Wireless questions

wfalcon

[H]ard|Gawd
Joined
Sep 7, 2000
Messages
1,916
Ok, first off, I'll caveat this with saying I did some homework before buying a wireless router and setting it up on my home network - especially in regards to security. However, I'm still rather new, and have a couple things I'm a bit curious about.

So is the bandwidth provided by the wireless shared, as a hub would do? For example, will my wireless network start slowing as I add more and more wireless systems?

Finally, I've done the following to help secure the network: Disabled the SSID broadcast, changed the router password, enabled 64-bit encryption, and set it up for 802.11g only operation. Now, I know I could bump up the encryption to 128-bit, but how much added protection is that really going to give me? I assume that anyone who could get into a 64-bit encrypted network wouldn't have any problems getting into a 128-bit encrypted network - it would just take longer. Furthermore, I assumed there would be higher latency associated with the increased encryption, as more bits per packet were dedicated to the encryption. I could set up to allow access by MAC address, but figured that would (a) be useless as someone could spoof a MAC address, and (b), be something I'd have to reverse when I host a LAN party. Anyway, I guess what I'm trying to ask is if this is adequate security - I don't have anything of any REAL interest on my systems, but prefer to keep prying folks out.

...and if you've read this far, many thanks.
 

anotherguy159

2[H]4U
Joined
Aug 7, 2002
Messages
2,093
You seem the have it down pretty good :p

I'm pretty sure that the access speed is shared among all hosts...makes sense if you think about it.

Other than that, I don't think you really have to worry about anyone hacking into your network...why would someone target you specfically? The risk is there, but...what can you do?

Anything that was secure is now cracked; anything that is secure now will be cracked. If they can make it, we can break it. ;)
 

BrkDncr

2[H]4U
Joined
May 6, 2001
Messages
3,997
With current processor speeds, 64-bit offers about half a day's worth of protection, while 128-bit offers around 1 weeks worth.

If you are concerned about people listening to what is being said over your wireless connection, then you shouldn't be using wireless.

If you are concerned about people using your bandwidth:
lower AP powerlevel
use MAC filters
 

ktwebb

[H]ard|Gawd
Joined
Feb 3, 2002
Messages
2,046
If you are concerned about people listening to what is being said over your wireless connection, then you shouldn't be using wireless.

Absurd statement.

64 Bit WEP is fine for most environments. It depends on how much data is being pushed as to how long it would take to crack the IV. Disregard the post above. Your correct. MAC spoofing is easy. While it makes sense to use it as security in layers is the best solution for a WLAN, it won't keep the guys out who really want in. Turn off DHCP and use static IP's. If your router will let you change the segment range then do that as well. Some router's will allow you to limite by ACL's as well. Many do not but use that if it does.
 

Due

Weaksauce
Joined
Apr 27, 2003
Messages
108
ktweb is very correct.

The was as I understand WEP is that for someone to break the encryption there has to be X number of breakable packets. If it's a small network, a person would have to catch X number of breakable packets to obtain the encryption keys.

You probably don't have anything of that much value ( I know I don't ) unless you have the most massive pr0n collection of all time. OR, your next door neighbor has time on his side :)
 

wfalcon

[H]ard|Gawd
Joined
Sep 7, 2000
Messages
1,916
Many thanks for the responses. I don't have anything that would be of real value available on my network. Anything that is valuable (such as my pr0n collection ;) ) has been backed up to DVD+R, and physical access to the media would be required. The most they would find is a shared drive with video game patches and mods.

I'm already resigned to the fact that if someone wanted in bad enough, with enough time they could do so. I'm just attempting to minimize the number of folks that have the capability and desire. I know I'm always surprised when I find a completely open access point when I'm at work, friends, etc.
 

m1abram

2[H]4U
Joined
Mar 15, 2002
Messages
3,175
Originally posted by ktwebb
Absurd statement.

64 Bit WEP is fine for most environments. It depends on how much data is being pushed as to how long it would take to crack the IV. Disregard the post above. Your correct. MAC spoofing is easy. While it makes sense to use it as security in layers is the best solution for a WLAN, it won't keep the guys out who really want in. Turn off DHCP and use static IP's. If your router will let you change the segment range then do that as well. Some router's will allow you to limite by ACL's as well. Many do not but use that if it does.

Just to give some real world facts to back this up.

I have a Squeezebox which is a network mp3 player, and i have it connected via wifi with 128bit WEP. I decided for fun to use airsnort against it to see how long if I stream UNCOMPRESSED PCM music to the Squeezebox constantly how long would it take to break the WEP key. The uncompressed PCM stream is about ~1.5 Mbps which is a good bit of data constantly streaming. Well using Airsnort I gave up after about 4 days, had to go back to work (the laptop running airsnort is my work laptop). I have been meaning to continue the test, however I have determined that 128bit WEP for home use is pretty decent, you would have to have a pissed off bored neighbor to crack it.

I do however use VPN over my wifi for most things regardless. Only the Squeezebox can use the wifi without VPN, and can only connect to my Slimserver and its port. I am a bit parnoid about my network, then again I have data on it that I do not care to be in others hands.
 
Top