Networking & Wireless forum

General discussion

Wireless Security w/New Router

by Confed / August 22, 2006 6:55 AM PDT

I've just successfully installed a new Linksys router and connected two computers. I also have a notebook computer that will use wireless to connect to the Internet.

How secure are my wireless connections to my router via the notebook and what keeps someone else (like a neighbor) from connecting to my router? Is there a way to exclude unauthorized users?

What do I need to do?


Discussion is locked
You are posting a reply to: Wireless Security w/New Router
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Wireless Security w/New Router
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Usually good enough.
by R. Proffitt Forum moderator / August 22, 2006 7:13 AM PDT
Collapse -
The Damage
by Confed / August 22, 2006 2:01 PM PDT
In reply to: Usually good enough.

I finally was able to watch the video, but had problems seeing the screen. As a rundown, just what did the hacking tool do? What kind of a threat would it be to my notebook and would it pose any sort of security threat to my desktops?



Collapse -
In short, it allows one to walk past the usual security.
by R. Proffitt Forum moderator / August 22, 2006 10:02 PM PDT
In reply to: The Damage

The supplied security is only going to stop the ones that don't want to connect and use your WAP.

The threat is only there if you did something like share a folder.


Collapse -
I must only disagree slightly
by schlice / August 25, 2006 12:53 AM PDT

While no wireless security is yet unbreakable, WPA offers you significant advantages over WEP:

IV Length is twice as long and IV values are not replayed
WPA does not directly use Master Keys
Message Integrity Checking is far improved
WPA includes secure key management

So if your router and network card offer it, I would strongly suggest enabling WPA-PSK (pre-shared key) over WEP. It's at least more secure than WEP (which as you saw in the video, isn't saying (too) much. But it is the precursor to 802.11i, which will be even better than WPA.

As you all correctly indicated, WEP/WPA, much like locked doors, are only designed to keep honest people out. Anyone who truly intends to break in to your wireless network will indeed do so. What you should aim to do is make it hard enough to do that the casual hacker won't be able to do it in 10 minutes like the guy in the video. WPA will provide that level of security.

You also talked about being afraid to do secure transactions over your wireless connection. If the site you are working with is secure (i.e. you see https:// in the address bar, or you see the lock icon on the bottom of the browser window), the data is encrypted end to end from your browser, over your network, to the host computer. This includes the transit between your computer and the wireless router. In short, as long as you're on a secure site, there is not an issue regarding someone seeing your secure-type traffic over the wireless.

Collapse -
WPA cracks faster than WEP?
by R. Proffitt Forum moderator / August 25, 2006 1:00 AM PDT

"Two NetworkWorldFusion writers pointed out last month KisMAC?s ability in a great overview of WPA?s weakness and the justification for adopting 802.1X plus WPA."

There is a lot of marketing going on in the wireless world. Don't fall for it.

It's broken. Not secure as they want you to believe.


Collapse -
WPA/AES has not been cracked. Just WPA/PSK with a dictionary
by dfichtner / August 30, 2006 12:32 AM PDT

For most run-of-the-mill routers these days, if they support it, choose WPA/AES. Better yet, if you can, choose WPA2/AES (although WPA/AES is about the same).

The links proclaiming WPA is cracked all seem to say the WPA machines which were WPA/PSK, and were cracked by using a dictionary-type of crack on passcodes that were short words from the dictionary. So if you use a long password full of gobblety-**** characters, you are still very safe. Something like: a3k58f8wey53di238skd3i2201w1 or whatever number of characters you can put in for a max.

Links about it:

Collapse -
Good to read. Hope KISMAC isn't able to do this either.
by R. Proffitt Forum moderator / August 30, 2006 1:17 AM PDT

But I see WPA/AES is not an option in my wifi card and driver.

How to fix that?


Collapse -
by dfichtner / August 30, 2006 8:48 AM PDT

Then I'd say you might want to consider an upgrade, if you're truly concerned about security.

I think with WPA/PSK and a long, jumbled-up code, you're more than fine until we hear different.

Collapse -
You're not going to find it
by Merranvo / September 2, 2006 2:04 PM PDT

In my experiance, most people can't use search engines to their maximum efficency. If you are looking for a 'how-to-hack' guide you need to look past simple blog sites.

First, I am no expert in the matter but the fact is that with wireless networks may be.

A) Encrypted, meaning that to gain access to the data in the stream you need a decryption code and/or algorithm

B) Protected, to procure your own stream you need to meet certain requirements and send it to the router.

Encryptions is just a matter of procuring or generating an algorithm, and protected is just a matter of sniffing out the key.

There IS no 'safe' wireless network protocol because they all involve the transpher of infromation in the open. Getting an encyption algorithm probally is much harder then simply breaking a protection seal, but it is not impossible.

Collapse -
The one that has yet to be cracked at any speed is PGP.
by R. Proffitt Forum moderator / September 2, 2006 10:06 PM PDT

PGP is so good that the US Gov keep dragging its author to court and other places but thankfully it survives to this day.

Research PGP and how it works to see there is hope.


Collapse -
Are sure...
by 70441.2227 / September 9, 2006 12:05 AM PDT

Hi Bob,
I am confused by your response. To be absolutely sure, is this statement correct:

You also talked about being afraid to do secure transactions over your wireless connection. If the site you are working with is secure (i.e. you see https:// in the address bar, or you see the lock icon on the bottom of the browser window), the data is encrypted end to end from your browser, over your network, to the host computer. This includes the transit between your computer and the wireless router. In short, as long as you're on a secure site, there is not an issue regarding someone seeing your secure-type traffic over the wireless.

Is it a sure thing. This is VERY important. If not, please explain.


Collapse -
I can't let this thread become a cookbook of
by R. Proffitt Forum moderator / September 9, 2006 12:35 AM PDT
In reply to: Are sure...

How to exploit wifi. You may be the "show me" type and I'd have to offer exploit with proof for every setup.

If one did post all the exploits in one place then that's the cookbook page.

You are right that https is great but how to get around the evil twin issue?

That one is a stumper.

In closing, I hope you understand that wifi needs a rock solid security solution but various governments don't want it to be that secure. I know this because I was on a team doing 2 way wireless paging.


Collapse -
Not necessarily....
by 70441.2227 / September 9, 2006 4:46 AM PDT

Hi Bob,
Actually, all I really needed was a yes or no answer. I'm not a ''show me'' person. I've always found your answers, to my posts, to be correct and insightful. I'm assuming it's a no. I know of but not about the Evil Twin. Time for some in-depth research. Thanks for pointing me in the right direction! The original statement gave me a false sense of security. I apprecite the background material though.


Collapse -
Here's my yes and no answers.
by R. Proffitt Forum moderator / September 9, 2006 7:38 AM PDT
In reply to: Not necessarily....

Yes. For most the provided security is good enough.

No. The current wifi security is not good enough for me to do business over any other than my wifi router.


Collapse -
by 70441.2227 / September 9, 2006 9:37 AM PDT

Hi Bob,


Collapse -
by Merranvo / August 29, 2006 12:24 PM PDT

One Word, Hacking.

Wireless networks increase the chances you will be hacked. Internal Networks are not accessable from the outside, wireless networks are accessable within 'the zone'.

I have wanted to use this link for quite a while

Now what you should ask is WHY someone would want to hack your net. The answer is simple, simply obserbing over the air transmissions can allow a person to gain access to sensitive infromation (such as your name, credit card, and possibly your SSN).

This, of course, would be infromation gathered though your daily use of the net. Most people have their names associated with their accounts, many people shop online, and some people use online bill paying.

Now before you go proclaiming that it is https remember that this guy is not hacking the WEBSERVER but just listining in to what you are broadcasting.

Now the real issue is the chances that a person would be skilled enough or care enough to try hacking YOUR network WOULD try hacking your network. I guess that it would better depend on where you live...

Personally, I say that the chances are negligable, Identity theft may be common, but getting a wireless network sniffer working and learning how to filter the infromation out takes time. Lots of time...

Eventually people may start making a practice of it, but when can not be said for certain.

Collapse -
Small Note
by Merranvo / August 29, 2006 12:29 PM PDT
In reply to: WHAT???

Yes HTTPS will encrypt data, but even if your browser encrypts the data it is by far less then what the server encryption is.

Basically, if your browser DOES encrypt the data that means it must recieve a encryption key or generate one. Both of these can be caught durring the transmission.

If the encryption key is generated via algorithm and you are sent the algorithm then all you need is to procure the algorithm and inplement the propper variables.

Collapse -
Hang on a sec
by bmedicky / September 6, 2006 11:55 PM PDT
In reply to: Small Note

Let's remind ourselves that in public key encryption, the encryption keys are never exchanged directly between the parties. The keys are generated with a combination of information that is indeed exchanged plus information that is generated locally and kept secret by each party. So even if a "man in the middle" attack sniffs out the info that is traded between the two parties, the keys still cannot be guessed because the eavesdropper cannot determine what info is being held back in secret. That's the miraculous part of the whole affair: that locally-held secret info, together with the info exchanged, can still generate identical keys.

Of course if someone hacks your machine and installs a keystroke sniffer, then you're in trouble. But let's not forget how public-key encryption works: that's the standard for secure browsing.

Collapse -
Or a rootkit as claimed.
by R. Proffitt Forum moderator / September 7, 2006 12:01 AM PDT
In reply to: Hang on a sec
Collapse -
router security
by zerochaos72 / August 22, 2006 7:42 AM PDT

Well I would change the wireless setting meaning you SSID name to something other than what the default name of the router is. Then you need to change the password and just my suggestion because it is known to work and there is less holes in the encryption is to use WEP 128 bit encryption and change the password from Admin to whatever you want. I would do all this by consoling into the wireless router by typing the IP addess into the web browser.Make sure you are hard wired into the wireless router into the internet port once you have connected your ISP modem to the router. For linksys I know it is and that will take you into the router. You also need to setup the drivers and so forth. Anyway I hope that helps and if not let me know if this did not make sense.


Collapse -
by Confed / August 22, 2006 11:36 AM PDT
In reply to: router security

Yes, made perfect sense. I understand about generating the WEP key, but then it gets foggy. I assume when I try to connect via my notebook that it lets me input the WEP key.

Collapse -
How about a D-Link 624
by pbbt / August 25, 2006 11:18 AM PDT
In reply to: router security

How secure is a D-Link DI-624 High-Speed Wireless Router?


Collapse -
Its not so much the brand
by Merranvo / August 29, 2006 12:42 PM PDT
In reply to: How about a D-Link 624

Basically, if you want security it depends on the features, and that is only minimal security at that.

A) WEP or WPA protection is the primary defense
B) Limiting MAC address's. Takes very little time to bypass but it is a 'little more' protection
C) Some routers will allow you to set IP Ranges. (Basically the amount of 'ports' allowed) I am not certain of the weakness' here except that if an additinal person needs to access your network you need to add an extra port.
D) Disabling SSID Broadcast

Note, D can cause issues with older hardware.

Collapse -
Note D: additionallly.
by R. Proffitt Forum moderator / August 29, 2006 12:53 PM PDT

Thank for Note D.

In addition, wireless extenders, game wifi adapters (zero config ones especially), wifi cameras and more fail spectacularly without SSID broadcasts.

It's not much of a security leak issue so I only disable it when asked to do so. Also some drivers (even new ones) on some wifi cards fail without it.

This advice in my view has made money for my tech friends as they roll out to fix it.


Collapse -
WIFI Security
by JRXIC / August 22, 2006 9:39 AM PDT

enable the WAP security feature and MAC access list as a second measure.

As for security WIFI is not secure if youre neighbor has the time and skills then you may be out of luck but those features should delay it.

check it out

now a days you can get step by step instructions on how to hack wifi networks. do a search on google videos for wep cracking and see for your self

Collapse -
MAC Addresses
by Confed / August 22, 2006 11:41 AM PDT
In reply to: WIFI Security

Don't know much about MAC addresses. I've determined not to do any secure browsing on my notebook, but I don't know how to determine its address. I see the numerical entry spaces to enter them, but how does one determine a notebook's MAC address?

Again, thanks all. Seems like WAP security is a bit of a oxymoron.

Collapse -
MAC address
by kbennett50 / August 24, 2006 10:28 PM PDT
In reply to: MAC Addresses

If you want to see the MAC address of any NIC device, wireless or PCI, go to start>run> type cmd click ok, at the command prompt, type without quotes "ipconfig /all" you'll see an entry that says Physical address and a hex address following that. That's your MAC address. It is also on the NIC's themselves unless it's integrated with the motherboard.

Collapse -
If its Linksys, you should be fine already...
by Croixian / August 24, 2006 10:03 PM PDT

During the setup of your Linksys, the setup software should have generated an alpha-numeric code for you to either write down or print. You would then have needed this code to connect your wireless hardware to the router. Otherwise, the router will not let you connect. If this never took place, or you bypassed it in some way, then your network is unsecured. Anyone outside your home or in a home nearby would be able to log in.
But if you went through setup properly, and got the generated code from the router, you have nothing to worry about.

Collapse -
Only if..
by Merranvo / August 29, 2006 12:33 PM PDT

Only if a person does not attempt to hack it. I can not say for certain what protocol LinkSys employs but the sad fact is that Wireless protocols are flawed. It can be beat even if it is automatically set up.

Collapse -
Disable broadcasting of your router's SSID
by Green_lizard / August 25, 2006 12:29 AM PDT

In addition to changing the default SSID to a name of your choice, you should disable your router from broadcasting the SSID. Of course you should also enable the other security measures such as encryption and MAC address filtering.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?