I have searched for hours both on the Dope and with Google, and I cannot seem to find what’s going wrong with my Linksys wireless router. All I’m trying to do is figure out how to secure it, and I can’t find simple (read: plain English) instructions on what to do.
I got far enough to turn off SSID broadcast on my desktop. Okay, so I got that. But now, the laptop can’t find the signal (understandably; I get that part). So, if there’s no signal, how does the laptop find the internet connection? That’s where I get lost.
I know they both have to have the same encryption or something… how does that work? And then there’s the “key” that it’s asking for… that doesn’t seem to be working for me, either. What’s the best encryption, and how do I apply it?
And then there’s this MAC thing that I found while researching how to do this… something like, you can make it only send out the signal to a specified number of other computers? I guess that would be the best, since I would say just one, for my laptop. How do I do that?
Desktop is Gateway, laptop is Toshiba, router is Linksys G-wire, both have XP, cable broadband. Thanks!
Since you didn’t specify, I’m assuming Windows XP SP2.
What you did was disable “SSID broadcasting”. This has nothing to do with encryption - it’s just “security by obscurity”.
First of all, I’d go into the admin screen for your router and disable all encryption and authentcation - no WEP, no nothing. Disable “SSID brocasting”.
On your laptop, double-click the little “network” icon in the tray. Click “View wireless networks” then “change advanced settings”. Select the “Wireless networks” tab. In the lower half of the screen, click “Add” and enter the name for your network, which you specified in your router configuration. It’ll be a friendly name, with a default like ‘linksys’ which you can change to whatever you want. Make sure “network authentication” is “open” and data encryption is “disabled”.
Once you’ve done that, you should be able to connect to your wireless network.
Next step is so-called MAC address filtering. If your router supports this, it’s a means of ensuring that only the computers you specify can connect to your network. How does one specify a computer? Using a MAC address, which is a unique, physical address assigned to your computer’s network card. (Not to be confused with “IP address” - MAC address is much more low level.) Somewhere on your router configuration, there should be a place to enable MAC address filtering, and specify which MAC addresses are allowed. For now, go to your laptop, go to Command Prompt and do an “ipconfig /all”. Look under “physical address” - this is the MAC address for your laptop and the address that needs to be enabled on the router.
Once you’ve got all that working, we can look at encryption.
Bless you, DarrenS! Okay, I did what you said (and yes, you correctly assumed SP2… I didn’t know it mattered).
So now I’m connected to my network, with SSID broadcast disabled. I also enabled MAC filtering, but on the laptop, I’m not sure what you mean by “go to Command Prompt”. Is that the same as “Run”? I typed in “ipconfig” at “Run” and nothing happened.
I’ll wait for Darren S to come back since he started and probably knows more than I.
Essentially you’ve get the router a “secret number” or key that any machine that tries to long on must know.
I’d like to know how hard it is to hack wireless by generating MAC addresses or keys.
Remember, there is no such thing as absolute security. If the NSA wants to sniff porn from your wireless network, they will figure out a way to do it. Computer security is all about putting up multiple barriers between you and the attacker, to buy you time and deter them. The levels involved here are:
No security - “hey everyone! Come party on my network! Feel free to use it to download kiddy porn or launch attacks on major websites! I’ll pick up the tab.”
Disable SSID broadcasting - will deter casual hackers (e.g. neighbors’ kids) Anyone with decent hacking software / hardware will get right through this one.
MAC address filtering - will deter the next level of hacker, since anyone with a “non-approved” MAC address won’t be able to connect. This means that rogue users won’t be able to get on your network easily. They also won’t be able to “sniff” any traffic that’s encrypted with SSL (e.g. https sessions for online banking) though with suitable equipment, they could sniff any non-encrypted traffic. (Experts: yes, I know if they were lucky enough to grab the SSL session key, they could ‘pwnt’ your SSL session too.) If you don’t care about this, you don’t need step (3).
Which brings us to…
WEP/WPA encryption. Once this is enabled, it encrypts every byte of information transmitted over your wireless network. At that point, any hacker will be screwed as, even if they manage to sniff you, they’ll see garbage, unless they get hold of your encryption key. Presently, we don’t know of any “computationally feasible” way of breaking strong encryption.
At that point they’d have to resort to social engineering - e.g. knocking on your door and pretending to be from your ISP, and telling you they need your encryption key. But you wouldn’t fall for that, right?
Try it out and let us know if you have difficulties.
One of the pages from carnivorousplant’s link explains a little about WEP / WPA. Either of these would be fine for your home network, depending on which your router supports.
One quick addendum: Linksys makes a very important point on the page about WEP. Do this configuration from a computer attached directly by a physical cable to the router. Otherwise, as soon as you start putting security in place, it will kick your machine off the network, thereby proving the security is working, but rather inconvenient if your router is on the other side of the house.
I will just add that WEP is weak enough to be cracked. This sounds hard, but of course the crack has been packaged in a downloadable, easy-to-use cracking tools for clueless teenagers everywhere.
citybadger is right; a quick Google search reveals that WEP has been cracked. Although it’s unlikely that anyone would do this on your network, go with WPA. You probably have locks on the doors of your house that can be picked, but security is all about compromise - how much inconvenience are you willing to tolerate in return for more security? In this case, WPA is just plain better and no more inconvenient than WEP.
It’s not very difficult to sniff out the allowed MAC addresses and connect as if you were one of them – the MAC address can be found in the header of every frame, after all. The best practice is to always enable WPA encryption.
Okay, so in keeping with the spirit of the thread (and hopefully helping out not just myself but all the other technologically-deficient people here), how do I enable WPA without kicking my own laptop off the network? In other words, how do I keep everyone else out, but still make it possible to keep myself on?
Does anyone have a good link about how WPA works? A server was mentioned in one article I was plowing through.
The About link I gave says that 29 hex digit WEP should be good for another ten years.
That’s a lot of numbers for the bad guys to crack.
Use a regular ethernet cable (they’re often blue) to connect your laptop to one of the router’s ports. Encryption only applies to the wireless connection. Once you’ve set up encryption on the router, go into the network settings on your laptop and set it up with the same encryption - WPA, passkey. At that point, you should be able to disable the “wired” network connection and still connect to your router.