Linksys wireless networking

I am just amazed at the performance that you can get going wireless. I picked up a Linksys wireless switch this weekend and I can't tell the difference between being directly connected to the cable modem. One of the concerns I have is security, anyone ever had their security compromised by going wireless. It would seem relatively easy for someone across the street to monitor what you are doing and grab credit card info.

just make sure ya set up the secuity feature of the modem use complex pass words and 128 bit encrytion i forget what they call the wireless protection stuff maybe its wap but i forget

Have you set up the security encryption for your unit (is it at least 40 bit, but should be more)?

If you have no encryption or the older 8 bit hardware scrambler from the very early wireless standards setup--yes, it is very easy for somebody to see your data and even use your link.

-Bill

You definitely want WPA enabled (not WEP, WEP is breakable). WPA-PSK specifically for home usage. All your equipment needs to support it for it to work, but if it does, this is the strongest that is commonly available and it is (so far) good enough.

A 20 letter or longer passphrase is recommended, well.. although you should never write passwords down I suppose that in this specific case you could write this one down and put it in a desk drawer or something, because by the time they gain physical access to your drawer you have bigger problems (ie. house being ransacked) than the security of your WLAN.

Generally, wireless LANs should be fast enough that they exceed the speed of your Internet connection so you should not see a slowdown at all. Congratulations on going wireless!

You could take a look at AirSnare too. It was featured in TechTV's screensavers. It detects and warns of any intrusions in your network:
http://home.comcast.net/~jay.deboer/airsnare/

Very interesting. I've always wanted an IDS (intrusion detection system) for my wireless LAN but some of the industrial-grade IDS I work with are simply too cumbersome and way too expensive for a small home LAN. Of course ideally I'd have the Cisco 4210 IPS to intercept traffic but.... /ubbthreads/images/graemlins/grin.gif

Airsnare looks good, I'll have to check it out. Thanks!

I only have a wireless hub in case friends come over with laptops of PDAs. There's no way somebody at the street could get on my network, thanks to good ol' distance. .

Good advice on the security, it's all true.

However, 128 bit WEP with a nice long keyprhase is "breakable", but hardly in real-time by any laptop made. A hacker could be your neighbor or "wardriving" (wandering around with wireless, looking for unsecured networks). Worst case scenario is he records by packet sniffing a significant sample of your homes wireless traffic (a weeks worth or so for 128 bit). Then, if he has a sufficiently powerful computer, or a large networked Linux cluster made up of several cheap/older PC's, and the right software and ability, he might figure out your key in a couple of weeks or perhaps days, then drive back to within range of your house, and then be able to decode your traffic, or sign himself onto your wireless base station and steal bandwidth from you. The NSA could probably break your 128 bit WEP "real time" but I'd hope they were otherwise occupied on more pressing matters.

Rotating your key every couple of weeks/months, and setting up MAC filtering to allow only the burned-in hardware addresses of the wireless cards in your home is probably more than enough for 99% of all users. In reality, the biggest wireless problems are probably in dorms and apartment buildings where everybody is on everybody else's base stations and doesn't even realize it because so few people ever bother to understand the settings or the software beyond the initial plug-n-play defaults.

Someone with that amount of skill probably has better fish to fry than waiting patiently for you to sign onto PayPal and steal your password. If a bad guy was that interested in onesy-twosy identity theft/fraud, he can just go onto Kazaa or other P2P networks and just type in "bank", "stocks", "finance spreadsheet" or "taxes", and because of how many people are utterly clueless that their kids even installed the client, or if they did themselves, how it works, the entire "C: drive" is shared and everybody on earth can scan the whole thing.

For most home needs, the standard for "breakability" is probably not realistically set at the level where a nerd with a homemade supercomputer and a week or two of free time to record you, and another to crack it, can thereoretically get your credit-card number from that porn site you visited.

99% of hacking and intrusions could be stopped if we could just get everyone to implement the flawed and "breakable" security that's readily available, and apply software patches.

I'm using/testing a SonicWALL TZ170 wireless series. It's a nice compromise between totally open wireless, yet still allowing some VPN, good firewalling, flexy NAT, address zones, etc for around the $700 range. It sure ain't no Cisco, though, and it does have many quirks and drawbacks. Still, it's pretty good offering at the lowest end of the full-featured range. Locking out LAN access is nice so you can just leave the WiFi wide open and not bother about encryption.

SonicWALL drawbacks: Take their marketing as total BS until proven otherwise. Lotsa quoted "features" are actually more like "can be enabled if you upgrade or subscribe to..." which is infuriating BS to me. In other words, I like their production dept, but hate their marketing dept.

On the other hand, it's hard to go wrong with a LinkSys wireless box that can be had for around $150 that you can just toss into trash with no regrets when it konks out after warranty. BTW -- I've had a power supply go bad on one and LinkSys sent me a new one no questions asked. Good service!

I usually get 1.5 yrs out of my low-end routers. No matter what brand. And I keep them open to cool air. It's like they're on a timer. /ubbthreads/images/graemlins/wink.gif The SonicWALL has a little fan in it. I'm wondering whether that'll make it last longer or be the first thing to go wrong. /ubbthreads/images/graemlins/crazy.gif

Welcome to wireless.

[edit] Oh yeah. I got a call a couple weeks ago from a friend up the street. "I can't print. The computer just sends stuff to the printer and nothing happens." He didn't know it but his laptop was auto-joining his neighbor's Wifi network instead of his own. We had a laugh over that one, 'cause by the time I got there he was configuring to add his neighbor's printer just because that's what showed up in his list. /ubbthreads/images/graemlins/help.gif

Unless you're shopping at e-commerce sites that don't use SSL, I think it's a total waste of time to worry about CC data being "sniffed" on a wireless connection. Just set up some basic security and noone will bother you - unless you know for sure that there are some very hardcore blackhats in your area (and we're not talking about folks with 2600 subscriptions). Also keep in mind the small area of exposure with wi-fi - a 100-200 yard radius at best.

Exercise some security, but approach it like home security. Lock your doors and collect your mail - don't go on nightly patrols.

A bigger potential problem is that someone will use your unsecured wireless network to do something "irresponsible" that might be traced to you.

I agree with AJ's remarks including MAC filtering. It's also helpful to adjust your power level down to the mimimum necessary to do the job.

If you have a Linksys product and it doesn't come with adjustable power level, you can flash your firmware with a version of the Linksys code modified by Sveasoft . It adds power level adjustment and some other nifty features. I've placed this on several Linksys units and I haven't had any trouble with them (other than voiding the Linksys warranty). Not to worry though, if you subscribe to Sveasoft (low cost and worth every penny, IMO), they have their own support forums available.

I think that virtually any level of encryption security is enough for most home networks for the simple reason that when 70% of the users set one up they quit as soon as it starts working and don't bother to enable ANY security.

So even 40 bit WEP ( though breakable by a linux PC with the right software ) is the equivalent of locking up your house when most others around you don't bother. A thief won't even mess with your house, he'll just go next door where it's all open.

Also, your wireless network connection is faster than your broadband connection, so if you're surfing the 'net, it'll feel just as fast as a wired network.

Albert Einstein, explaining radio:
"You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

[ QUOTE ]
Airmon said:
Albert Einstein, explaining radio:
"You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

[/ QUOTE ]

Hence the Linux WiFi portal project called NoCat... /ubbthreads/images/graemlins/grin.gif

To an experienced computer user, WEP is a walk in the park. It can be broken in three minutes and finding out how to do so is commonly available.

WEP will slow down somebody trying to get onto your network, but it will probably not stop them. A few good ideas for securing your WLAN, are channging the SSID (broadcasted network name) to something other than the default, restrict access by MAC addresses, WPA encryption, and also adding a password to your router in order to change the settings.

I wouldn't really worry about people sniffing your credit card number off your WLAN, because most sites that ask for your credit card number use https which encrypts the signal between your computer and the receiving server, whether or not you have encryption on your WLAN.

Wow, that was your 2500th post! Time to celebrate or sump'n. /ubbthreads/images/graemlins/grin.gif

[ QUOTE ]
IlluminatingBikr said:
A few good ideas for securing your WLAN, are channging the SSID (broadcasted network name) to something other than the default, restrict access by MAC addresses, WPA encryption, and also adding a password to your router in order to change the settings.


[/ QUOTE ]

Ditto all of the above. I'm still amazed to find so many A/Ps that are simply turned on with their default settings. If you don't do anything else, at least change the damned password!