Jump to content

Wifi access and security


Recommended Posts

How do I know my newly installed wifi access is secure?

I have entered a 128 bits WEP key ([blink] no idea what it does) as shown on the Neufbox.

There are 4 WEP keys in total and I am told n°1 is the default.

What are the others for?

There is also something called a MAC filter which is inactive at the moment. What does it do?

Should I want a visitor to use the wifi access, what do I do?

And what about when I don't want that person to have access anymore?

I'd be very grateful if anyone can explain in simple terms... [8-)]

Many thanks in advance [kiss]

Link to comment
Share on other sites

If you've had to enter that WEP key then so does everyone else who wants to access your service.

We've successfully added two laptops belonging to (trusted) friends by getting their boxes to do a network search and then entering manually the Network name and the WEP key.

I think (though others know more) that you can insist on a second WEP key being entered by allocating a new code in that line on your box menu.   If you do then I would assume that those users with only the first line would be barred.  

Like you I don't know how you actually REMOVE old users without adding a second WEP key,  or changing the original one (and on mine this option is greyed out)

Link to comment
Share on other sites

Clair, I can't answer all your questions, but I'll tell you what little I know and give you a link to some more information.

Every computer has a physical address (known as a MAC address- don't remember what that stands for it, you could google to find out).  When you configure a MAC filter, you basically tell your router (or, in this case your Neufbox) to allow only computers having certain MAC addresses to access your network.  You find out your computer's MAC address on a Windows machine by going to Start/Run and typing in "cmd" (minus quotation marks), then hit enter.  When the next screen comes up, type "ipconfig/all" (again minus quotation marks) and hit enter, then scroll down until you see the computer's physical address.

One way you could allow/prohibit access by other computers would be by using a MAC filter.

Here's a link to some info on WEP encryption:

 http://kbserver.netgear.com/kb_web_files/n100684.asp

Hope this helps.

Link to comment
Share on other sites

Clair,

see this page for lots of info.

I am sorry if it is too techie but it is a complicated subject.

This is from the Neuf website:

Quel est le niveau de sécurité des données sur ma connexion Wi-Fi ?

Le Wi-Fi est conçu pour apporter un haut niveau de sécurisation à votre connexion.

- Toutes les données échangées sur la liaison sans-fil sont cryptées avec une clé unique. Cette clé peut être à la norme WEP (Wired Equivalent Protocol) ou WPA (Wirless Protection Acces). Il est fortement conseillé d'utiliser activer l'un des ses protocoles pour assurer une bonne sécurité de votre connexion et de vos données personnelles.

- Un mécanisme de sécurisation supplémentaire est utilisé afin de garantir que seuls les équipements de votre réseau Wi-Fi  sont autorisés à communiquer avec votre routeur lorsque le filtrage Mac est activé.

 

Maybe you can find more in French easier than I can...

If you are very rural and no one can pick up your wifi signal then you probably shouldn't worry too much. At the same time, if someone really wants to break in to your network and use your wifi and internet access, they can probably manage to get around all of the security. They would have to be very determined though. I think there are lots of unsecured wifi networks around. People have been known to just drive around until they get an unsecured signal and surf away... Not so much of an issue in the sticks. If a car goes past here, it is either someone we know or a local event!

Normally I just have ours on a wired network but when I do use the wifi, I use WPA security and give the key to my visitors.

hope that is useful

Danny

Link to comment
Share on other sites

Thank you very much all for the suggestions, the links and the expalnations. It's a lot to understand when you're learning as you go like me!

I will read it all carefully before doing anything.

We are in the heart of la France profonde and the thought of anyone driving around to surf over my signal makes me giggle [:D], but I would like to offer wifi access to the guests in the gite next door...

I'll update as and when, if there is anything to report!

Link to comment
Share on other sites

[quote user="tenniswitch"]Every computer has a physical address (known as a MAC address- don't remember what that stands for it, you could google to find out).  When you configure a MAC filter, you basically tell your router (or, in this case your Neufbox) to allow only computers having certain MAC addresses to access your network.  You find out your computer's MAC address on a Windows machine by going to Start/Run and typing in "cmd" (minus quotation marks), then hit enter.  When the next screen comes up, type "ipconfig/all" (again minus quotation marks) and hit enter, then scroll down until you see the computer's physical address.

One way you could allow/prohibit access by other computers would be by using a MAC filter.[/quote]

If I get this right:

I've found my MAC address (=network card add) and by activating the Neufbox MAC filter, it will only allow those addresses listed to access the network.

If/when someone wants access, I can add their MAC add to the list and delete it when I want to deny them further access. This is called Access Control List.

I am also looking at WPA-PSK but I'll read it up later!

Link to comment
Share on other sites

[quote user="Clair"][quote user="tenniswitch"]Every computer has a physical address (known as a MAC address- don't remember what that stands for it, you could google to find out).  When you configure a MAC filter, you basically tell your router (or, in this case your Neufbox) to allow only computers having certain MAC addresses to access your network.  You find out your computer's MAC address on a Windows machine by going to Start/Run and typing in "cmd" (minus quotation marks), then hit enter.  When the next screen comes up, type "ipconfig/all" (again minus quotation marks) and hit enter, then scroll down until you see the computer's physical address.

One way you could allow/prohibit access by other computers would be by using a MAC filter.[/quote]

If I get this right:

I've found my MAC address (=network card add) and by activating the Neufbox MAC filter, it will only allow those addresses listed to access the network.
If/when someone wants access, I can add their MAC add to the list and delete it when I want to deny them further access. This is called Access Control List.

I am also looking at WPA-PSK but I'll read it up later!

[/quote]

They will also need encryption codes to connect.


 


Link to comment
Share on other sites

You are going the right way but one word of warning.  Don't rely on WEP keys anymore.  Once thought to be secure, there are now programs available which will crack a WEP key in under 10 minutes, which given the complexity is absolutely amazing.  If only some of these bad guys would use their undoubted talents in a positive direction ........

So what if the WEP key is broken you ask?  Well, there is the minor inconvienience of the possibility of someone feeding off your bandwidth but far more important is that EVERYTHING you send (except if on a https site) can been seen in the clear by a third party.  It would be like printing off your usernames/passwords/emails/etc and nailing them to your from fence.  MAC addresses are secure though (for now)

Link to comment
Share on other sites

Thanks for the comment Pierre.

I'm hoping someone will put me on the right track here:

  • I have looked at the MAC address shown by my laptop as described in the link which comes up as xx-xx-xx-xx-xx-xx
  • The Neuf box has a MAC add on its underside.
  • When I look at the Neufbox wifi configuration, there is yet another MAC add shown above the SSID.
Which one should I enter in the MAC filter?

ALso, looking at several security sites and fora, I understand I should change the SSID and deactivate the DHCP (don't know what is is or what is stands for).

I have tried changing the SSID but the wifi connection disconnects. What am I doing wrong? Should I deactivate the DHCP and how? (the laptop does not travel)

Beraing in mind that we live in the middle of nowhere, there is no passing traffic and any stranger sitting in his car outside would attract a lot of attention!

My thanks in advance.

Link to comment
Share on other sites

1. Pierre is absolutely right about WEP encryption, but does your Neuf box have a WPA encryption option?

2. You want to configure your Neuf box to allow only your laptop to connect (at least for the moment).  Therefore you would enter the MAC address of your laptop.

3. The Neuf box and the laptop (and any other computers to which you wish to allow access) must all use the same SSID.  Have you changed the SSID on both the laptop and the Neuf box?

4. If you want to disable the DHCP, you'll need to configure the Neuf box to always use the same IP address for that computer.  Do the Start/Run/cmd/ipconfig/all routine again to find out what IP address is being used for your computer.

5. Given your situation, do you need to do all this?  I guess it depends on how correctly you've assessed your risk and how high is your personal risk-tolerance.

Link to comment
Share on other sites

Thanks for the help Tenniswitch.

  1. The Neufbox allows WEP, WPA (TKIP or AES). There is a password box with password in it (default value?)
  2. I get that.
  3. That's probably why it's not working! I need to change both and when I change the laptop wifi config, I lose the connection and cannot access the Neufbox config anymore. So I need to use the cable connection when changing the SSID on both.
  4. I think I'll pass for now! Although I have a note of the IP address, I'll try one change at a time! (not too confident about delving into the guts of the laptop...)
  5. I don't think I need all this, given the very rural situation! How far do you suggest I should go security-wise: WEP + Controlled Access through MAC addresses or WPA-TKIP or AES?
Thanks again. You have the knack for explaining things clearly!

Link to comment
Share on other sites

[quote user="Clair"]Beraing in mind that we live in the middle of nowhere, there is no passing traffic and any stranger sitting in his car outside would attract a lot of attention![/quote]

Depending on where your router is and the construction of walls etc. the range of the WiFi signal will at best be measured in 10's of meters and in your circumstance it could well be argued that you probably don't need to bother with any security.

At a very basic level there are a few things you should always do though such as change the router login Name & PW name and also the SSID from the default as every potential hacker knows these.

In all honestly though, if you were a would be WiFi hacker where would you rather be, out into the sticks attempting to suck on some poor sod's miserable 512kbs connection or cruising around virtually any semi built up area where even a cursory scan would almost certainly bear much jucier fruit ?

If you wanted to allow/deny visitor access then just enable MAC addressing and enter the MAC addresses of your own computer(s) the then turn it on or off as required.

Link to comment
Share on other sites

[quote user="ErnieY"]Depending on where your router is and the construction of walls etc. the range of the WiFi signal will at best be measured in 10's of meters and in your circumstance it could well be argued that you probably don't need to bother with any security.

At a very basic level there are a few things you should always do though such as change the router login Name & PW name and also the SSID from the default as every potential hacker knows these.

In all honestly though, if you were a would be WiFi hacker where would you rather be, out into the sticks attempting to suck on some poor sod's miserable 512kbs connection or cruising around virtually any semi built up area where even a cursory scan would almost certainly bear much jucier fruit ?

If you wanted to allow/deny visitor access then just enable MAC addressing and enter the MAC addresses of your own computer(s) the then turn it on or off as required.

[/quote]

Hi Ernie

I have done a test this morning to check how far the signal would be received outside and I gather a rather silly hacker would have to stand outside on the terrace to get anywhere! The signal does not carry as far as the track past the side of the house and that is only used by the neighbours!

I guess I'll stick to MAC addresses...

Thanks all of you for the numerous tips ans suggestions. I feel more confident  and knowledgeable today than 24 hours ago[:)]

Link to comment
Share on other sites

[quote user="Clair"]Thanks for the help Tenniswitch.

  1. The Neufbox allows WEP, WPA (TKIP or AES). There is a password box with password in it (default value?)

  2. I get that.

  3. That's probably why it's not working! I need to change both and when I change the laptop wifi config, I lose the connection and cannot access the Neufbox config anymore. So I need to use the cable connection when changing the SSID on both.

  4. I think I'll pass for now! Although I have a note of the IP address, I'll try one change at a time! (not too confident about delving into the guts of the laptop...)

  5. I don't think I need all this, given the very rural situation! How far do you suggest I should go security-wise: WEP + Controlled Access through MAC addresses or WPA-TKIP or AES?

Thanks again. You have the knack for explaining things clearly!
[/quote]

It's just that I really understand about knowing little-or-nothing about tech stuff: I am so often in that position. 

I try to have the highest levels of security on my networks, although my risk is probably no higher than yours, because I am a natural-born worrier with very little risk-tolerance.

Listen to Ernie; he knows about a billion times more than I do.

Link to comment
Share on other sites

[quote user="Pierre ZFP"]

You are going the right way but one word of warning.  Don't rely on WEP keys anymore. [/quote]

I used WPA encryption on my new Windows XP system and couldn't understand why my husbands old laptop with Win ME wouldn't connect.

After a lot of Googling and mailing to helpdesks I found that Win ME can only handle WEP encryption. Just mentioning it to save people with Win ME the trouble I went through.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...