Should I have more wireless security?

[Parm]

I've got a wireless network setup at home (and love it I should add!), but I've never used the security measures such as WEP, WAP and WOP and WIP etc etc.

The way I have my router setup is that I manually setup the access list by putting the MAC Addresses of all my devices on it. My thinking is, by allowing only the devices I list, do I need any other security? Now that I think about it, I've probably answered my own question as I've been running it this way for almost two years and haven't run into a problem yet.

Nonetheless, should I have more security? Are there any other advantages to WEP etc or am I ok to just use the access list? The reason I ask if I've bought a new router and that's on the way today so I'll be setting it up later!

[peterb]

There are two main threats to a wireless network. The first is someone hijacking your link and using your internet connection and your computer. The second is someone eavesdropping on the data that is passing over the wireless link.

Tieing down the MAC addresses helps prevent the first, although a determined attack can determine the MAC addresses that are permitted. They can then be spoofed and used to gain access to your system. Some routers allow you to restrict certain MAC addresses to internet access only, providing an additional maesure of protection to your internal network, and there are per computer measures to protect that data, but they are not really to do with the security of the wireless link.

The second attack can be countered by encrypting the linlk. This will also m,ake it harder to determine MAC addresses. WEP is weaker than WPA, but again requires a determined attack to break it. For most people 128 bit WEP will be good enough, but if your system provides WPA, then there is no reason why you shouldn't use it.

So the bottom line is that you should use encryption on the link. Use the strongest that your set up supports, but if that is 'only WEP' then you should use 128 bit keys. Ultimately it comes down to risk assessment. What is the chance of you being the subject of a determined attack (as opposed to an opportunist attack) and what is the potential damage to someone successfully braeking into the network. (As an aside, I lived in a flat in an inner city area, with a hotel nearby - hardly a week went by without an (unsuccessful) attempt to use my system, almost certainly by people staying in the hotel. I now live in a rural area, and I have never seen any attempt in over 2 years)

[Parm]

Thanks for the info peterb, very informative! If I use WPA on the new router, is that likely to affect my speeds at all? Does a wireless network perform better in terms of connection speed with or without the added security?

Also, with different devices connecting, do they all have to be capable of WPA? I'll be connecting a PC, an iMac, an Xbox 360, a MacBook and mobile phone. If say one device only supports WEP, will that mean I'll have to downgrage the whole network to WEP?

[aidanjt]

WPA_PSK (TPIK) is ideal for most networks. WEP is weak as strained tea through your granny's undies, it only a matter of seconds of packet scanning an active WEP network to crack the key. As far as encryption goes, the only thing worse than WEP is CSS used on DVDs. The only good WEP is, is to stop your clueless neighbour from piggybacking your internet connection, either by ignorance or malice.

[Splash]

The simple answer is that if you feel you have to ask that question, yes. Even WEP is better than nothing, but there are better solutions.

If you apply some form of encryption to your network and somebody gets caught using it then they at least don't have the "I didn't know" or "I thought it was ok" excuse.

[peterb]

WPA_PSK (TPIK) is ideal for most networks. WEP is weak as strained tea through your granny's undies, it only a matter of seconds of packet scanning an active WEP network to crack the key.

Slight exaguration, but WEP is susceptable to cracking by a determined attack (ie, if you are specifically targeted) but is good enough to prevent a casual/opportunist attempt to use your connection - as I said in my oiriginal reply I have never been compromised in the two situations I described.

Yes, all devices have to WPA capable to be able to use WPA, and no, you shouldn't see any noticeable degradation in performance. If all your devices support WPA, use that, if not then use WEP with a 128 bit key.

[Fraz]

Put it this way... just imagine if a paedophile happened to be living next door, and he/she hijacked your wireless internet connection for his/her dirty misdeeds. Guess whose door is gonna be getting knocked on by the police, and guess who is gonna get in trouble: You, not them.

[Agent]

MAC addresses are unencrypted, so someone sniffing at the right time can grab the ones you use easily enough.

As for the performance hit, it purely depends on your hardware. Most recent routers won't have any difference, some older ones will (I've experienced this first hand). Its not huge, but its there.

[Lee H]

I use my wireless with the following settings - SSID hidden, MAC filtering and WPA-PSK for my devices at home.

[Parm]

Thanks for all the great advice!

Like Lee above, I'm now running with SSID hidden, MAC filtering on and WPA-PSK security. The new router is up and running and it's flying along at the mo, very happy with it.

I was going to use a 63 digit key for the WPA-PSK, but then went I figured I'd have to go round entering it manually into each device, I changed my mind hehehe. Now have one that's a bit shorter.

[Fraz]

I was going to use a 63 digit key for the WPA-PSK, but then went I figured I'd have to go round entering it manually into each device, I changed my mind hehehe. Now have one that's a bit shorter.

Best thing to do for long wireless keys is to put the key in a text file in a USB flash drive, then you can just cut and paste the key from the file for all the computers.

[Agent]

Best thing to do for long wireless keys is to put the key in a text file in a USB flash drive, then you can just cut and paste the key from the file for all the computers.

Yup, me too.
I use http://www.pctools.com/guides/password/ to generate one

[Parm]

Best thing to do for long wireless keys is to put the key in a text file in a USB flash drive, then you can just cut and paste the key from the file for all the computers.

That'd sort me out on the PC and iMac but I'd still be stuck with the printer, Xbox 360 and mobile phone...the three worst things to punch the code into hehe.

Everything seems to be up and running now but I've just hit a bump in the road, media sharing with my 360 no longer seems to work. The DG834N router is now downstairs and plugged straight into the console, and I've got the WN121T wireless adapter plugged into my PC upstairs. Media sharing is setup but the 360 just doesn't see my PC. Hmmm.

[Fraz]

That'd sort me out on the PC and iMac but I'd still be stuck with the printer, Xbox 360 and mobile phone...the three worst things to punch the code into hehe.

ah...good point!

[Kumagoro]

MAC filtering is really easy to get past like agent said it is sent unencrypted and will be picked up
in seconds. Using something like macshift they can get in just like that. Hiding your SSID does nothing
to stop people it and MACs appear in Kismet in seconds. Both kismet and macshift are easy to use.

WEP is far better than either of those two so if thats all you can use then use it. If you can use one
of the stronger ones use one of those.

[Jay]

I love the way it says "more wireless security".... you have none at the moment! lol some good advice here though mate .