Setting up wireless, would this be a good idea?

[Digital-Vortex]

Hey,

Im looking to expand my hjome network and add a wireless section for 2 laptops.
While its only a home network, security is still important.

Currently I have a linksys 4port router/switch doing all the DHCP, im looking to add in a linksys wireless G with 4 port switch.

My main concern is just people getting on tho, and with that setup it gives them WAY too much access, so i plan on useing WEP Encrytion AND MAC Address filtering to work with only the 2 laptops.

would this work? I have not bought the linksys yet to see if this is possible when its only set as an AP.

Thanks for any help

 

[logik]

i've got a similar setup. i'd recommend an access point like the WAP54G instead of a second router. while what you want is possible, it's just more headaches than necessary. a WAP would be just plug and go.

for security here i just use WPA because i never know what other laptops might show up that need access, and dont feel the need to log their mac address. on a previous network where i only had the one laptop i did however. mac addresses are easily spoofed, so its not a foolproof security, but what is

I don't have a link verifying it, or describing the holes, but i'd recommend WPA over WEP. WPA is more secure.

 

[ktwebb]

WPA is a better solution however it is vulnerable to brute force attacks so you need to make your password at least 20 characters, alphanumeric, and throw in a capital letter or two as well.

As for dedicated AP or AP/Router. I prefer dedicated AP's myself however you can usually get the AP/Router combo cheaper, and you get a switch in the deal. It's a much better bargain. The configuration to make it an AP only is minimal. All you need to do is disable DHCP and bypass the WAN port completely on the router side. You'd just uplink to the switch to get those LAN ports and the AP active.

 

[jared2027]

It's true that you can spoof MAC addresses but I don't think it is that easy to use this as a means to connect to an AP. Anyone know for sure? I'm sure you'll be safe with WEP and MAC filtering, especially if you change the key periodically.

 

[Digital-Vortex]

Thanks.

The reason i thought of MAC filtering is there is only 2 laptops, if i add more then i just add it in, While these can be cloned its a bit excessive for someone to get in. And also would they not need to know the MAC addresses, which means either hacking into the AP, or useing the laptops themselfs.

il look into the WPA thing too.

Also while the router/ap/switch is mabey a bit more than what i need, it adds more ports in my room and its always good to have a backup should the main switch fails.

Thanks for all your input, appreciated!

 

[Minishark]

Honestly, if you've got MAC address filtering and WEP on, nobody's going to try to get into your home network. They wouldn't waste their time, they'd just go find another network that was completely open (and if you've ever been wardriving, you know how many there are).

 

[Digital-Vortex]

well since its currenly only 1 lappy (not mine) and i aint got the wireless cards yet no i dont as i never been wardriving.

However once my own lappy gets here i may have to try it ut of curiosity. tho no connecting!

I know going as far as MAC filterng is a bit far, as its only a home network, but i just dont want people leeching off my net or causeing damage. This is where reading alot of posts on here have helped

 

[IceWindus]

WPA gave me a bitch of time with a linksys router and wireless card install for a cable installation last week. The damn thing would just simply not freaking connect. After getting a lovely sounding India person, we finally had to change the channel and SSID several times for it to even connect. *SP2 I ripped out immediatly after seeing it*

After then, her connection startead to flake out randomly with WPA, SSID off, and Mac filtering on. I dunno wether consumer grade equipment just isn't capable of reliable wireless transmission with that much security but I had no choice but to disable WPA and re-enable SSID broadcast to get the wireless stable again, I left MAC authorization on.

Honestly, I aint to worried about wireless hackers gaining access to old ladies cable internet connect sharing in my town, though her son who works for CISCO seemed to think she need everything under the sun *shrug*

 

[logik]

disabling ssid broadcast does nothing. just adds another step for 'you' the end user. doesnt hide crap from someone trying to gain access.

 

[IceWindus]

Yeah but without broadcast you still have to know what the SSID is in order to join it.

Or am I talking in a uniformed tounge?

 

[logik]

no you dont need to know the id. here's an article explaining this myth.

right click -> save as for fear of acrobat 6.0 destroying your system.
http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdf

edit:
http://www.icsalabs.com/html/communities/WLAN/whitepapers.shtml
may be some more links there you feel would be worth checking out.