I bought one of these over the weekend, and it arrived yesterday.  Setup was a breeze, didn’t bother using the CD.  I now have WPA2-PSK securing my wireless network.  Definitely worth the upgrade over my old Gateway router that came with my laptop back in 2004.

I’m going to upgrade the firmware on it that was discussed in this lifehacker article.  Hopefully I don’t brick the router.

So you’ve just gotten home from buying whatever wireless router your friends told you to get, well that or whatever the salesman suckered you into. (Subliminal message: Linksys WRT54G)

You want to setup a handfull of computers in your house to partake in the new wireless party, except for one little problem: you don’t know what you’re doing.

This is where we come in. This is a generalized article on how to setup a basic wireless network. I’m going to try to write it in a way that regardless of what router you have, you’ll be able to use this to figure yours out and get the job done. This is a pretty basic article, so i’m not trying to totally cover everything here. The best way to learn about things is to read and do them yourself. There is no better teacher than experience.

Routers:

Linksys WRT54 Products

A router, routes things. It’s pretty simple. You plug it in, and plug your computers into it via ethernet, or you let the wireless part take care of that, and from there it’s just a little configuration and boom, you can share files, browse the net, whatever you want. Enough on those.

Each brand of wireless router usually has a different method of configuration. This is everything from the IP you connect to it through, to the way the interface is laid out. They all usually use a 192.168.x.x IP, and all the interfaces have roughly the same kind of buttons, though.

The parts we’re concerned with deal with IP assignment, MAC filtering, and the type of encryption that’s active.

Hopefully all of you have a router that lets you use WPA. If not, please at least use WEP. It’s not much protection, but it’s something to slow a lazy wardriver down.

Quick Note on Wardriving:

Wardriving is basically the practice of driving around looking for wireless networks. Mapping them out, and even hacking into them if one is so inclined. You care about wardrivers because if you don’t secure your router, and they leech off of you, anything they do while they’re connected to your router is your responsibility in a court of law, not theirs. So if they like to download kiddy porn, you can get into trouble for them doing it.

DHCP vs Static IP:

Going to make this one quick. DHCP is automatic assignment of IP addresses. In this part of your control panel you can view who is currently assigned an IP on your network. You can control how long they get to use that IP before they have to renew it, as well as how many IP addresses the router will assign before it stops giving them out. This is important for securing the router, as it’s one step in the process. Always limit the number of available IP addresses to the number of machines you will be using. You can always add to this if a buddy comes over or what not, so don’t worry.

Static IP is even better, but a little more work in setting up. This allows you total control over the assignment of IP addresses, but still isn’t perfectly safe. Regardless, the additional setup requires you to use the router’s IP as your Gateway and DNS servers, so don’t forget that.

MAC Filtering

There is more information here than I can even think to type up. The concept however is simple. You can either deny certian MAC addresses from connecting to your router, or allow only certain ones and deny the rest. Obviously the second option is better and easier for us.

Encryption:

I’ve touched on this with my WEP vs WPA article, but configuration is actually pretty self-explanatory, and Firewalling.com has an excellent resource for virtually every router out there. You figure out whether you have WPA or if you’re stuck with WEP (NEVER use WEP if you have WPA or better available). It all works the same though, you generate a key, and you use that key in your wireless configuration in Windows or Linux to connect to the router.  Use this key generator to generate your keys.

Using the last 3 things separately is good, but using them together is outstanding diligence. You want to deter possible hackers as much as possible, so they move onto your neighbor’s unsecured network rather than yours.

Things to Note:

• Don’t try to connect 20 computers to the same 3mbps Cox connection. It just isn’t good.
• Weather can influence the quality of your wireless signal. So can living next to a whole bunch of transformers and power lines.
• Throughput on wireless isn’t quite the same as with a regular LAN. If you’re copying lots of files between computers, use a physical connection. It’ll save you time and grief.

Port Forwarding:

Gamers, this is your section. Port Forwarding is used instead of enabling the DMZ, because it still provides you with a good level of security. If you need certain ports available for certain applications, you can do that here. All you do is specify the port number, the protocol being used, and the IP address it’s going to forward to. Be sure you know which IP is what on your network, you might end up giving the wrong person the info.

Thoughts:

Most people don’t secure their networks. In my experience about 6 out of every 10 routers is totally wide open, just plugged in and never touched. Secure your networks!!

So you’ve just gotten home from buying whatever wireless router your friends told you to get, well that or whatever the salesman suckered you into. (Subliminal message: Linksys WRT54G)

You want to setup a handful of computers in your house to partake in the new wireless party, except for one little problem: you don’t know what you’re doing.

This is where we come in. This is a generalized article on how to setup a basic wireless network. I’m going to try to write it in a way that regardless of what router you have, you’ll be able to use this to figure yours out and get the job done. This is a pretty basic article, so i’m not trying to totally cover everything here. The best way to learn about things is to read and do them yourself. There is no better teacher than experience.

Routers:

A router, routes things. It’s pretty simple. You plug it in, and plug your computers into it via ethernet, or you let the wireless part take care of that, and from there it’s just a little configuration and boom, you can share files, browse the net, whatever you want. Enough on those.

Each brand of wireless router usually has a different method of configuration. This is everything from the IP you connect to it through, to the way the interface is laid out. They all usually use a 192.168.x.x IP, and all the interfaces have roughly the same kind of buttons, though.

The parts we’re concerned with deal with IP assignment, MAC filtering, and the type of encryption that’s active.

Hopefully all of you have a router that lets you use WPA. If not, please at least use WEP. It’s not much protection, but it’s something to slow a lazy wardriver down.

Quick Note on Wardriving:

Wardriving is basically the practice of driving around looking for wireless networks. Mapping them out, and even hacking into them if one is so inclined (although obviously not legal). You care about wardrivers because if you don’t secure your router, and they leech off of you, anything they do while they’re connected to your router is your responsibility in a court of law, not theirs. So if they like to download copyrighted or illegal material, you can get into trouble for them doing it.

DHCP vs Static IP:

DHCP is automatic assignment of IP addresses. In this part of your control panel you can view who is currently assigned an IP on your network. You can control how long they get to use that IP before they have to renew it, as well as how many IP addresses the router will assign before it stops giving them out. This is important for securing the router, as it’s one step in the process. Always limit the number of available IP addresses to the number of machines you will be using. You can always add to this if a buddy comes over or what not, so don’t worry.

Static IP is even better, but a little more work in setting up. This allows you total control over the assignment of IP addresses, but still isn’t perfectly safe. Regardless, the additional setup requires you to use the router’s IP as your Gateway and DNS servers, so don’t forget that.

MAC Filtering

You can either deny certian MAC addresses from connecting to your router, or allow only certain ones and deny the rest. Obviously the second option gives you far more security, and is very quick to setup for small home networks.

Encryption:

I’ve touched on this with my WEP vs WPA article, but configuration is actually pretty self-explanatory, and Firewalling.com has an excellent resource for virtually every router out there. You figure out whether you have WPA or if you’re stuck with WEP (NEVER use WEP if you have WPA or better available). It all works the same though, you generate a key, and you use that key in your wireless configuration in Windows or Linux to connect to the router.

Using the last 3 things separately is good, but using them together is outstanding diligence. You want to deter possible hackers as much as possible, so they move onto your neighbor’s unsecured network rather than yours.

Things to Note:

• Don’t try to connect 20 computers to the same 3mbps connection. It just isn’t good.
• Weather can influence the quality of your wireless signal. So can living next to a whole bunch of transformers and power lines.
• Throughput on wireless isn’t quite the same as with a regular LAN. If you’re copying lots of files between computers, use a physical connection. It’ll save you time and grief.  There is newer technology out there like 802.11N, but again, it all depends on the setup and whether all computers have a wireless card that’s compatible.  Nothing beats a physical connection quite yet.

Port Forwarding/Triggering:

Port Forwarding is used instead of enabling the DMZ, because it still provides you with a good level of security. If you need certain ports available for certain applications, you can do that here. All you do is specify the port number, the protocol being used, and the IP address it’s going to forward to. Be sure you know which IP is what on your network, you might end up giving the wrong person the info.

Port Triggering is similar, though you do not have to specify an IP address with this method.  It’s all port based, so if you have three computers on your network trying to use an application which requires a certain range of ports be open, you just setup that range of ports for triggering and each computer will hook onto a port to connect with without the router having to direct the traffic to each specific IP.

Thoughts:

Most people don’t secure their networks. In my experience about 6 out of every 10 routers is totally wide open, just plugged in and never touched. Secure your networks!!

Just wanted to add to what Chris had mentioned about wireless security in his previous post.

       Wi-Fi security is not my cup of tea; however I had my wireless card lying around and decided to see what’s out there in the neighborhood. It was unbelievable to see how many people are oblivious to wireless security and how important it is to configure your router and change your default passwords. With all the recent identity theft cases popping up minute by minute, it would be very naive to run such an open and careless network. 

       To secure your router, at the very least try to assign static IP’s and limit the amount of IP’s that are assignable through the default dynamic settings.  Also try to incorporate an encryption protocol such as WEP or WPA, which Chris wrote a complete article on the pros and cons.  Hopefully with the tools and information gained from this site, it will in turn make you realize the potential threats and how vulnerable you are when surfing the world wide web.

       For any questions pertaining to this post or anything else, please don’t hesitate to ask.       

I’ve been asked by a few friends lately about securing their networks and whether it really matters if they use WEP or WPA.

I will go over briefly what each is, and what the major differences are.

WEP:

Wired Equivalent Privacy.  Originally intended to give you the same or similar level of security as on a wired network, but it didn’t quite work out that way.

In basic layman’s terms, WEP works by using secret keys, or codes to encrypt data.  The Access Point and the client must know the codes in order for it to function.  It uses either 64 bit or 128 bit keys, though the added security from the larger number isn’t as much as you would think.

The actual user keys (codes) are 40 bits and 104 bits, with the extra 24 bits used by something called the Intialization Vector (IV).

The encryption is created by taking the IV and randomizing it for each packet, while keeping the secret code the same.  The AP and the client decrypt and retrieve the message/data and all is right in the world, in theory.

 Problems:

• There is no limit on using the same IV value more than once.  This makes the encryption vulnerable to collision-based attacks.
• Because the IV is only 24 bits, there are only ~16.7 million possible variations.  Sounds like a lot, but it’s quite small in the cryptography world.
• Master keys are used directly, when they should instead be used to generate other temporary keys.
• Users don’t change their keys very often on most networks, giving attackers ample time to try various techniques.

If you have nothing else, WEP is better than nothing of course, but I wouldn’t trust extremely sensitive data with it.

WPA:

Wifi Protected Access.  It bridges the gap between  WEP and the upcoming 802.11i standard, and is implementable via firmware upgrades in older hardware.  WPA uses Temporal Key Integrity Protocol (or TKIP), which is designed to alow WEP to be upgraded through corrective measures that address the existing security problems.

 Advantages over WEP:

• IV length has increased to 48 bits from 24 bits, which allows WPA to achieve over 500 trillion possible key combinations.
• IVs are now better protected through the use of the TSC, or TKIP sequence counter, helping to prevent the re-use of IV keys.
• Master keys are never directly used.
• Better key management
• Impressive message integrity checking

I have not gone into the Enterprise level of WPA, which is actually intended to be used with something called a RADIUS server for access control.  Most home users use what is called WPA-PSK, which is for use on smaller networks that need good security without the extra cost and configuration.  WPA and WPA-PSK use the same encryption methods, however.

Future:

WPA2 (802.11i):

WPA2 features upgrades to WPA to make it even more secure.

• WPA2 uses AES (Advanced Encryption Standard) to provide stronger encryption.
• There are specific solutions for Enterprise and Personal use.  Enterprise uses IEEE 802.1X and EAP to provide authentication.  Personal uses a pre-shared key, or password.
• WPA2 still creates new session keys for every assocation, the benefit over WPA being that the keys used for each client on the network are unique and specific to that client.  Every packet sent over the air is encrypted with a unique key and avoids re-use.

References:

http://www.wifialliance.org/OpenSection/knowledge_center/wpa2/

http://www.pctoday.com/editorial/article.asp?article=articles/2003/t0102/13t02/13t02.asp&GUID=

http://www.tomsnetworking.com/2003/06/25/wi/index.html

http://www.openxtra.co.uk/articles/wpa-vs-wep.php

http://www.openxtra.co.uk/articles/wep-weaknesses.php

I’ve been asked by a few friends lately about securing their networks and whether it really matters if they use WEP or WPA.

I will go over briefly what each is, and what the major differences are.

WEP:

Wired Equivalent Privacy. Originally intended to give you the same or similar level of security as on a wired network, but it didn’t quite work out that way.

In basic layman’s terms, WEP works by using secret keys, or codes to encrypt data. The Access Point and the client must know the codes in order for it to function. It uses either 64 bit or 128 bit keys, though the added security from the larger number isn’t as much as you would think.

The actual user keys (codes) are 40 bits and 104 bits, with the extra 24 bits used by something called the Intialization Vector (IV).

The encryption is created by taking the IV and randomizing it for each packet, while keeping the secret code the same. The AP and the client decrypt and retrieve the message/data and all is right in the world, in theory.

Problems:

• There is no limit on using the same IV value more than once. This makes the encryption vulnerable to collision-based attacks.
• Because the IV is only 24 bits, there are only ~16.7 million possible variations. Sounds like a lot, but it’s quite small in the cryptography world.
• Master keys are used directly, when they should instead be used to generate other temporary keys.
• Users don’t change their keys very often on most networks, giving attackers ample time to try various techniques.

If you have nothing else, WEP is better than nothing of course, but I wouldn’t trust extremely sensitive data with it.

WPA:

Wifi Protected Access. It bridges the gap between WEP and the upcoming 802.11i standard, and is implementable via firmware upgrades in older hardware. WPA uses Temporal Key Integrity Protocol (or TKIP), which is designed to alow WEP to be upgraded through corrective measures that address the existing security problems.

Advantages over WEP:

• IV length has increased to 48 bits from 24 bits, which allows WPA to achieve over 500 trillion possible key combinations.
• IVs are now better protected through the use of the TSC, or TKIP sequence counter, helping to prevent the re-use of IV keys.
• Master keys are never directly used.
• Better key management
• Impressive message integrity checking

I have not gone into the Enterprise level of WPA, which is actually intended to be used with something called a RADIUS server for access control. Most home users use what is called WPA-PSK, which is for use on smaller networks that need good security without the extra cost and configuration. WPA and WPA-PSK use the same encryption methods, however.

Future: