Wireless Network Security for Dummies, Please

Discussion in 'Wireless Networking' started by =?Utf-8?B?Sm9obiBUQ0k=?=, Oct 27, 2004.

  1. I am completely new to this issue and basically “computer illiterateâ€, so
    please forgive my naivety. However, I am able to follow step-by-step
    instructions in user guides etc., as long as they do not use too much jargon.

    Have followed multifarious threads in these User Groups, over the past few
    days, trying to understand security and encryption etc of wireless networks
    (before I went ahead and tried anything myself). Unfortunately, I became
    totally confused and disillusioned.

    All my home PCs, laptops and peripherals (network router & wireless
    adaptors) are Dell and have XP with SP2. Initial setup was relatively simple
    and the network has been working great for over 18 months. However, I had not
    had the time (nor the courage, nor the inclination) to tackle
    encryption/security. Especially as we have no near neighbours. Therefore, I
    have simply relied on Norton Internet Security Pro 2002, Windows Firewall &
    Spybot.

    From the threads, and bearing in mind the numerous problems of hardware &
    software configuration & incompatibility and the SP2 issue etc., which so
    many people are experiencing, I had decided, over the weekend, that security
    was not a priority (at least for me). It was more important to keep a network
    that just worked.

    However, it occurred to me that inputting the MAC addresses of the network
    adaptors into the router (and nothing else) could possibly be much easier(?)
    than & just as secure(?) as encryption (and without signal strength loss(?)
    nor transmission speed loss(?)).

    This I have now done. In total it took less than 10 minutes, including the
    time to read the 5 MAC addresses on the adaptors/ cards, input them onto the
    router and reboot (took longer to find the router’s original installation CD,
    which contained the User Guide).

    Now only the designated PC’s can connect to my network. However, the Windows
    XP “Wireless Network Connection†box tells me that the network is “Unsecuredâ€
    and “configured for open accessâ€. This I guess is because it is not
    encrypted.

    I am obviously deluding myself as I have not found absolutely any reference
    to it at all in any of the threads anywhere. So what basic facts am I
    missing? What are the dangers/weaknesses of this solution?
    =?Utf-8?B?Sm9obiBUQ0k=?=, Oct 27, 2004
    #1
    1. Advertising

  2. =?Utf-8?B?Sm9obiBUQ0k=?=

    Jack Guest

    Hi

    Bear in mind that though the same word Security is used to describe secure
    Internet Connection and Secure Wireless, there is No real relation between
    the two

    Norton Internet Security is a Firewall; Wireless Security has Nothing to do
    with Firewalls.

    Wireless is just a replacement for a Wire and thus can be intercepted by
    people in the neighborhood attaching then self to your LAN. That why there
    is Wireless Security measures to avoid Local Tapping. These measure are
    unique only the Wireless itself, and has to be used even if there is No
    Internet Connection.

    Link to: http://www.ezlan.net/Wireless_Security.html

    The Firewall "Job" is to protect the Internet connection from being
    invaded, and to prevent your LAN computers from transmitting out to the
    Internet privileged information.

    Each computer on your Network that has access to the Internet should have
    its own Firewall regardless of whether you use Wire or Wireless.

    Internet -Basic protection: http://www.ezlan.net/firewall.html

    In addition you should have tools available if your computers get Infested.

    Internet Infestation: http://www.ezlan.net/infestation.html

    Jack (MVP-Networking).



    "John TCI" <> wrote in message
    news:...
    > I am completely new to this issue and basically "computer illiterate", so
    > please forgive my naivety. However, I am able to follow step-by-step
    > instructions in user guides etc., as long as they do not use too much

    jargon.
    >
    > Have followed multifarious threads in these User Groups, over the past few
    > days, trying to understand security and encryption etc of wireless

    networks
    > (before I went ahead and tried anything myself). Unfortunately, I became
    > totally confused and disillusioned.
    >
    > All my home PCs, laptops and peripherals (network router & wireless
    > adaptors) are Dell and have XP with SP2. Initial setup was relatively

    simple
    > and the network has been working great for over 18 months. However, I had

    not
    > had the time (nor the courage, nor the inclination) to tackle
    > encryption/security. Especially as we have no near neighbours. Therefore,

    I
    > have simply relied on Norton Internet Security Pro 2002, Windows Firewall

    &
    > Spybot.
    >
    > From the threads, and bearing in mind the numerous problems of hardware &
    > software configuration & incompatibility and the SP2 issue etc., which so
    > many people are experiencing, I had decided, over the weekend, that

    security
    > was not a priority (at least for me). It was more important to keep a

    network
    > that just worked.
    >
    > However, it occurred to me that inputting the MAC addresses of the network
    > adaptors into the router (and nothing else) could possibly be much

    easier(?)
    > than & just as secure(?) as encryption (and without signal strength

    loss(?)
    > nor transmission speed loss(?)).
    >
    > This I have now done. In total it took less than 10 minutes, including the
    > time to read the 5 MAC addresses on the adaptors/ cards, input them onto

    the
    > router and reboot (took longer to find the router's original installation

    CD,
    > which contained the User Guide).
    >
    > Now only the designated PC's can connect to my network. However, the

    Windows
    > XP "Wireless Network Connection" box tells me that the network is

    "Unsecured"
    > and "configured for open access". This I guess is because it is not
    > encrypted.
    >
    > I am obviously deluding myself as I have not found absolutely any

    reference
    > to it at all in any of the threads anywhere. So what basic facts am I
    > missing? What are the dangers/weaknesses of this solution?
    >
    Jack, Oct 28, 2004
    #2
    1. Advertising

  3. Hi John,

    Jack answered a bunch of your questions in his followup post, but I
    wanted to make a couple of points in addition.

    Entering the MAC addresses of your wireless cards into the router makes
    use of a feature called 'MAC address filtering'. Ideally this should only
    let the computers you own become active participants in your wireless
    network. However, MAC address filtering is not a secure solution for a
    wireless network. It can be defeated very easily, because:
    1) the data you are sending between your computers and router is still
    unencrypted and anyone close enough can listen to it (it's just radio waves)
    2) it's fairly easy to spoof MAC addresses (here's a link to a product
    that does this: http://www.klcconsulting.net/smac/ )

    If you want to improve the security of your wireless network, you have
    to configure your computers and router for encryption.

    http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx

    Thanks,
    Chris Gual [MSFT]
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "John TCI" <> wrote in message
    news:...
    >I am completely new to this issue and basically "computer illiterate", so
    > please forgive my naivety. However, I am able to follow step-by-step
    > instructions in user guides etc., as long as they do not use too much
    > jargon.
    >
    > Have followed multifarious threads in these User Groups, over the past few
    > days, trying to understand security and encryption etc of wireless
    > networks
    > (before I went ahead and tried anything myself). Unfortunately, I became
    > totally confused and disillusioned.
    >
    > All my home PCs, laptops and peripherals (network router & wireless
    > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    > simple
    > and the network has been working great for over 18 months. However, I had
    > not
    > had the time (nor the courage, nor the inclination) to tackle
    > encryption/security. Especially as we have no near neighbours. Therefore,
    > I
    > have simply relied on Norton Internet Security Pro 2002, Windows Firewall
    > &
    > Spybot.
    >
    > From the threads, and bearing in mind the numerous problems of hardware &
    > software configuration & incompatibility and the SP2 issue etc., which so
    > many people are experiencing, I had decided, over the weekend, that
    > security
    > was not a priority (at least for me). It was more important to keep a
    > network
    > that just worked.
    >
    > However, it occurred to me that inputting the MAC addresses of the network
    > adaptors into the router (and nothing else) could possibly be much
    > easier(?)
    > than & just as secure(?) as encryption (and without signal strength
    > loss(?)
    > nor transmission speed loss(?)).
    >
    > This I have now done. In total it took less than 10 minutes, including the
    > time to read the 5 MAC addresses on the adaptors/ cards, input them onto
    > the
    > router and reboot (took longer to find the router's original installation
    > CD,
    > which contained the User Guide).
    >
    > Now only the designated PC's can connect to my network. However, the
    > Windows
    > XP "Wireless Network Connection" box tells me that the network is
    > "Unsecured"
    > and "configured for open access". This I guess is because it is not
    > encrypted.
    >
    > I am obviously deluding myself as I have not found absolutely any
    > reference
    > to it at all in any of the threads anywhere. So what basic facts am I
    > missing? What are the dangers/weaknesses of this solution?
    >
    Chris Gual [MSFT], Oct 28, 2004
    #3
  4. "Chris Gual [MSFT]" wrote:
    > 2) it's fairly easy to spoof MAC addresses (here's a link to a product
    > that does this: http://www.klcconsulting.net/smac/ )


    I doubt that SMAC really does what it claims.
    From the description on their site, it seems to detect that adapter
    supports overriding MAC address, but does not expose this to user -
    then it simply employs this feature.

    However, this trick will fail if the netcard driver or firmware don't allow
    overriding MAC address. The wireless router will see the original MAC address,
    no matter what address Windows sees.
    In this case only modification of the driver and/or firmware can help,
    and it is possible.

    Regards,
    --PA
    =?Utf-8?B?UGF2ZWwgQS4=?=, Oct 28, 2004
    #4
  5. Jack & Chris,

    Many thanks to you both. Think I understand.
    Great articles and relatively easy to understand, even for me. Thanks again.
    I was preparing a follow up to Jack when the response from Chris came in. He
    must be psychic as he has already answered the first question in section 2.

    May I crave your indulgences a little further? Grateful if you could
    clarify/amplify a few points taken in order from your most excellent
    replies:-

    (1) Firewalls etc: As mentioned previously, each of my 5 computers has
    Norton Internet Security. Windows Firewall is also enabled. Just read the
    manual on the DSL Modem (Actiontec GT704-WG……. our ISP uses PPPoA not PPPoE).
    Understood very little, because of the jargon/abbreviations, but have now
    realized that it is also a gateway with the following default settings: DMZ
    Hosting, UPnP & Remote Management are “offâ€. NAT is on. Firewall Security was
    set to basic. There are 3 other security levels and I have now set it to
    “Medium†(which allows all services “out†and leaves open ports 25,110, 7070,
    1503, 163, 443, 983 & 885 in the “in†column.). I have deliberately not
    touched the Port Forwarding section…..yet (Presume I may have to if I get
    “access out†problems - have already lost “Remote Desktop†ability).

    Took the recommendation from one of the articles to install NetBEUI and
    unchecked TCP/IP in file & printer sharing. Also had IPX/SPX, which had to be
    unchecked before the computers lost their ability to connect to one
    another…now they all have NetBEUI and everything fine- except “Remote
    Desktopâ€. I assume that they are only now connecting with NetBEUI).

    Questions: (a) Do you now consider this arrangement sufficient for “normal
    home†use? If not, can you specifically (or generally) recommend any other
    programs/add-ons etc.?
    (b) Have just had a quick look in the Remote Desktop discussions…….phew!!!!!
    What is the best way to restore “Remote Desktop� (enable Remote Management
    in the modem/gateway, open specific port(s) which? or do I have to do both?)

    (2) Local Tapping: Each computer on the network is connected via the router
    (not directly to the DSL modem) and identified by its unique MAC address. The
    router is set to “deny access to all othersâ€. How can my neighbours or
    passers by connect locally to the router and hence to my network?
    This was my original concern. QUOTE: Wireless Network Connection box tells
    me that the network is "Unsecured" and "configured for open access". This, I
    guess, is because it is not encrypted. UNQUOTE.

    Questions: (a) Would you recommend encryption on top? Can you recommend a
    similar article to the others for “trouble free encryption for dummies†(The
    modem/gateway has options for WEP (up to 256bits), WEP+802.1x and WPA but the
    wireless adaptors/cards only for WEP 64/128? So am limited to WEP 128).
    Presume it would be best to use the wizard in XP SP2 and transfer the
    settings to the other computers with a flash drive and to the modem/gateway
    manually (as its USB connector is the “wrong end†to accept the flash drive).


    (3) Internet Infestation: I have Spybot and Norton Antivirus (within Norton
    Internet Security Pro) on each computer.

    Question: Considering that I would also like to avoid overkill, which of the
    other programs would you recommend, out of those in the article (StartUp,
    Process Explorer, Ad-Aware, a2-free) to best complement/supplement what I
    already have?

    Many thanks in advance, your advice is much appreciated.



    "Chris Gual [MSFT]" wrote:

    > Hi John,
    >
    > Jack answered a bunch of your questions in his followup post, but I
    > wanted to make a couple of points in addition.
    >
    > Entering the MAC addresses of your wireless cards into the router makes
    > use of a feature called 'MAC address filtering'. Ideally this should only
    > let the computers you own become active participants in your wireless
    > network. However, MAC address filtering is not a secure solution for a
    > wireless network. It can be defeated very easily, because:
    > 1) the data you are sending between your computers and router is still
    > unencrypted and anyone close enough can listen to it (it's just radio waves)
    > 2) it's fairly easy to spoof MAC addresses (here's a link to a product
    > that does this: http://www.klcconsulting.net/smac/ )
    >
    > If you want to improve the security of your wireless network, you have
    > to configure your computers and router for encryption.
    >
    > http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx
    >
    > Thanks,
    > Chris Gual [MSFT]
    > --
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    > "John TCI" <> wrote in message
    > news:...
    > >I am completely new to this issue and basically "computer illiterate", so
    > > please forgive my naivety. However, I am able to follow step-by-step
    > > instructions in user guides etc., as long as they do not use too much
    > > jargon.
    > >
    > > Have followed multifarious threads in these User Groups, over the past few
    > > days, trying to understand security and encryption etc of wireless
    > > networks
    > > (before I went ahead and tried anything myself). Unfortunately, I became
    > > totally confused and disillusioned.
    > >
    > > All my home PCs, laptops and peripherals (network router & wireless
    > > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    > > simple
    > > and the network has been working great for over 18 months. However, I had
    > > not
    > > had the time (nor the courage, nor the inclination) to tackle
    > > encryption/security. Especially as we have no near neighbours. Therefore,
    > > I
    > > have simply relied on Norton Internet Security Pro 2002, Windows Firewall
    > > &
    > > Spybot.
    > >
    > > From the threads, and bearing in mind the numerous problems of hardware &
    > > software configuration & incompatibility and the SP2 issue etc., which so
    > > many people are experiencing, I had decided, over the weekend, that
    > > security
    > > was not a priority (at least for me). It was more important to keep a
    > > network
    > > that just worked.
    > >
    > > However, it occurred to me that inputting the MAC addresses of the network
    > > adaptors into the router (and nothing else) could possibly be much
    > > easier(?)
    > > than & just as secure(?) as encryption (and without signal strength
    > > loss(?)
    > > nor transmission speed loss(?)).
    > >
    > > This I have now done. In total it took less than 10 minutes, including the
    > > time to read the 5 MAC addresses on the adaptors/ cards, input them onto
    > > the
    > > router and reboot (took longer to find the router's original installation
    > > CD,
    > > which contained the User Guide).
    > >
    > > Now only the designated PC's can connect to my network. However, the
    > > Windows
    > > XP "Wireless Network Connection" box tells me that the network is
    > > "Unsecured"
    > > and "configured for open access". This I guess is because it is not
    > > encrypted.
    > >
    > > I am obviously deluding myself as I have not found absolutely any
    > > reference
    > > to it at all in any of the threads anywhere. So what basic facts am I
    > > missing? What are the dangers/weaknesses of this solution?
    > >

    >
    >
    >
    =?Utf-8?B?Sm9obiBUQ0k=?=, Oct 28, 2004
    #5
  6. =?Utf-8?B?Sm9obiBUQ0k=?=

    mikeBNF Guest

    only one thing i would change.disable all windows firewalls, as they only
    protects against incoming stuff & install ZA free on ALL machines.
    this protects bothways so will stop said 'phone-home' virus stuff or mailer
    worms.

    mike

    "John TCI" <> wrote in message
    news:...
    > Jack & Chris,
    >
    > Many thanks to you both. Think I understand.
    > Great articles and relatively easy to understand, even for me. Thanks

    again.
    > I was preparing a follow up to Jack when the response from Chris came in.

    He
    > must be psychic as he has already answered the first question in section

    2.
    >
    > May I crave your indulgences a little further? Grateful if you could
    > clarify/amplify a few points taken in order from your most excellent
    > replies:-
    >
    > (1) Firewalls etc: As mentioned previously, each of my 5 computers has
    > Norton Internet Security. Windows Firewall is also enabled. Just read the
    > manual on the DSL Modem (Actiontec GT704-WG... our ISP uses PPPoA not

    PPPoE).
    > Understood very little, because of the jargon/abbreviations, but have now
    > realized that it is also a gateway with the following default settings:

    DMZ
    > Hosting, UPnP & Remote Management are "off". NAT is on. Firewall Security

    was
    > set to basic. There are 3 other security levels and I have now set it to
    > "Medium" (which allows all services "out" and leaves open ports 25,110,

    7070,
    > 1503, 163, 443, 983 & 885 in the "in" column.). I have deliberately not
    > touched the Port Forwarding section...yet (Presume I may have to if I get
    > "access out" problems - have already lost "Remote Desktop" ability).
    >
    > Took the recommendation from one of the articles to install NetBEUI and
    > unchecked TCP/IP in file & printer sharing. Also had IPX/SPX, which had to

    be
    > unchecked before the computers lost their ability to connect to one
    > another.now they all have NetBEUI and everything fine- except "Remote
    > Desktop". I assume that they are only now connecting with NetBEUI).
    >
    > Questions: (a) Do you now consider this arrangement sufficient for "normal
    > home" use? If not, can you specifically (or generally) recommend any other
    > programs/add-ons etc.?
    > (b) Have just had a quick look in the Remote Desktop

    discussions...phew!!!!!
    > What is the best way to restore "Remote Desktop"? (enable Remote

    Management
    > in the modem/gateway, open specific port(s) which? or do I have to do

    both?)
    >
    > (2) Local Tapping: Each computer on the network is connected via the

    router
    > (not directly to the DSL modem) and identified by its unique MAC address.

    The
    > router is set to "deny access to all others". How can my neighbours or
    > passers by connect locally to the router and hence to my network?
    > This was my original concern. QUOTE: Wireless Network Connection box tells
    > me that the network is "Unsecured" and "configured for open access".

    This, I
    > guess, is because it is not encrypted. UNQUOTE.
    >
    > Questions: (a) Would you recommend encryption on top? Can you recommend a
    > similar article to the others for "trouble free encryption for dummies"

    (The
    > modem/gateway has options for WEP (up to 256bits), WEP+802.1x and WPA but

    the
    > wireless adaptors/cards only for WEP 64/128? So am limited to WEP 128).
    > Presume it would be best to use the wizard in XP SP2 and transfer the
    > settings to the other computers with a flash drive and to the

    modem/gateway
    > manually (as its USB connector is the "wrong end" to accept the flash

    drive).
    >
    >
    > (3) Internet Infestation: I have Spybot and Norton Antivirus (within

    Norton
    > Internet Security Pro) on each computer.
    >
    > Question: Considering that I would also like to avoid overkill, which of

    the
    > other programs would you recommend, out of those in the article (StartUp,
    > Process Explorer, Ad-Aware, a2-free) to best complement/supplement what I
    > already have?
    >
    > Many thanks in advance, your advice is much appreciated.
    >
    >
    >
    > "Chris Gual [MSFT]" wrote:
    >
    > > Hi John,
    > >
    > > Jack answered a bunch of your questions in his followup post, but I
    > > wanted to make a couple of points in addition.
    > >
    > > Entering the MAC addresses of your wireless cards into the router

    makes
    > > use of a feature called 'MAC address filtering'. Ideally this should

    only
    > > let the computers you own become active participants in your wireless
    > > network. However, MAC address filtering is not a secure solution for a
    > > wireless network. It can be defeated very easily, because:
    > > 1) the data you are sending between your computers and router is

    still
    > > unencrypted and anyone close enough can listen to it (it's just radio

    waves)
    > > 2) it's fairly easy to spoof MAC addresses (here's a link to a

    product
    > > that does this: http://www.klcconsulting.net/smac/ )
    > >
    > > If you want to improve the security of your wireless network, you

    have
    > > to configure your computers and router for encryption.
    > >
    > >

    http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx
    > >
    > > Thanks,
    > > Chris Gual [MSFT]
    > > --
    > > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    > >
    > > "John TCI" <> wrote in message
    > > news:...
    > > >I am completely new to this issue and basically "computer illiterate",

    so
    > > > please forgive my naivety. However, I am able to follow step-by-step
    > > > instructions in user guides etc., as long as they do not use too much
    > > > jargon.
    > > >
    > > > Have followed multifarious threads in these User Groups, over the past

    few
    > > > days, trying to understand security and encryption etc of wireless
    > > > networks
    > > > (before I went ahead and tried anything myself). Unfortunately, I

    became
    > > > totally confused and disillusioned.
    > > >
    > > > All my home PCs, laptops and peripherals (network router & wireless
    > > > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    > > > simple
    > > > and the network has been working great for over 18 months. However, I

    had
    > > > not
    > > > had the time (nor the courage, nor the inclination) to tackle
    > > > encryption/security. Especially as we have no near neighbours.

    Therefore,
    > > > I
    > > > have simply relied on Norton Internet Security Pro 2002, Windows

    Firewall
    > > > &
    > > > Spybot.
    > > >
    > > > From the threads, and bearing in mind the numerous problems of

    hardware &
    > > > software configuration & incompatibility and the SP2 issue etc., which

    so
    > > > many people are experiencing, I had decided, over the weekend, that
    > > > security
    > > > was not a priority (at least for me). It was more important to keep a
    > > > network
    > > > that just worked.
    > > >
    > > > However, it occurred to me that inputting the MAC addresses of the

    network
    > > > adaptors into the router (and nothing else) could possibly be much
    > > > easier(?)
    > > > than & just as secure(?) as encryption (and without signal strength
    > > > loss(?)
    > > > nor transmission speed loss(?)).
    > > >
    > > > This I have now done. In total it took less than 10 minutes, including

    the
    > > > time to read the 5 MAC addresses on the adaptors/ cards, input them

    onto
    > > > the
    > > > router and reboot (took longer to find the router's original

    installation
    > > > CD,
    > > > which contained the User Guide).
    > > >
    > > > Now only the designated PC's can connect to my network. However, the
    > > > Windows
    > > > XP "Wireless Network Connection" box tells me that the network is
    > > > "Unsecured"
    > > > and "configured for open access". This I guess is because it is not
    > > > encrypted.
    > > >
    > > > I am obviously deluding myself as I have not found absolutely any
    > > > reference
    > > > to it at all in any of the threads anywhere. So what basic facts am I
    > > > missing? What are the dangers/weaknesses of this solution?
    > > >

    > >
    > >
    > >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.784 / Virus Database: 530 - Release Date: 27/10/2004
    mikeBNF, Oct 28, 2004
    #6
  7. Gentlemen,
    Quick update on Encryption (section 2 below): Your replies had confirmed the
    necessity to encrypt. So I ignored all the possible things that have gone
    wrong within the other threads and took the plunge with WEP128. Couldn't have
    been easier. All 5 computers working fine. Many thanks.

    Now only have to sort out "Remote Desktop" - section (1b) and whether to add
    anything else to address the "Infestation" issue - section (3).

    "John TCI" wrote:

    > Jack & Chris,
    >
    > Many thanks to you both. Think I understand.
    > Great articles and relatively easy to understand, even for me. Thanks again.
    > I was preparing a follow up to Jack when the response from Chris came in. He
    > must be psychic as he has already answered the first question in section 2.
    >
    > May I crave your indulgences a little further? Grateful if you could
    > clarify/amplify a few points taken in order from your most excellent
    > replies:-
    >
    > (1) Firewalls etc: As mentioned previously, each of my 5 computers has
    > Norton Internet Security. Windows Firewall is also enabled. Just read the
    > manual on the DSL Modem (Actiontec GT704-WG……. our ISP uses PPPoA not PPPoE).
    > Understood very little, because of the jargon/abbreviations, but have now
    > realized that it is also a gateway with the following default settings: DMZ
    > Hosting, UPnP & Remote Management are “offâ€. NAT is on. Firewall Security was
    > set to basic. There are 3 other security levels and I have now set it to
    > “Medium†(which allows all services “out†and leaves open ports 25,110, 7070,
    > 1503, 163, 443, 983 & 885 in the “in†column.). I have deliberately not
    > touched the Port Forwarding section…..yet (Presume I may have to if I get
    > “access out†problems - have already lost “Remote Desktop†ability).
    >
    > Took the recommendation from one of the articles to install NetBEUI and
    > unchecked TCP/IP in file & printer sharing. Also had IPX/SPX, which had to be
    > unchecked before the computers lost their ability to connect to one
    > another…now they all have NetBEUI and everything fine- except “Remote
    > Desktopâ€. I assume that they are only now connecting with NetBEUI).
    >
    > Questions: (a) Do you now consider this arrangement sufficient for “normal
    > home†use? If not, can you specifically (or generally) recommend any other
    > programs/add-ons etc.?
    > (b) Have just had a quick look in the Remote Desktop discussions…….phew!!!!!
    > What is the best way to restore “Remote Desktop� (enable Remote Management
    > in the modem/gateway, open specific port(s) which? or do I have to do both?)
    >
    > (2) Local Tapping: Each computer on the network is connected via the router
    > (not directly to the DSL modem) and identified by its unique MAC address. The
    > router is set to “deny access to all othersâ€. How can my neighbours or
    > passers by connect locally to the router and hence to my network?
    > This was my original concern. QUOTE: Wireless Network Connection box tells
    > me that the network is "Unsecured" and "configured for open access". This, I
    > guess, is because it is not encrypted. UNQUOTE.
    >
    > Questions: (a) Would you recommend encryption on top? Can you recommend a
    > similar article to the others for “trouble free encryption for dummies†(The
    > modem/gateway has options for WEP (up to 256bits), WEP+802.1x and WPA but the
    > wireless adaptors/cards only for WEP 64/128? So am limited to WEP 128).
    > Presume it would be best to use the wizard in XP SP2 and transfer the
    > settings to the other computers with a flash drive and to the modem/gateway
    > manually (as its USB connector is the “wrong end†to accept the flash drive).
    >
    >
    > (3) Internet Infestation: I have Spybot and Norton Antivirus (within Norton
    > Internet Security Pro) on each computer.
    >
    > Question: Considering that I would also like to avoid overkill, which of the
    > other programs would you recommend, out of those in the article (StartUp,
    > Process Explorer, Ad-Aware, a2-free) to best complement/supplement what I
    > already have?
    >
    > Many thanks in advance, your advice is much appreciated.
    >
    >
    >
    > "Chris Gual [MSFT]" wrote:
    >
    > > Hi John,
    > >
    > > Jack answered a bunch of your questions in his followup post, but I
    > > wanted to make a couple of points in addition.
    > >
    > > Entering the MAC addresses of your wireless cards into the router makes
    > > use of a feature called 'MAC address filtering'. Ideally this should only
    > > let the computers you own become active participants in your wireless
    > > network. However, MAC address filtering is not a secure solution for a
    > > wireless network. It can be defeated very easily, because:
    > > 1) the data you are sending between your computers and router is still
    > > unencrypted and anyone close enough can listen to it (it's just radio waves)
    > > 2) it's fairly easy to spoof MAC addresses (here's a link to a product
    > > that does this: http://www.klcconsulting.net/smac/ )
    > >
    > > If you want to improve the security of your wireless network, you have
    > > to configure your computers and router for encryption.
    > >
    > > http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx
    > >
    > > Thanks,
    > > Chris Gual [MSFT]
    > > --
    > > This posting is provided "AS IS" with no warranties, and confers no rights.
    > >
    > > "John TCI" <> wrote in message
    > > news:...
    > > >I am completely new to this issue and basically "computer illiterate", so
    > > > please forgive my naivety. However, I am able to follow step-by-step
    > > > instructions in user guides etc., as long as they do not use too much
    > > > jargon.
    > > >
    > > > Have followed multifarious threads in these User Groups, over the past few
    > > > days, trying to understand security and encryption etc of wireless
    > > > networks
    > > > (before I went ahead and tried anything myself). Unfortunately, I became
    > > > totally confused and disillusioned.
    > > >
    > > > All my home PCs, laptops and peripherals (network router & wireless
    > > > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    > > > simple
    > > > and the network has been working great for over 18 months. However, I had
    > > > not
    > > > had the time (nor the courage, nor the inclination) to tackle
    > > > encryption/security. Especially as we have no near neighbours. Therefore,
    > > > I
    > > > have simply relied on Norton Internet Security Pro 2002, Windows Firewall
    > > > &
    > > > Spybot.
    > > >
    > > > From the threads, and bearing in mind the numerous problems of hardware &
    > > > software configuration & incompatibility and the SP2 issue etc., which so
    > > > many people are experiencing, I had decided, over the weekend, that
    > > > security
    > > > was not a priority (at least for me). It was more important to keep a
    > > > network
    > > > that just worked.
    > > >
    > > > However, it occurred to me that inputting the MAC addresses of the network
    > > > adaptors into the router (and nothing else) could possibly be much
    > > > easier(?)
    > > > than & just as secure(?) as encryption (and without signal strength
    > > > loss(?)
    > > > nor transmission speed loss(?)).
    > > >
    > > > This I have now done. In total it took less than 10 minutes, including the
    > > > time to read the 5 MAC addresses on the adaptors/ cards, input them onto
    > > > the
    > > > router and reboot (took longer to find the router's original installation
    > > > CD,
    > > > which contained the User Guide).
    > > >
    > > > Now only the designated PC's can connect to my network. However, the
    > > > Windows
    > > > XP "Wireless Network Connection" box tells me that the network is
    > > > "Unsecured"
    > > > and "configured for open access". This I guess is because it is not
    > > > encrypted.
    > > >
    > > > I am obviously deluding myself as I have not found absolutely any
    > > > reference
    > > > to it at all in any of the threads anywhere. So what basic facts am I
    > > > missing? What are the dangers/weaknesses of this solution?
    > > >

    > >
    > >
    > >
    =?Utf-8?B?Sm9obiBUQ0k=?=, Oct 29, 2004
    #7
  8. Hi John,

    I'm really struggling to get 128 bit WEP to work, using a Netgear DG834G
    with latest firmware. After setting up my wireless laptop, I get a
    'connection' ie max signal strength etc, but no data transfer. There seems
    to be an attempt to send, but nothing coming back. When trying to access any
    internet sites etc, absolutely nothing... Any ideas folks ?

    "John TCI" wrote:

    > Gentlemen,
    > Quick update on Encryption (section 2 below): Your replies had confirmed the
    > necessity to encrypt. So I ignored all the possible things that have gone
    > wrong within the other threads and took the plunge with WEP128. Couldn't have
    > been easier. All 5 computers working fine. Many thanks.
    >
    > Now only have to sort out "Remote Desktop" - section (1b) and whether to add
    > anything else to address the "Infestation" issue - section (3).
    >
    > "John TCI" wrote:
    >
    > > Jack & Chris,
    > >
    > > Many thanks to you both. Think I understand.
    > > Great articles and relatively easy to understand, even for me. Thanks again.
    > > I was preparing a follow up to Jack when the response from Chris came in. He
    > > must be psychic as he has already answered the first question in section 2.
    > >
    > > May I crave your indulgences a little further? Grateful if you could
    > > clarify/amplify a few points taken in order from your most excellent
    > > replies:-
    > >
    > > (1) Firewalls etc: As mentioned previously, each of my 5 computers has
    > > Norton Internet Security. Windows Firewall is also enabled. Just read the
    > > manual on the DSL Modem (Actiontec GT704-WG……. our ISP uses PPPoA not PPPoE).
    > > Understood very little, because of the jargon/abbreviations, but have now
    > > realized that it is also a gateway with the following default settings: DMZ
    > > Hosting, UPnP & Remote Management are “offâ€. NAT is on. Firewall Security was
    > > set to basic. There are 3 other security levels and I have now set it to
    > > “Medium†(which allows all services “out†and leaves open ports 25,110, 7070,
    > > 1503, 163, 443, 983 & 885 in the “in†column.). I have deliberately not
    > > touched the Port Forwarding section…..yet (Presume I may have to if I get
    > > “access out†problems - have already lost “Remote Desktop†ability).
    > >
    > > Took the recommendation from one of the articles to install NetBEUI and
    > > unchecked TCP/IP in file & printer sharing. Also had IPX/SPX, which had to be
    > > unchecked before the computers lost their ability to connect to one
    > > another…now they all have NetBEUI and everything fine- except “Remote
    > > Desktopâ€. I assume that they are only now connecting with NetBEUI).
    > >
    > > Questions: (a) Do you now consider this arrangement sufficient for “normal
    > > home†use? If not, can you specifically (or generally) recommend any other
    > > programs/add-ons etc.?
    > > (b) Have just had a quick look in the Remote Desktop discussions…….phew!!!!!
    > > What is the best way to restore “Remote Desktop� (enable Remote Management
    > > in the modem/gateway, open specific port(s) which? or do I have to do both?)
    > >
    > > (2) Local Tapping: Each computer on the network is connected via the router
    > > (not directly to the DSL modem) and identified by its unique MAC address. The
    > > router is set to “deny access to all othersâ€. How can my neighbours or
    > > passers by connect locally to the router and hence to my network?
    > > This was my original concern. QUOTE: Wireless Network Connection box tells
    > > me that the network is "Unsecured" and "configured for open access". This, I
    > > guess, is because it is not encrypted. UNQUOTE.
    > >
    > > Questions: (a) Would you recommend encryption on top? Can you recommend a
    > > similar article to the others for “trouble free encryption for dummies†(The
    > > modem/gateway has options for WEP (up to 256bits), WEP+802.1x and WPA but the
    > > wireless adaptors/cards only for WEP 64/128? So am limited to WEP 128).
    > > Presume it would be best to use the wizard in XP SP2 and transfer the
    > > settings to the other computers with a flash drive and to the modem/gateway
    > > manually (as its USB connector is the “wrong end†to accept the flash drive).
    > >
    > >
    > > (3) Internet Infestation: I have Spybot and Norton Antivirus (within Norton
    > > Internet Security Pro) on each computer.
    > >
    > > Question: Considering that I would also like to avoid overkill, which of the
    > > other programs would you recommend, out of those in the article (StartUp,
    > > Process Explorer, Ad-Aware, a2-free) to best complement/supplement what I
    > > already have?
    > >
    > > Many thanks in advance, your advice is much appreciated.
    > >
    > >
    > >
    > > "Chris Gual [MSFT]" wrote:
    > >
    > > > Hi John,
    > > >
    > > > Jack answered a bunch of your questions in his followup post, but I
    > > > wanted to make a couple of points in addition.
    > > >
    > > > Entering the MAC addresses of your wireless cards into the router makes
    > > > use of a feature called 'MAC address filtering'. Ideally this should only
    > > > let the computers you own become active participants in your wireless
    > > > network. However, MAC address filtering is not a secure solution for a
    > > > wireless network. It can be defeated very easily, because:
    > > > 1) the data you are sending between your computers and router is still
    > > > unencrypted and anyone close enough can listen to it (it's just radio waves)
    > > > 2) it's fairly easy to spoof MAC addresses (here's a link to a product
    > > > that does this: http://www.klcconsulting.net/smac/ )
    > > >
    > > > If you want to improve the security of your wireless network, you have
    > > > to configure your computers and router for encryption.
    > > >
    > > > http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx
    > > >
    > > > Thanks,
    > > > Chris Gual [MSFT]
    > > > --
    > > > This posting is provided "AS IS" with no warranties, and confers no rights.
    > > >
    > > > "John TCI" <> wrote in message
    > > > news:...
    > > > >I am completely new to this issue and basically "computer illiterate", so
    > > > > please forgive my naivety. However, I am able to follow step-by-step
    > > > > instructions in user guides etc., as long as they do not use too much
    > > > > jargon.
    > > > >
    > > > > Have followed multifarious threads in these User Groups, over the past few
    > > > > days, trying to understand security and encryption etc of wireless
    > > > > networks
    > > > > (before I went ahead and tried anything myself). Unfortunately, I became
    > > > > totally confused and disillusioned.
    > > > >
    > > > > All my home PCs, laptops and peripherals (network router & wireless
    > > > > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    > > > > simple
    > > > > and the network has been working great for over 18 months. However, I had
    > > > > not
    > > > > had the time (nor the courage, nor the inclination) to tackle
    > > > > encryption/security. Especially as we have no near neighbours. Therefore,
    > > > > I
    > > > > have simply relied on Norton Internet Security Pro 2002, Windows Firewall
    > > > > &
    > > > > Spybot.
    > > > >
    > > > > From the threads, and bearing in mind the numerous problems of hardware &
    > > > > software configuration & incompatibility and the SP2 issue etc., which so
    > > > > many people are experiencing, I had decided, over the weekend, that
    > > > > security
    > > > > was not a priority (at least for me). It was more important to keep a
    > > > > network
    > > > > that just worked.
    > > > >
    > > > > However, it occurred to me that inputting the MAC addresses of the network
    > > > > adaptors into the router (and nothing else) could possibly be much
    > > > > easier(?)
    > > > > than & just as secure(?) as encryption (and without signal strength
    > > > > loss(?)
    > > > > nor transmission speed loss(?)).
    > > > >
    > > > > This I have now done. In total it took less than 10 minutes, including the
    > > > > time to read the 5 MAC addresses on the adaptors/ cards, input them onto
    > > > > the
    > > > > router and reboot (took longer to find the router's original installation
    > > > > CD,
    > > > > which contained the User Guide).
    > > > >
    > > > > Now only the designated PC's can connect to my network. However, the
    > > > > Windows
    > > > > XP "Wireless Network Connection" box tells me that the network is
    > > > > "Unsecured"
    > > > > and "configured for open access". This I guess is because it is not
    > > > > encrypted.
    > > > >
    > > > > I am obviously deluding myself as I have not found absolutely any
    > > > > reference
    > > > > to it at all in any of the threads anywhere. So what basic facts am I
    > > > > missing? What are the dangers/weaknesses of this solution?
    > > > >
    > > >
    > > >
    > > >
    =?Utf-8?B?TWFya0cgMzA=?=, Oct 29, 2004
    #8
  9. Hi John,

    Glad to see that you got encryption working, but I thought I would add a
    couple of words to help clarify how encryption and MAC address filtering
    relate to wireless security.

    In answer to question #2 below concerning 'Local Tapping', it might be
    useful to try to think of it as if your computer and router are
    communicating through walkie-talkies (which use radio waves like wireless).
    If you aren't using encryption, someone else who has a walkie talkie can
    listen in on the conversation. Setting up the MAC address filtering might
    keep them from joining you network, but they would still be able to
    evesdrop. Furthermore, it is also theoretically possible for someone to
    listen in on your computers, figure out what MAC addresses your computers
    use, and pretend to use one of those MAC addresses (MAC address spoofing).

    Using 128 bit WEP does a lot to help improve your networks security. I
    should also point out that there *are* known security vulnerabilities with
    WEP. It is also possible for someone to figure out the WEP key you are
    using by listening to enough encrypted traffic to crack the key. I believe
    they need to collect about 5-10 million packets. Gathering all these
    packets will probably take quite a bit of time, but it is *theoretically*
    possible. Chances are, WEP will probably be secure enough for your needs.
    WEP encryption will make it a lot more difficult for someone malicious to
    break into your network.

    For anyone interested in more info about theoretical vulnerabilities in
    802.11 security, Bernard Aboba has a good collection of links on this web
    page: http://www.drizzle.com/~aboba/IEEE/

    Thanks
    Chris Gual [MSFT]
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.


    "John TCI" <> wrote in message
    news:...
    > Jack & Chris,
    >
    > Many thanks to you both. Think I understand.
    > Great articles and relatively easy to understand, even for me. Thanks
    > again.
    > I was preparing a follow up to Jack when the response from Chris came in.
    > He
    > must be psychic as he has already answered the first question in section
    > 2.
    >
    > May I crave your indulgences a little further? Grateful if you could
    > clarify/amplify a few points taken in order from your most excellent
    > replies:-
    >
    > (1) Firewalls etc: As mentioned previously, each of my 5 computers has
    > Norton Internet Security. Windows Firewall is also enabled. Just read the
    > manual on the DSL Modem (Actiontec GT704-WG... our ISP uses PPPoA not
    > PPPoE).
    > Understood very little, because of the jargon/abbreviations, but have now
    > realized that it is also a gateway with the following default settings:
    > DMZ
    > Hosting, UPnP & Remote Management are "off". NAT is on. Firewall Security
    > was
    > set to basic. There are 3 other security levels and I have now set it to
    > "Medium" (which allows all services "out" and leaves open ports 25,110,
    > 7070,
    > 1503, 163, 443, 983 & 885 in the "in" column.). I have deliberately not
    > touched the Port Forwarding section...yet (Presume I may have to if I get
    > "access out" problems - have already lost "Remote Desktop" ability).
    >
    > Took the recommendation from one of the articles to install NetBEUI and
    > unchecked TCP/IP in file & printer sharing. Also had IPX/SPX, which had to
    > be
    > unchecked before the computers lost their ability to connect to one
    > another.now they all have NetBEUI and everything fine- except "Remote
    > Desktop". I assume that they are only now connecting with NetBEUI).
    >
    > Questions: (a) Do you now consider this arrangement sufficient for "normal
    > home" use? If not, can you specifically (or generally) recommend any other
    > programs/add-ons etc.?
    > (b) Have just had a quick look in the Remote Desktop
    > discussions...phew!!!!!
    > What is the best way to restore "Remote Desktop"? (enable Remote
    > Management
    > in the modem/gateway, open specific port(s) which? or do I have to do
    > both?)
    >
    > (2) Local Tapping: Each computer on the network is connected via the
    > router
    > (not directly to the DSL modem) and identified by its unique MAC address.
    > The
    > router is set to "deny access to all others". How can my neighbours or
    > passers by connect locally to the router and hence to my network?
    > This was my original concern. QUOTE: Wireless Network Connection box tells
    > me that the network is "Unsecured" and "configured for open access".
    > This, I
    > guess, is because it is not encrypted. UNQUOTE.
    >
    > Questions: (a) Would you recommend encryption on top? Can you recommend a
    > similar article to the others for "trouble free encryption for dummies"
    > (The
    > modem/gateway has options for WEP (up to 256bits), WEP+802.1x and WPA but
    > the
    > wireless adaptors/cards only for WEP 64/128? So am limited to WEP 128).
    > Presume it would be best to use the wizard in XP SP2 and transfer the
    > settings to the other computers with a flash drive and to the
    > modem/gateway
    > manually (as its USB connector is the "wrong end" to accept the flash
    > drive).
    >
    >
    > (3) Internet Infestation: I have Spybot and Norton Antivirus (within
    > Norton
    > Internet Security Pro) on each computer.
    >
    > Question: Considering that I would also like to avoid overkill, which of
    > the
    > other programs would you recommend, out of those in the article (StartUp,
    > Process Explorer, Ad-Aware, a2-free) to best complement/supplement what I
    > already have?
    >
    > Many thanks in advance, your advice is much appreciated.
    >
    >
    >
    > "Chris Gual [MSFT]" wrote:
    >
    >> Hi John,
    >>
    >> Jack answered a bunch of your questions in his followup post, but I
    >> wanted to make a couple of points in addition.
    >>
    >> Entering the MAC addresses of your wireless cards into the router
    >> makes
    >> use of a feature called 'MAC address filtering'. Ideally this should
    >> only
    >> let the computers you own become active participants in your wireless
    >> network. However, MAC address filtering is not a secure solution for a
    >> wireless network. It can be defeated very easily, because:
    >> 1) the data you are sending between your computers and router is
    >> still
    >> unencrypted and anyone close enough can listen to it (it's just radio
    >> waves)
    >> 2) it's fairly easy to spoof MAC addresses (here's a link to a
    >> product
    >> that does this: http://www.klcconsulting.net/smac/ )
    >>
    >> If you want to improve the security of your wireless network, you
    >> have
    >> to configure your computers and router for encryption.
    >>
    >>
    >> http://www.microsoft.com/hardware/broadbandnetworking/10_concept_wireless_security.mspx
    >>
    >> Thanks,
    >> Chris Gual [MSFT]
    >> --
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> "John TCI" <> wrote in message
    >> news:...
    >> >I am completely new to this issue and basically "computer illiterate",
    >> >so
    >> > please forgive my naivety. However, I am able to follow step-by-step
    >> > instructions in user guides etc., as long as they do not use too much
    >> > jargon.
    >> >
    >> > Have followed multifarious threads in these User Groups, over the past
    >> > few
    >> > days, trying to understand security and encryption etc of wireless
    >> > networks
    >> > (before I went ahead and tried anything myself). Unfortunately, I
    >> > became
    >> > totally confused and disillusioned.
    >> >
    >> > All my home PCs, laptops and peripherals (network router & wireless
    >> > adaptors) are Dell and have XP with SP2. Initial setup was relatively
    >> > simple
    >> > and the network has been working great for over 18 months. However, I
    >> > had
    >> > not
    >> > had the time (nor the courage, nor the inclination) to tackle
    >> > encryption/security. Especially as we have no near neighbours.
    >> > Therefore,
    >> > I
    >> > have simply relied on Norton Internet Security Pro 2002, Windows
    >> > Firewall
    >> > &
    >> > Spybot.
    >> >
    >> > From the threads, and bearing in mind the numerous problems of hardware
    >> > &
    >> > software configuration & incompatibility and the SP2 issue etc., which
    >> > so
    >> > many people are experiencing, I had decided, over the weekend, that
    >> > security
    >> > was not a priority (at least for me). It was more important to keep a
    >> > network
    >> > that just worked.
    >> >
    >> > However, it occurred to me that inputting the MAC addresses of the
    >> > network
    >> > adaptors into the router (and nothing else) could possibly be much
    >> > easier(?)
    >> > than & just as secure(?) as encryption (and without signal strength
    >> > loss(?)
    >> > nor transmission speed loss(?)).
    >> >
    >> > This I have now done. In total it took less than 10 minutes, including
    >> > the
    >> > time to read the 5 MAC addresses on the adaptors/ cards, input them
    >> > onto
    >> > the
    >> > router and reboot (took longer to find the router's original
    >> > installation
    >> > CD,
    >> > which contained the User Guide).
    >> >
    >> > Now only the designated PC's can connect to my network. However, the
    >> > Windows
    >> > XP "Wireless Network Connection" box tells me that the network is
    >> > "Unsecured"
    >> > and "configured for open access". This I guess is because it is not
    >> > encrypted.
    >> >
    >> > I am obviously deluding myself as I have not found absolutely any
    >> > reference
    >> > to it at all in any of the threads anywhere. So what basic facts am I
    >> > missing? What are the dangers/weaknesses of this solution?
    >> >

    >>
    >>
    >>
    Chris Gual [MSFT], Oct 30, 2004
    #9
  10. Hi Pavel,

    I don't know if SMAC actually works. I included the link as an
    illustration that MAC address spoofing is an acutal vulnerability that does
    exist.

    If the person doing the MAC spoofing is using an open source OS they
    will probably be able to modify the netcard driver.

    Thanks,
    Chris Gual [MSFT]
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    it should also be possible to modify their driver as well.



    "Pavel A." <> wrote in message
    news:...
    > "Chris Gual [MSFT]" wrote:
    >> 2) it's fairly easy to spoof MAC addresses (here's a link to a
    >> product
    >> that does this: http://www.klcconsulting.net/smac/ )

    >
    > I doubt that SMAC really does what it claims.
    > From the description on their site, it seems to detect that adapter
    > supports overriding MAC address, but does not expose this to user -
    > then it simply employs this feature.
    >
    > However, this trick will fail if the netcard driver or firmware don't
    > allow
    > overriding MAC address. The wireless router will see the original MAC
    > address,
    > no matter what address Windows sees.
    > In this case only modification of the driver and/or firmware can help,
    > and it is possible.
    >
    > Regards,
    > --PA
    >
    Chris Gual [MSFT], Oct 30, 2004
    #10
  11. On Fri, 29 Oct 2004 01:43:03 -0700, "MarkG 30" <MarkG
    > wrote:

    >I'm really struggling to get 128 bit WEP to work, using a Netgear DG834G
    >with latest firmware. After setting up my wireless laptop, I get a
    >'connection' ie max signal strength etc, but no data transfer. There seems
    >to be an attempt to send, but nothing coming back. When trying to access any
    >internet sites etc, absolutely nothing... Any ideas folks ?


    This SHOULD be a piece of cake - but isn't always. Tell us how you're
    implementing the encryption and what equipment you are using on the
    client machine (i.e. Intel Centrino built in wireless or PCMCIA / USB
    card and if so which manufacturer and model)

    For example, typically on the DG834G the easiest way to enable 128bit
    WEP is to type in a pass phrase, eg "fastfish", and the router
    automatically generates the key for you. It will be a string of
    apparently meaningless numbers and letters.

    Now you have to connect your laptop to the encrypted network. Are you
    using a Netgear card and if so, are you using the native GUI (i.e. the
    wireless smart configuration utility which ships with the card) or are
    you using the Windows configuration (WZC)? The reason this is
    important is because the way you input the key will vary.

    If you are using the Netgear GUI then you would select 128bit WEP and
    generate the key automatically. However if you are using hardware
    from a different vendor (e.g. US Robotics) and try to generate the key
    automatically it will fail as the software is proprietry (resulting in
    a different key being generated from the same passphrase). Similarly
    if you are using WZC then no key at all will be generated if you
    simply enter "fastfish" and authentication will still fail.

    Basically, to get around this, you would need to copy down the key
    generated by the router, character by character, and enter it exactly
    into the WZC. If you are indeed using a different hardware vendor (as
    in our e.g. of US Robotics) and you are using their native GUI then
    you'd need to turn off the "generate key" option and again type it in
    character by character. Do it any other way and the key will not
    match, authentication will fail and, although Windows will report that
    are connected, the IP will totally different from the ones issued by
    your router and the connection will dead as a dornail.
    Simon Pleasants, Nov 1, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. valko

    MCSD for dummies?

    valko, Sep 21, 2004, in forum: MCSD
    Replies:
    3
    Views:
    725
    Guest
    Sep 22, 2004
  2. j

    Online Security for dummies

    j, Nov 16, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    448
    Moe Trin
    Nov 16, 2004
  3. Squirrel

    Wireless for Dummies

    Squirrel, Sep 21, 2005, in forum: NZ Computing
    Replies:
    37
    Views:
    1,115
    Nathan Mercer
    Oct 4, 2005
  4. Pete Holland Jr.

    Wifi Security For Dummies

    Pete Holland Jr., May 4, 2008, in forum: Computer Support
    Replies:
    3
    Views:
    625
    Pete Holland Jr.
    May 5, 2008
  5. Giuen
    Replies:
    0
    Views:
    738
    Giuen
    Sep 12, 2008
Loading...

Share This Page