That should be secure enough for you. MAC addresses are very difficult to spoof.
Yeah, your neighbor probably has a wireless network. Don't access it unless you want to expose your computer to possible infiltration by anyone else who is accessing your neighbor's network.
Of course, your neighbor might have set up his network to be limited by MAC address as well.
Thanks... the whole thing works really well... the only "problem" I had was setting up the VPN's for work... and it wasn't really a problem, just took some time to figure out...
Why not use the WEP (Wired Equivalency Protocal/Privacy) and MAC filtering together? Wep may cause some network slowdown, but depending on the bandwidth being used currently by the connected devices you may not notice. Wep isnt perfect but better than nothing.
Using the Wep would encrypt data between the device to the Base. Would stop/slow the "Unauthorized" User from getting a connection for starts and monitor traffic for legit Mac addresses and passwords. That and get rid of any "factory" SSID's or Keys and make some of your own.
A step better than WEP is that
your Router supports a newer technology called Wi-Fi Protected Accessâ„¢ (WPA) wireless security. The Router protects your PC from most known Internet attacks with a powerful Stateful Packet Inspection firewall. It can also serve as a DHCP Server, supports VPN pass-through, and can be configured to filter internal users' access to the Internet.
A real advanced step would be to make the Wireless base station one network, and the devices another and use Virtual Private network connections (VPN,s) using certificates as authentications.
But as Steve put it, Mac filtering might be enough for what you need to do. But I would be sure tempted to enable the WEP.
Another thing is to turn off ssid broadcast. Your wireless is available but you have to know the name of it to get in.
Change the password for the router from the default one.
And for what it's worth, those that don't have a router yet, try the Buffalo G wireless router. Buffalo just went mainstream, they have some of the best coverages of any other one that I have used and have an off the shelf antenna should you need it.
Tom - I only use wireless occasionally for a laptop I have when I need it. Otherwise I have jacks in every room with whole house hard wiring. I have both capabilities on my SMC Router as many of them do today.
With my limited wireless experiences, all the things that have just been said are good. I mostly do what Paw suggests and do not bother with the mac address cloning or WEP. I change the password occasionally and also the ssid.
I have heard and read that WEP slows down the connectivity.
One thing I am certain of in my situation is that wired is much faster than wireless. But wireless is cool at times when I just want to open my laptop real quick from the couch or the kitchen countertop or outside. But I plug in to the network for serious computing.
Wireless has come a long way. My visionary neighbor who works deep in the heart of IBM in Research says the future will contain very fast wireless all over the place. He says stay tuned for some big stuff coming in years ahead. I wish I had his job. Sounds like fun.
There's no reason not to turn WEP on if you're at all concerned about security. Yes, it's theoretically crackable, but if you don't have it on, all your traffic is instantly readable! It does not significantly affect speed, and the only additional setup is to enter the key onto each machine. WPA is better, but some routers will only handle WEP.
Paw's right--make sure you change the default name of your wireless access point, its admin password, and Disable SSID Broadcasting.
If you want to see who might be trying to mooch off your net, go download a program called AirSnare. It will show you the MAC address of every packet that flies over your net, and once you have all your known MAC addresses listed in the table, AirSnare can be configured to set off alarms when someone tries to hook in without you knowing it.
The more security you have, the better. While you can't keep a determined hacker out for certain, you can make your network so much of a hassle to break into that it's easier for the criminal to go hack someone who leaves the door open.
With the limited range of my wireless router do I really need to be that worried about security? I mean, beyond the neighbors? I know most of them and they're more interested in their lawns... and it's not like there's folks parked in a van in the street in front of my house with a directional antenna pointed my way...
I'll check the AirSnare thing out... but I'll really be surprised if it shows other MACs attempting to access...
Tom: Once they're on your network, they can run AirSnare themselves and write all your packets out to a log, including usernames, passwords, credit card numbers, whatever you might type into a website. It takes 5 minutes to turn WEP on and set the passphrase on all your machines and it keeps "wardrivers" from just walking right in.
It's like the old joke about the two hikers suddenly noticing an enraged bear charging them. One stops to tie his sneakers, and the other one says "Do you really think you can outrun a charging grizzly?" The first says, "I don't have to. I only have to outrun YOU."
Given a choice, criminals will hit the person with the least amount of security. All you have to do is outrun your neighbors.
I'm reading in the "more" section of the router admin page about WPA and WEP... I'm not real clear on them... I know they're encryption... but it doesn't really give a lot of info about what to do... I'll need to change my network settings as well won't I? (sorry, I just know enough to usually get in trouble, just trying to avoid that).
I have the older Linksys Wireless-B router. All you had to do to turn on WEP was point your web browser at 192.168.1.1 and give the admin password. WEP was an option on the main screen. You picked "WEP Mandatory" and clicked on the Set Password button. Entering a password would then generate a 128-bit WEP key. You copy down your password and the WEP key, go around to the other computers' Network Connection screen and enter one or the other (depending on the other computer's wireless card) and that was it. As soon as the password is applied, the computer is back up on the net as if nothing happened. Easy. You only have to do it once.
Oh, another wireless tip--Change your router's default wireless channel to anything but channel 6! Most US electronic devices that operate in the 2.4GHz band default to channel 6 so there's a high noise factor if you have a 2.4GHz cordless phone and a microwave. I use channel 10, but any of the others is just as good a choice. You get higher throughput because there aren't as many interference errors if you aren't on channel 6.
quote:WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.
I used the TKIP. This seems to be newer (and better?) technology than WEP...
Yes. The network transport protocol that your laptop uses handles the encryption and decryption on its end just like the router does on its end. Not a simpleton question at all.
WASHINGTON -- Federal regulators have endorsed a plan to use vacant TV channels for high-speed Internet connections.
Federal Communications Commission Chairman Michael Powell says it would "dramatically increase" the availability and quality of wireless Internet connections -- especially for people in rural areas.
Powell says it would be like "doubling the number of lanes on a congested highway."
But TV broadcasters oppose the proposal. They argue that it would interfere with over-the-air television signals for millions of people.
The FCC commissioners voted unanimously to begin the lengthy rulemaking process for the plan.
Interesting article hegotHope... kinda makes you go "hmmmm"!
but it also brought up another question to me... I read in the article about "different antennas"... is there a way to boost the signal from/to my router? Our bedroom is almost entirely blind... and weak when it's not... anybody got any ideas?
LATER: I found this... a wireless "range expander" ...coming soon...
Oh... and another thing...*Mixing B and G* when I was getting my wireless router the "learned" folks at the computer store couldn't agree on the performance I'd get... (the laptops are Centrino B's) I bought a G router because I wanted the flexibility down the road... when I went to get the card for the desktop, one guy said since I had B's on the network, they'd bring down a G to that speed, so I should just get a B card. I asked "then why does it give me the option of B, G or mixed?" The other guy said that they'd run independently and be all right... I looked at them both (about my age) and said "I wish you guys could agree, but since you can't, I'm gonna go ask that kid over there"... I went to the kid, who looked like he was still in high school, who answered me with more authority than both of those guys together: go ahead and mix, when both a B and a G are running there might be some degradation, but you won't notice it. Get the G.
So, the Centrino's run at 11.0 mbps. The G card runs at 54 mbps when it's on alone, goes down to 48 mbps when a B is on with it.
here's another dumb question... (I know there are no dumb questions, just dumb people :D-->)... is there an antenna on my Centrino laptop? I know there must be, but what form is it? is it in the 'lid'? is it in the 'board'? I've been looking around on the sony site as well as the intel site and I can't figure it out... or is it in the chip itself?
Yes, you can get signal boosters for Wi-Fi. I have the Linksys one attached to my router and it works great.
If you have no "G" computers, set your router to "B" mode. If you have no "B"s, set it to "G". Otherwise, set it to "Mixed". (Yes, it's just as you'd think it would be.)
Goey: Last time I looked, DirecWay satellite broadband was comparable to cable modem in price.
Recommended Posts
Steve!
That should be secure enough for you. MAC addresses are very difficult to spoof.
Yeah, your neighbor probably has a wireless network. Don't access it unless you want to expose your computer to possible infiltration by anyone else who is accessing your neighbor's network.
Of course, your neighbor might have set up his network to be limited by MAC address as well.
Link to comment
Share on other sites
Tom Strange
Thanks... the whole thing works really well... the only "problem" I had was setting up the VPN's for work... and it wasn't really a problem, just took some time to figure out...
Link to comment
Share on other sites
An Apple a Day
Why not use the WEP (Wired Equivalency Protocal/Privacy) and MAC filtering together? Wep may cause some network slowdown, but depending on the bandwidth being used currently by the connected devices you may not notice. Wep isnt perfect but better than nothing.
Using the Wep would encrypt data between the device to the Base. Would stop/slow the "Unauthorized" User from getting a connection for starts and monitor traffic for legit Mac addresses and passwords. That and get rid of any "factory" SSID's or Keys and make some of your own.
A step better than WEP is that
your Router supports a newer technology called Wi-Fi Protected Accessâ„¢ (WPA) wireless security. The Router protects your PC from most known Internet attacks with a powerful Stateful Packet Inspection firewall. It can also serve as a DHCP Server, supports VPN pass-through, and can be configured to filter internal users' access to the Internet.
A real advanced step would be to make the Wireless base station one network, and the devices another and use Virtual Private network connections (VPN,s) using certificates as authentications.
But as Steve put it, Mac filtering might be enough for what you need to do. But I would be sure tempted to enable the WEP.
Link to comment
Share on other sites
pawtucket
Another thing is to turn off ssid broadcast. Your wireless is available but you have to know the name of it to get in.
Change the password for the router from the default one.
And for what it's worth, those that don't have a router yet, try the Buffalo G wireless router. Buffalo just went mainstream, they have some of the best coverages of any other one that I have used and have an off the shelf antenna should you need it.
Link to comment
Share on other sites
igotout
Tom - I only use wireless occasionally for a laptop I have when I need it. Otherwise I have jacks in every room with whole house hard wiring. I have both capabilities on my SMC Router as many of them do today.
With my limited wireless experiences, all the things that have just been said are good. I mostly do what Paw suggests and do not bother with the mac address cloning or WEP. I change the password occasionally and also the ssid.
I have heard and read that WEP slows down the connectivity.
One thing I am certain of in my situation is that wired is much faster than wireless. But wireless is cool at times when I just want to open my laptop real quick from the couch or the kitchen countertop or outside. But I plug in to the network for serious computing.
Wireless has come a long way. My visionary neighbor who works deep in the heart of IBM in Research says the future will contain very fast wireless all over the place. He says stay tuned for some big stuff coming in years ahead. I wish I had his job. Sounds like fun.
Link to comment
Share on other sites
Zixar
There's no reason not to turn WEP on if you're at all concerned about security. Yes, it's theoretically crackable, but if you don't have it on, all your traffic is instantly readable! It does not significantly affect speed, and the only additional setup is to enter the key onto each machine. WPA is better, but some routers will only handle WEP.
Paw's right--make sure you change the default name of your wireless access point, its admin password, and Disable SSID Broadcasting.
If you want to see who might be trying to mooch off your net, go download a program called AirSnare. It will show you the MAC address of every packet that flies over your net, and once you have all your known MAC addresses listed in the table, AirSnare can be configured to set off alarms when someone tries to hook in without you knowing it.
The more security you have, the better. While you can't keep a determined hacker out for certain, you can make your network so much of a hassle to break into that it's easier for the criminal to go hack someone who leaves the door open.
Link to comment
Share on other sites
Zixar
John: Your neighbor is right. Expect the rollout of city-wide Wi-Fi as an alternative to DSL and Cable within the next year... ;)-->
Link to comment
Share on other sites
Tom Strange
With the limited range of my wireless router do I really need to be that worried about security? I mean, beyond the neighbors? I know most of them and they're more interested in their lawns... and it's not like there's folks parked in a van in the street in front of my house with a directional antenna pointed my way...
I'll check the AirSnare thing out... but I'll really be surprised if it shows other MACs attempting to access...
Link to comment
Share on other sites
Zixar
Tom: Once they're on your network, they can run AirSnare themselves and write all your packets out to a log, including usernames, passwords, credit card numbers, whatever you might type into a website. It takes 5 minutes to turn WEP on and set the passphrase on all your machines and it keeps "wardrivers" from just walking right in.
It's like the old joke about the two hikers suddenly noticing an enraged bear charging them. One stops to tie his sneakers, and the other one says "Do you really think you can outrun a charging grizzly?" The first says, "I don't have to. I only have to outrun YOU."
Given a choice, criminals will hit the person with the least amount of security. All you have to do is outrun your neighbors.
Link to comment
Share on other sites
Tom Strange
I'm reading in the "more" section of the router admin page about WPA and WEP... I'm not real clear on them... I know they're encryption... but it doesn't really give a lot of info about what to do... I'll need to change my network settings as well won't I? (sorry, I just know enough to usually get in trouble, just trying to avoid that).
Link to comment
Share on other sites
Zixar
I have the older Linksys Wireless-B router. All you had to do to turn on WEP was point your web browser at 192.168.1.1 and give the admin password. WEP was an option on the main screen. You picked "WEP Mandatory" and clicked on the Set Password button. Entering a password would then generate a 128-bit WEP key. You copy down your password and the WEP key, go around to the other computers' Network Connection screen and enter one or the other (depending on the other computer's wireless card) and that was it. As soon as the password is applied, the computer is back up on the net as if nothing happened. Easy. You only have to do it once.
Oh, another wireless tip--Change your router's default wireless channel to anything but channel 6! Most US electronic devices that operate in the 2.4GHz band default to channel 6 so there's a high noise factor if you have a 2.4GHz cordless phone and a microwave. I use channel 10, but any of the others is just as good a choice. You get higher throughput because there aren't as many interference errors if you aren't on channel 6.
Link to comment
Share on other sites
Tom Strange
Here's what I used:
I used the TKIP. This seems to be newer (and better?) technology than WEP......so this should keep the neighbors out?
Link to comment
Share on other sites
Zixar
Tom: Bingo. ;)-->
Link to comment
Share on other sites
Tom Strange
OK... so it encrypts it from the router to the Laptop... does my laptop also have the software to encrypt the broadcast back to the router?
(or am I being too much of a simpleton here?)
Link to comment
Share on other sites
Zixar
Yes. The network transport protocol that your laptop uses handles the encryption and decryption on its end just like the router does on its end. Not a simpleton question at all.
Link to comment
Share on other sites
Zixar
Anyone want me to explain how dual-key encryption works?
Link to comment
Share on other sites
Tom Strange
Sure, go ahead, is that what I'm doing now?... (a lot of us computer illiterate folks read here to learn and/or become confused)...
I thought I was using Temporal Key Integrity Protocol incorporating Message Integrity Code!
Link to comment
Share on other sites
Goey
What about us country folks who's only alternatives are dialup( Arrgh!) and satelite (Very Expensive)?
Will Wi-Fi be expanded to rural areas or be similar in coverage to celular phone service?
Link to comment
Share on other sites
Goey
Just found this .....
(The Associated Press)
WASHINGTON -- Federal regulators have endorsed a plan to use vacant TV channels for high-speed Internet connections.
Federal Communications Commission Chairman Michael Powell says it would "dramatically increase" the availability and quality of wireless Internet connections -- especially for people in rural areas.
Powell says it would be like "doubling the number of lanes on a congested highway."
But TV broadcasters oppose the proposal. They argue that it would interfere with over-the-air television signals for millions of people.
The FCC commissioners voted unanimously to begin the lengthy rulemaking process for the plan.
Link to comment
Share on other sites
igotout
http://www.pbs.org/cringely/pulpit/pulpit20010823.html
Saw this. Maybe you can make your own, GOEY.
Link to comment
Share on other sites
Tom Strange
Interesting article hegotHope... kinda makes you go "hmmmm"!
but it also brought up another question to me... I read in the article about "different antennas"... is there a way to boost the signal from/to my router? Our bedroom is almost entirely blind... and weak when it's not... anybody got any ideas?
LATER: I found this... a wireless "range expander" ...coming soon...
Edited by tomstrangeLink to comment
Share on other sites
Tom Strange
Oh... and another thing...*Mixing B and G* when I was getting my wireless router the "learned" folks at the computer store couldn't agree on the performance I'd get... (the laptops are Centrino B's) I bought a G router because I wanted the flexibility down the road... when I went to get the card for the desktop, one guy said since I had B's on the network, they'd bring down a G to that speed, so I should just get a B card. I asked "then why does it give me the option of B, G or mixed?" The other guy said that they'd run independently and be all right... I looked at them both (about my age) and said "I wish you guys could agree, but since you can't, I'm gonna go ask that kid over there"... I went to the kid, who looked like he was still in high school, who answered me with more authority than both of those guys together: go ahead and mix, when both a B and a G are running there might be some degradation, but you won't notice it. Get the G.
So, the Centrino's run at 11.0 mbps. The G card runs at 54 mbps when it's on alone, goes down to 48 mbps when a B is on with it.
Edited by tomstrangeLink to comment
Share on other sites
Tom Strange
here's another dumb question... (I know there are no dumb questions, just dumb people :D-->)... is there an antenna on my Centrino laptop? I know there must be, but what form is it? is it in the 'lid'? is it in the 'board'? I've been looking around on the sony site as well as the intel site and I can't figure it out... or is it in the chip itself?
Link to comment
Share on other sites
Zixar
Most likely, the antenna is in the lid.
Yes, you can get signal boosters for Wi-Fi. I have the Linksys one attached to my router and it works great.
If you have no "G" computers, set your router to "B" mode. If you have no "B"s, set it to "G". Otherwise, set it to "Mixed". (Yes, it's just as you'd think it would be.)
Goey: Last time I looked, DirecWay satellite broadband was comparable to cable modem in price.
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.