number" from another machine, in effect saying they are one of the computers you have to get in.
PSK - Pre-Shared Key is a passphrase that you enter to connect to a WPA network on a home network (don't worry about other types of WPA). This is a key (password) that is shared by everyone in thee house to connect to the network. It's ok in your situation considering what you're aiming to do, since you're a family and can trust eachother not to share the key with other people.
SSID - I didn't mention this earlier, but this is the name your network is listed as. It's default name would be linksys, but you could change it to something like "______'s Living Room" and it would appear as such in the list of available networks. You can also hide it in some routers, so it doesn't show up in the list, but that's vulnerable to the same type of attack as MAC filtering, in which someone only has to overhear a tiny bit of radio noise from the router/computer and they can see what the network name is.
Encryption is basically a special code that 2 computers use to hide messages from eavesdroppers. For this encryption, you enter your passphrase, which is plugged into a complex mathematical formula to encode/decode messages between computers. I'm not sure about the audience here, so I thought I should mention this term as well.
All of this said, nearly any of these will keep your neighbors out if they don't know very much about computers. If they do, then all of them combined (except WPA/WPA2/PSK/PSK2) will do nothing, and WPA will keep them out, which it will in either case. For this reason, I recommend WPA (or PSK if it says that), and only suggest one of the alternate means if you can't enable WPA (such as with an old router).
John Hook, how would they use a CD to configure the security settings? I have yet to see a router with a driver CD. I've seen networking accessories that plug directly into the computer with driver CDs, but most routers I know of are configured over a local network connection in a web interface, which is why I mentioned the local IP. Correct me if I'm wrong, of course.
Most people I have spoken to (including my ISP's "head technician") don't even know what any of those terms are, so they'll probably see a password prompt, guess a few birthdays and names they might have overheard, then try someone else's network, if that. I am strongly recommending WPA because of flaws in the design of WEP, which mean many serious security flaws. If your neighbors are tech savvy, WEP is going to be comparable to putting a sticky note on your door saying "keep out". If they're like the majority out there, they will click "search", see your network, see a padlock, not know what all the computer talk means, and give up.
Anyway, best explain what they all these terms are, so the user isn't completely lost. I always try to explain things to clients, as it gets you better reviews, compliance, and maybe trust if that's an issue.
WEP - "Wired Equivalent Protection" was the original wireless encryption protocol. This was implemented by someone who meant well, but wasn't a security expert, so while the cypher wasn't bad, it had a number of instances where the cypher was misused and an attacker could thus break the code. In modern times, this can be done in a couple of minutes.
WPA - "Wi-fi Protected Access" is one of the current standards for wireless security. It patches all the known flaws in WEP and offers considerable security. Most effective way of breaking it is a dictionary attack (guessing common names, words, birthdays, etc.) so if you use a password like Q0L4fbml9dyfBazfGPTQDaZvBsSQhyKnA45FfDRPlk0gL2QFdTPgB8BDTiW7ka2, which doesn't appear in very many dictionaries, then nobody is going to connect to your network by any reasonable means. An improved version is known as WPA2, but WPA is sufficient for most cases, and some computers have trouble connecting to WPA2.
MAC filtering - The piece of the computer that connects to the internet over wireless (or otherwise) has what is called a MAC address. It can be thought of as a sort of a serial number, but it can be spoofed. If you only implemented MAC filtering, in effect blocking their machines, they could set one up to listen to the traffic and take the "serial number" from another machine, in effect saying they are one of the computers you have to get in.
PSK - Pre-Shared Key is a passphrase that you enter to connect to a WPA network on a home network (don't worry about other types of WPA). This is a key (password) that is shared by everyone in thee house to connect to the network. It's ok in your situation considering what you're aiming to do, since you're a family and can trust eachother not to share the key with other people.
SSID - I didn't mention this earlier, but this is the name your network is listed as. It's default name would be linksys, but you could change it to something like "______'s Living Room" and it would appear as such in the list of available networks. You can also hide it in some routers, so it doesn't show up in the list, but that's vulnerable to the same type of attack as MAC filtering, in which someone only has to overhear a tiny bit of radio noise from the router/computer and they can see what the network name is.
Encryption is basically a special code that 2 computers use to hide messages from eavesdroppers. For this encryption, you enter your passphrase, which is plugged into a complex mathematical formula to encode/decode messages between computers. I'm not sure about the audience here, so I thought I should mention this term as well.
All of this said, nearly any of these will keep your neighbors out if they don't know very much about computers. If they do, then all of them combined (except WPA/WPA2/PSK/PSK2) will do nothing, and WPA will keep them out, which it will in either case. For this reason, I recommend WPA (or PSK if it says that), and only suggest one of the alternate means if you can't enable WPA (such as with an old router).
#5
Posted 07 April 2008 - 01:55 AM
John Hook
-
- Member
-
- 165 posts
Member
lavagolemking,
I agree complely with you that a tech or hacker who knows what they are doing can probably HACK through anyone of these WiFi security measures we've discussed here. All of that said - ANYTHING - is better than NO SECURITY - i.e. OPEN wireless router with NO security and default MFG's SID.
The LinkSys wireless routers that I've purchased have ALL come with a Windows CD that offers wizards which offer user-friendly, non-technical configuration of sed LinkSys routers - assuming it's a new device with the DEFAULT admin password. For NON-TECHY users, this CD/Wizard is helpful in enabling at least SOME level of Wireless security on the router in question.
I only offered this as a solution to the original users post as we cannot assume that the user is technical enough to access their router via HTTP, log in, navigate and configure wireless security on this device via the devices HTTP/Web interface. Linksys understands this, which is why the CD that ships with their router offers a user-friendly "wizzard" solution for end-users to configure their routers. All the user should need to do is insert the Install CD in their CD drive and the Wizard should take them through basic as well as advanced Wireless security configuration - WITHOUT the user requiring all of the technical details of WPA, WEP or other WiFi security protocols.
LinkSys users can go to:
http://www.geekstogo...1-to193947.html
From there, select the product that they own - then navigate their product's support options.
I don't say this to challenge your concerns about WiFi security - but rather, to provide user-friendly tech support to a user who may not understand how to log into their router or the details of their choices in WiFi security options.
- John Hook
I agree complely with you that a tech or hacker who knows what they are doing can probably HACK through anyone of these WiFi security measures we've discussed here. All of that said - ANYTHING - is better than NO SECURITY - i.e. OPEN wireless router with NO security and default MFG's SID.
The LinkSys wireless routers that I've purchased have ALL come with a Windows CD that offers wizards which offer user-friendly, non-technical configuration of sed LinkSys routers - assuming it's a new device with the DEFAULT admin password. For NON-TECHY users, this CD/Wizard is helpful in enabling at least SOME level of Wireless security on the router in question.
I only offered this as a solution to the original users post as we cannot assume that the user is technical enough to access their router via HTTP, log in, navigate and configure wireless security on this device via the devices HTTP/Web interface. Linksys understands this, which is why the CD that ships with their router offers a user-friendly "wizzard" solution for end-users to configure their routers. All the user should need to do is insert the Install CD in their CD drive and the Wizard should take them through basic as well as advanced Wireless security configuration - WITHOUT the user requiring all of the technical details of WPA, WEP or other WiFi security protocols.
LinkSys users can go to:
http://www.geekstogo...1-to193947.html
From there, select the product that they own - then navigate their product's support options.
I don't say this to challenge your concerns about WiFi security - but rather, to provide user-friendly tech support to a user who may not understand how to log into their router or the details of their choices in WiFi security options.
- John Hook
#6
Posted 07 April 2008 - 02:43 AM
lavagolemking
-
- Member
-
- 282 posts
Member
I didn't think you were challenging my concerns, but just thought I should emphasize them. WPA/WEP should (I think) be in roughly the same place. Pretty much anything mentioned would keep a typical user away (except maybe MAC filtering, as they ponder over why they can't connect and keep trying).
I didn't know linksys gave that CD out. A friend of mine had all sorts of problems with routers, so I'd go over and configure it over the HTTP interface and make sure it was WPA2 with all owned machines connecting before I left. I've never configured a router in any fashion other than a web interface, so that's what I was walking the user through. Yes, WEP is better than nothing. How much better depends on who you ask, but it should be sufficient for this purpose. I always tell people to use WPA if they don't want intruders/spies, and leave it completely open if they want to share bandwidth.
User friendly is normally best, and under the assumption that the web interface was the easiest (and only) option, I took that approach. Then I added my usual preach about WPA, since the user should probably turn on WPA while they're at it. Sorry for all the confusion.
I didn't know linksys gave that CD out. A friend of mine had all sorts of problems with routers, so I'd go over and configure it over the HTTP interface and make sure it was WPA2 with all owned machines connecting before I left. I've never configured a router in any fashion other than a web interface, so that's what I was walking the user through. Yes, WEP is better than nothing. How much better depends on who you ask, but it should be sufficient for this purpose. I always tell people to use WPA if they don't want intruders/spies, and leave it completely open if they want to share bandwidth.
User friendly is normally best, and under the assumption that the web interface was the easiest (and only) option, I took that approach. Then I added my usual preach about WPA, since the user should probably turn on WPA while they're at it. Sorry for all the confusion.
#7
Posted 07 April 2008 - 06:05 PM
John Hook
-
- Member
-
- 165 posts
Member
lavagolemking,
I think we're on the same page as far as our concerns about WiFi security.
Most end-users out there probably won't know the difference between WEP or WPA nor would they know a MAC filter from a Big MAC. If you don't know the different between all of those security options, having access the the router's built-in HTTP-based config screens probably won't help much either. ALL of that said, MOST consumer routers come with install/configuration wizards on the CDs that ship with their products which walk the user through configuring seucurity on their routers step-by-step. If not, these routers ship with step-by-step instructions and/or links to step-by-step instructions for configuring the router (including security) on their support websites.
Without knowing the level of technical skills of the user I'm replying to, I always try to offer the most straight-forward, solution possible.
- John
I think we're on the same page as far as our concerns about WiFi security.
Most end-users out there probably won't know the difference between WEP or WPA nor would they know a MAC filter from a Big MAC. If you don't know the different between all of those security options, having access the the router's built-in HTTP-based config screens probably won't help much either. ALL of that said, MOST consumer routers come with install/configuration wizards on the CDs that ship with their products which walk the user through configuring seucurity on their routers step-by-step. If not, these routers ship with step-by-step instructions and/or links to step-by-step instructions for configuring the router (including security) on their support websites.
Without knowing the level of technical skills of the user I'm replying to, I always try to offer the most straight-forward, solution possible.
- John
#8
Posted 08 April 2008 - 09:57 AM
lavagolemking
-
- Member
-
- 282 posts
Member
Most end-users out there probably won't know the difference between WEP or WPA nor would they know a MAC filter from a Big MAC.
They might know that one is edible (sort of) and the other isn't, but beyond that not much.
No, my friend didn't have a CD, and he lost the manual, so I just configured it on instinct. Not knowing such a thing exists, I thought I'd try giving step-by-step instructions to set it up the only way I've ever done it. Same intention on my part, except you knew something I didn't. When configuring my friend's router, it had the MAC filtering in the obvious place and encryption somewhere else, and listed WPA as PSK, but was otherwise straightforward to set up, so I thought it would be just as easy to set it for WPA as WEP.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
