Wireless router security!

[AledJ]

Should get my new wireless router in a few days! But I wanted to know what is the best security to enable on it. The options are:

Wi-Fi Protected Setup, 256-bit WPA/WPA2™-Personal, 64-bit, 128-bit WEP encryption

WEP (64-128bit), WPA-PSK (TKIP), WPA2-PSK (AES) with WPS Push Button

In the brief about the router it says 'Supports Wi-Fi Protected Setup Push button for simple wireless security setup' Now how good is this push button security?? Or should i configure one of the other int he web based setup of the router??

[peterb]

WPA/WPA2 is better than WEP, which is better than nothing at all! Which one you use partly depends on the capabilities of the computer and wireless adapter you are connecting to.

Take things in stages - get the wireless link working without any security at all, then add the various protection medasures as you go.

Consider limiting connections to the MAC address of the computer. There is little point in cloaking the SSID of the router, but do change the SSID (to something anonymous that doesn't link it to you, and as I say, at least WEP 128 bit, but preferably WPA/WPA2.

[Agent]

Don't bother with WEP - waste of time and easy to break into.

If you can use WPA2 use it, if not use WPA.

I'm not sure if the button is like what is found on the Linksys routers, but they just set up a password + configure devices without needing to mess about with the webadmin panel etc

Just remember - the best security is no wi-fi. If you use it, turn it off when not needed and change the password regularly. Set it up so it's locked to MAC addresses too - these are not hard to sniff either, but every layer helps.

edit - doh, beaten. Got to stop leaving tabs open for so long

[AledJ]

WPA/WPA2 is better than WEP, which is better than nothing at all! Which one you use partly depends on the capabilities of the computer and wireless adapter you are connecting to.

Take things in stages - get the wireless link working without any security at all, then add the various protection medasures as you go.

Consider limiting connections to the MAC address of the computer. There is little point in cloaking the SSID of the router, but do change the SSID (to something anonymous that doesn't link it to you, and as I say, at least WEP 128 bit, but preferably WPA/WPA2.

As you say I intend to get the thing working first. With the locking the MAC address will that mean also having to add the one pc that will be wired to the router? The other pc and three laptops will have the MAC address locked in the router. SSID - that's the network key that allows other pc's to connect tot he network?? If so I will defiantly change this. Is it best to use a mix of number and letters?

Don't bother with WEP - waste of time and easy to break into.

If you can use WPA2 use it, if not use WPA.

I'm not sure if the button is like what is found on the Linksys routers, but they just set up a password + configure devices without needing to mess about with the webadmin panel etc

Just remember - the best security is no wi-fi. If you use it, turn it off when not needed and change the password regularly. Set it up so it's locked to MAC addresses too - these are not hard to sniff either, but every layer helps.

edit - doh, beaten. Got to stop leaving tabs open for so long

Agent your post was useful! I didn't know that the push button thing only set the password and so on. So that is helpful to know.

[AledJ]

Had a litle reda of the manual for the router and it says:

"WPS uses WPA/WPA2 (described on page 39) for encryption. It does not provide additional security, but rather, standardizes the method for securing your wireless network. You may use either the Push Button Configuration (PBC) method or PIN method to allow a device access to your wireless network. Conceptually, the two methods work as follows:
PBC: Push and hold the WPS button located on the back of your Router for three seconds. Then, initiate the WPS procedure on the client device within two minutes. Refer to your client’s documentation on this procedure. Pushing the PBC button will automatically enable WPA/WPA2. The client has now been securely added to your wireless network."

So I take from i that by pushing the button it will aromatically enable the wpa/wpa2. Also seen on the manual that I need to download KB971021 from Microsoft. I can see something going wrong lol Or do I have nothing to worry about??? Would it have been in sp3??


edit: One thing I would like to know is this. Can I set the router up using my vista laptop and then connect the home pc which will be wired to the router?? Or do I have to set it up on the pc that will be wired to it??

I know my question seem odd but I just want to make sure i have no hiccups. The reason I want to use my laptop to set it up is due to me not having a lot of faith in the home pc lol I assume that because my home pc will be wired tot he router its mac address does not need to be entered, and so after set-up i can just hook it up and have net access?

[armoured_smiler]

Just make sure your login accounts are secure if using Windows enviroment as WPA2 has other security loopholes

'MSchapv2 works by using user and password credentials to authenticate the client to the server and a certificate to authenticate the server to the client. This however is not as secure as it seems as it is very easy to bypass the requirement for a certificate just by unchecking the requirement to validate the server certificate (as below) effectively making the client certificate redundant.

This means that anyone with a WPA2 aes capable laptop / pda / phone can connect to the SEN providing they have access to a domain id and password.'

Cheers
Paul

[AledJ]

Just make sure your login accounts are secure if using Windows enviroment as WPA2 has other security loopholes

'MSchapv2 works by using user and password credentials to authenticate the client to the server and a certificate to authenticate the server to the client. This however is not as secure as it seems as it is very easy to bypass the requirement for a certificate just by unchecking the requirement to validate the server certificate (as below) effectively making the client certificate redundant.

This means that anyone with a WPA2 aes capable laptop / pda / phone can connect to the SEN providing they have access to a domain id and password.'

Cheers
Paul

I'll keep that in mind! I would have preferred to to keep all the connections on wire, but its too far to lay cable.

But can I set up the router using my laptop? And plug in the home pc which will have the only wire connection. From what I have read the only mac address that are need to be put in are those for the wireless devices.