How to Achieve Wireless Security?

Discussion in 'Wireless Networks' started by Anton, Oct 19, 2004.

  1. Anton

    Anton Guest

    Hi,

    Currently I have LAN (Local Area Network): one desktop and one notebook
    computers with Win XP Professional SP2 installed on both of them.

    They are connected via Belkin 802.11g Wireless DSL/Cable Gateway Router F5D
    7230-4 to a
    cable modem. My notebook is wirelessly connected to the router with Belkin
    802.11g Wireless Notebook Network Card F5D7010. The desktop has wired
    Ethernet connection to the router.



    Can you please advice how exactly I should properly configure the wireless
    security of my LAN taking into account the following additional information:



    About the Router
    a.. Currently the wireless security is "disabled" It could be changed to
    "WPA-PSK" or "128 bit WEP" or "64 bit WEP"
    b.. The feature Use as Access Point is "disabled"
    c.. Wireless bridge is "enabled"

    About the Wireless card

    a.. Wireless interface compliance with the IEEE 802.11b standard and 54g
    products
    b.. 64 or 128 bit Wireless (WEP) Encryption


    I read many articles and tried to make use of the new SP2 wireless security
    features but without success.

    What I need is a detailed step-by-step procedure to address how to make
    secure the wireless part of my LAN configuration as described above.



    Thanks in advance, A. Ratchev
     
    Anton, Oct 19, 2004
    #1
    1. Advertisements

  2. Greetings Anton,

    Log into the router's web based utility. Open the browser and and in the
    address bar type 192.168.2.1. Enter the router with its default username and
    password unless you changed it. Then enter that username and password. Put
    the highest encryption on the router that your network equipment can
    support. Check with the manufacturer for details. Since you have Service
    Pack 2 installed, you can run the Wireless Network Setup Wizard to configure
    those settings. For more information, see the following link.

    The New Wireless Network Setup Wizard in Windows XP Service Pack 2
    http://www.microsoft.com/technet/community/columns/cableguy/cg0604.mspx

    FYI, that router does have support for WPA. The router's documentation and
    additional information about the router can be obtained at the
    manufacturer's website in the link below.

    http://web.belkin.com/support/download/downloaddetails.asp?download=994&lang=1

    _______________
    Eric Cross
    Microsoft MVP (Windows Networking)
    http://mvp.support.microsoft.com/
     
    Eric Cross [MVP], Oct 19, 2004
    #2
    1. Advertisements

  3. Anton

    Dana Brash Guest

    Hi Anton,

    First step would be to read the manual:
    http://web.belkin.com/support/download/files/F5D7230-4_80211g_Manual.pdf

    Here are the full specs for your card.
    FAQ: What are the wireless specifications for the F5D7001 802.11g Wireless
    Desktop Network Card?
    http://web.belkin.com/support/kb/kb.asp?a=3795&langid=1

    It is important to note that, according to these specs, your card can use
    WPA.

    I would make 3 basic recommendations. You can also choose to lock down
    things like ping (ICMP) and what not as well. Review these options in the
    manual. For starters, you should (in no particular order):

    1. Set Encryption
    You should use WPA-PSK. Pick a long, random key. Don't waste your time with
    WEP, it's been hacked for years.
    How to do it on your router:
    Start on Page 49 of the Manual
    also here:
    http://search.belkin.com/cgi-bin/Ms..._id=9110272&query=F5D72304*&hiword=F5D72304*+


    Once you've got it configured on the router, you just go into the properties
    of the Wireless settings in Windows and ADD a wireless network with the
    correct properties. The information on the properties must match what's on
    the router.

    2. Turn off Broadcast SSID ~~ at least then you're not advertising...(manual
    page 44)

    3. Enable MAC filtering on the AP (manual page 61)

    *****
    Or, you can move here to China where we've got the best wireless security of
    all: 20cm thick cement and brick walls. (and those are just the internals!)

    ;-)

    *****

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA

     
    Dana Brash, Oct 19, 2004
    #3
  4. Anton

    BAR Guest

    Ensure you set a unique SSID and not accpet the default.

    Broadcasting your SSID may not be wise, as it just identifies a target for
    someone who is actively seeking to havk; be it for the purposes of obtaing
    free internet access or to do harm to your network devices.

    For additional security you can and should use Wired Equivalent Privacy
    (WEP) algorithm: and set this at 64bit: you can then choose a combination of
    10 hexadecimal characters [0-9 + A-F], again for this may I recommend you
    select your mobile phone number as it is 10 characters long and not known to
    all your neighbours.

    Additionally you can set the Access Point to only allow access to specific
    units, where you would enter their MAC address, again a series of Hex
    numbers, usually found on the Wireless Card plugged into the Laptops or other
    desktop PCs.
     
    BAR, Oct 20, 2004
    #4
  5. Anton

    Dana Brash Guest

    Good point with renaming the SSID, but why would you recommend WEP over WPA?
    WEP hasn't been secure for years, and can be hacked very quickly.

    Here's the tool:
    http://www.cr0.net:8040/code/network/aircrack/

    Here's the discussion:
    http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
    http://www.cs.umd.edu/~waa/wireless.html
    http://www.wi-fiplanet.com/tutorials/article.php/1368661

    WEP is better than nothing by a very small margin, but since Anton has the
    ability to use WPA, I would very much recommend going with that.



    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA



     
    Dana Brash, Oct 21, 2004
    #5
  6. Anton

    Anton Guest

    Hi Dana, Eric, Jack, Bar,



    Thanks a lot for your advices. I configured my LAN with WEP wireless
    security, since the current wireless card does not support WPA security. All
    is working fine.

    However I learned from your input that it is better to go for WPA security.
    Also you pointed that if I update my wireless card driver with Belkin it
    should support the new WPA security feature. So I will try to update my
    driver and will go ahead with the WPA security configuration.

    Thanks again to all for the useful information



    Best regards, Anton





     
    Anton, Oct 21, 2004
    #6
  7. Carey Holzman, Nov 10, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.