Protection using a wireless router

D

deadman_uk

[H]ard|Gawd
Joined
Jun 30, 2003
Messages
1,982
Currently I am connected to the Internet using a cable modem at a speed of 10mb/sec. I have a software firewall, anti-virus and anti-spyware applications installed as well.

For multiple reasons, I am looking into purchasing a wireless router but how secure are these compared to my current setup? What protection is there from drive-by hackers who crawl into unprotected wireless connectionss? How do I make my potential wireless router safe?
 
xphil3 said:
seriously, google is your friend
http://www.practicallynetworked.com/support/wireless_secure.htm
http://whatismyipaddress.com/staticpages/index.php/what-is-NAT
http://www.firewallguide.com/wireless.htm

Note* I would have posted more technical documentation but from the likes of your question I found the most non-technical documents... I think. I didn't read them actually....
Click to expand...

As you know, technology changes all the time, and it is often common to read out of date information when searching the Internet, which is why I came here. But thanks for your links, they appear helpful.
 
Modern wireless routers are as secure as you make them. You can configure yours to be anywhere from completely open (anyone with a wifi adapter can see and connect to it) to using high-bit encryption and verifying against a RADIUS server before the connection will even be made.

WEP was the first encryption method used on home wireless routers. It has a slight flaw where some sensitive information is static in the packet. If you get enough of these packets, you can compare them and figure out the encryption key. At first, the biggest problem was just sitting around waiting for enough packets. Then they figured out a way to get the router to "talk" constantly, meaning you could collect enough packets in a very short time. WEP can now be cracked in under 5 minutes. This is the equivalent of those interior bathroom doors that can be unlocked just by turning a coin in a slot - it will keep out the honest and those with no computer-savvy, but anyone who wants in can get in easily.

WPA came out after that, and now there's WPA2. A company recently claimed a huge breakthrough that let them crack WPA2 passwords twenty times faster. However, a 10 character password using only upper- and lower-case letters plus numbers (fairly simple in password terms), brute-forcing the password at 500,000 keys/sec would take 53,968 years. Even if you speed that up 1000x, it will still take them over 5 years to brute-force all possible keys. Just going up to a 15 character password (still just letters and numbers), it increases that to 49,441,210,451,953 years. http://lastbit.com/pswcalc.asp to do your own calculations. If you just change the password every now and then, it essentially makes it impossible to crack. This is the equivalent of a strong door with several very good padlocks on it, with complex keys.

One huge security feature of wifi is that it's local. Even if you have very thin walls and a high-power router, someone would probably still need to be within a block or so to actually use your wireless. Whereas breaking into your PC through a cable modem can be done from anywhere on the internet, wireless requires the guy to be sitting outside your house.

The biggest vulnerability is the exact same one that it's always been - people. A number of the recent attacks have simply tried to break into routers by using default and very simple passwords. If you don't enable any of the security features on the router (like allowing access to the configuration only from the LAN side, not the internet side) and leave the password blank or set it to "password", then you're still very vulnerable and it has nothing to do with the technical merits of the equipment. This is the equivalent of taking the strong door with padlocks above, and leaving the keys in the locks and the door slightly ajar.
 
deadman_uk said:
Currently I am connected to the Internet using a cable modem at a speed of 10mb/sec. I have a software firewall, anti-virus and anti-spyware applications installed as well.

For multiple reasons, I am looking into purchasing a wireless router but how secure are these compared to my current setup? What protection is there from drive-by hackers who crawl into unprotected wireless connectionss? How do I make my potential wireless router safe?
Click to expand...

Your computer is better protected from the real threat....unwanted traffic hitting it from the internet, because your computer is behind a NAT hardware firewall. Exploits can come out which knock out software firewalls.

Change the admin password on your routers web admin to something decent, keep its firmware up to date, and secure your wireless with WPA minimum or better yet..WPA2..and you're fine. Sit back and enjoy.
 
Thanks very much for that helpful reply InvisiBill, also thanks YeOldeStonecat for yours.

Is WPA2 something that comes with the router or ??? How would one make a router have WPA2 encryption?
 
deadman_uk said:
Thanks very much for that helpful reply InvisiBill, also thanks YeOldeStonecat for yours.

Is WPA2 something that comes with the router or ??? How would one make a router have WPA2 encryption?
Click to expand...

Most newer home grade routers support it. Some slightly older models may be able to support it with a firmware upgrade (which is free and easily done by the end user).

Most newer network cards will support WPA2..if not, usually they can with a driver update, and your Microsoft Windows updates (if you have an older unupdated version of XP).
 
Good answer InvisiBill.

Deadman_UK, at some point you're going to have to break down and RTFM. Most(All?) wireless routers come with WPA2 these days.
 
The Linksys WRT54GS supports WPA2 which is good, as I am watching this router on eBay. You say my network card would need to support WPA2? My network card is onboard, Would by ABIT IP35 Pro XE motherboard support WPA2? I looked on abits website and couldn't find anything useful:

http://www.abit.com.tw/page/uk/moth...ail.php?pMODEL_NAME=IP35+Pro+XE&fMTYPE=LGA775

ShockValue, sorry, I am not following you, what do you mean I will have a break down? and what does RTFM stand for?
 
WPA2 is only for wireless, it only keeps the drive by guys from sitting outside your house and using/abusing your network.

Laptop(WPA2)<--------->(WPA2)Router<-------->Home Network (Physical Wires)

All the computers physically attached via network cable won't be using WPA2.
 
deadman_uk said:
You say my network card would need to support WPA2? My network card is onboard, Would by ABIT IP35 Pro XE motherboard support WPA2? I looked on abits website and couldn't find anything useful:

http://www.abit.com.tw/page/uk/moth...ail.php?pMODEL_NAME=IP35+Pro+XE&fMTYPE=LGA775
and what does RTFM stand for?
Click to expand...

WEP, WPA, WPA2..those are security standards for wireless. If you're using onboard ethernet with a patch cable...this does not apply. Unless you meant your onboard was an onboard wireless NIC...I tried to open that link..but in typical Abit website fashion....it's painfully excruciatingly slow and I gave up after 5 minutes.

RTFM means Read The F$*(ing Manual.
 
ShockValue said:
WPA2 is only for wireless, it only keeps the drive by guys from sitting outside your house and using/abusing your network.

Laptop(WPA2)<--------->(WPA2)Router<-------->Home Network (Physical Wires)

All the computers physically attached via network cable won't be using WPA2.
Click to expand...

So why would I go wireless if I am not protected from drive by hackers? How do I make my PC WPA2 ready?

YeOldeStonecat said:
WEP, WPA, WPA2..those are security standards for wireless. If you're using onboard ethernet with a patch cable...this does not apply. Unless you meant your onboard was an onboard wireless NIC...I tried to open that link..but in typical Abit website fashion....it's painfully excruciatingly slow and I gave up after 5 minutes.

RTFM means Read The F$*(ing Manual.
Click to expand...

I have a cat 5e patch cable (same connection on both ends) connecting from my onboard Ethernet card port into the back of my NTL cable modem. I don't want to go wireless if I have less protection than I do now. I don't want drive by hackers getting into my network.

RTFM means read the f** manual? That's going to be hard since I don't know what wireless router I want to get yet.
 
Setup your router for WPA2, use a strong password.

Wireless routers let you turn down the signal strength so it's less likely someone driving by can hit your network.

Is this for a house or apt? Wouldn't you notice someone parked in front of your house sitting in their car using a laptop wanking off using your network? I know in my neighborhood we would.
 
if you happen to get a wireless router...
remove the antennas (yup, they are usually removeable), and then you can also disable the wireless within the router itself.

This basically gives you a hard-wired-only router.

If you don't have, and don't plan on getting, any devices that can take advantage of wireless, then that's what I would do. No need in having your wireless available if you will never use it.
 
If I set up my router for WPA2 wouldn't still not be WPA2 because my onboard ethernet card may not support/have WPA2?

I would like this wireless connection to be available throughout my 3 bedroom house. I am not going to keep looking out of my window for drive by hackers, that's insane. I am not the only one using the Internet, I share it with my siblings and mum, when I am sleeping or away, what happens then? Come on Shane lol, be realistic...

j-sta, the whole reason I want to go wireless is to enable several portable devices like a Nokia N810 to access the Internet when I am away from the computer. If I remove the antennas and disable the wireless inside the router, how is that wireless? It seems I would be no better off than I am now on my wired connection.
 
Last edited:
I have a solution to your question.
This is how I am giving you the solution.
Read the manual that came with the equipment.
Duh, It will come with default passwords and user ids.
This is an age old problem. People want things but dont want to learn the basics.
Another thing that will help you. Ask people who are over 45 to help you.
We have been in this area since DOS.

Dave
 
Dave, I have some routers on ebay watch, but 2 of them do not come with a manual. Ok, I could possibly download an electronic version of the manual if I am lucky but I haven't even decided what router I want. I will do research and read reviews.
 
Stop worrying about WPA2 with your ethernet connected devices. WPA2 is a security feature for your wireless connections.

Edit: Amazing, a quick google search came up with this. "The N810 connects to the Internet effortlessly, either through Wi-Fi 802.11 b/g (with WPA2) or using a Bluetooth connection to a mobile phone." So your Nokia N810 will have no trouble connecting to your WPA2 enabled wireless router.
 
Last edited:
deadman_uk said:
So why would I go wireless if I am not protected from drive by hackers? How do I make my PC WPA2 ready?



I have a cat 5e patch cable (same connection on both ends) connecting from my onboard Ethernet card port into the back of my NTL cable modem. I don't want to go wireless if I have less protection than I do now. I don't want drive by hackers getting into my network.
Click to expand...

You are protected by drive by hackers....IF you enable wireless security. WEP, WPA, or WPA2. Yes WEP is cracked rather easily these days...but lets take off our tin foil hats here....the percentage of booger pickers next door to you really don't bother with it. Enable WPA or WPA2 security....and stop biting your nails and losing sleep over worrying about it.

Right now, with your PC plugged directly into your cable modem without any hardware NAT firewall....now THAT is something that would make me lose sleep...I'd be formatting my computer right now!

Seriously...for a home network....just enable some sort of wireless security..sit back and enjoy it.
 
So deadman, what they are telling you is ANY kind of router, with ANY kind of password, and ANY kind of protection (be it WEP, WPA or ABC)
is better than what you have now.
Get something, hook it up (per the manual), and move on!
 
Shane, I never said the N810 has problems connecting to the Internet, but I am glad you can tld me it can be used with WPA2, thanks for that.

Ok, I will look into wireless routers now, either Linksys or D-Link I hear are good. I will read reviews and also educate myself more. As long as I can get my router running WPA2, I will be pleased.
 
Didn't we go over all of this in your other thread...?

I have a 6 year old standard WRT54G v3.1 flashed with Tomato running WPA2.. its not a big deal. As was said above, almost anything can do it.

No offense or anything, but I find it kinda funny that you are keep associating wireless encryption schemes with your wired PC.. they have absolutely nothing to do with eachother.

Wikipedia it is your friend.
 
I think you've got it now, but just to clarify...

With your home PC, the ethernet cable is your connection to the router. The only way someone can break into your home network via ethernet is by coming inside and plugging in a cable. If you don't know how to prevent that, you've got much bigger issues.

WiFi is essentially a wireless ethernet cable. It's a wireless link from your DS/laptop/phone to the router. It's the equivalent of what the ethernet cable does for your home PC.

Because WiFi has to broadcast its signal to be useful (i.e. so that you can connect your DS/laptop/phone), some of that signal is most likely going to end up where you can't physically control it (i.e. outside your house). The stronger your signal, the better your connection will be (to an extent), but also the further it will spread. You can do certain things to limit how far your signal spreads - my parents' router is in their basement (cement wall foundation) so the signal broadcasts pretty much straight up through the softer walls and floors, but not too far around. If you're super-paranoid, build a Faraday cage into your house's walls. However, that will keep the signal from reaching your patio if you just want to relax outside and read something online.

Encryption (WEP, WPA, etc.) has been added to WiFi to allow you to broadcast your signal outside of your physical control area, without anyone and everyone being able to use it. Think of it as a password on your WiFi. In order for someone to connect to your home network via WiFi, they need to know the password. As I said before, WEP passwords are trivial to crack now. WPA2 is the current standard (supported on everything current except the very cheapest items), and even with a pretty simple password being attacked by a dedicated cracking farm, will take 5 years to break.

As with almost every single password system out there, the easiest way in is through the human. Not configuring the security options or using extremely weak or easily guessed passwords is still the biggest source of breaches. It's a lot more likely that someone will get into your network via "admin/password" than by setting up a portable cracking farm in a car parked on the street in front of your house. See http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common/31-router-worm.html for an example.
As described in the Drone BL Blog the worm works with a brute force attack using dictonary based random passwords - there is nothing we could technically do to prevent that in general. To succeed the worm requires a router whith management access enabled at the WAN port (Web / SSH / Telnet) at the standard(!) TCP/IP ports for the services and a weak administrator password.
Click to expand...
 
You must log in or register to reply here.
Back
Top