How to Encrypt An Access Point

[MandYX]

Good Day Istorians,

Query lang, unsaon pag encrypt ani ako access point, actually this not brand new, guihatag rani sa ako friend. the unit is still working but my problem is that, anyone who has a WIFI and within the range can access the network. i want to have users to key in a WEP before they can access to my network.. unsaon ni mga bro... thanks

[BeoR]

just set a key in your access point and your clients.

[AMD_infinium05]

filter?

[BayouPinoy]

What is the make and model of your AP? Generally, the config utilities of APs can be accessed via your web browser. For example, a D-LINK DWL-900AP+ can be accessed using 192.168.0.50 (default IP). Enter user name (default-admin) and pwd (no pwd default). Click on "home" (or whatever your navigation cues are) and find the WEP encryption page. Set the the key. Longer keys generally degrades the wireless signal. Your choice. The config utility should prompt for reboot (yes) after which the changes take effect. You will be locked out of your wireless network but will be prompted for the key after you rescan.. If you are "locked" out of the config page, simply reset the AP to factory settings (admin, no pwd). In the D-LINKs, the reset button is behind the unit. Hope this helps.

[vern]

The main thing to understand is that WIRELESS IS NOT SECURE. WEP is NOT SECURE. Anyone can get at your WEP key using patience and AirSnort. WPA is even better, but is still NOT SECURE. No wireless solution is completely secure against a determined attacker.

Now that is out of the way ... check this little guide out ...

http://www.viaarena.com/default.aspx...&ArticleID=438

[BayouPinoy]

I agree, a determined person, given time and motive, will be able to break WEP keys. In my house, I see two networks, one encrypted (mine) and one proudly says "linksys" and pretty much unprotected. In a friends house in the next neighborhood, I saw three networks, his (protected), and two open. In an office where I recently help a small business get their wireless network get started, I saw two: theirs (protected) and another just waiting to be exploited. For the majority of users, encrypting an office or SOHO wireless network is not an even an option--it is a requirement, just to keep those few from exploiting other people's resources. Until vendors ship wireless gizmos with stronger, more secure encryption without significant degradation of the wireless signal, we are stuck with of-the-shelf encryption options, which, while not secure, at least advertises thus: "hey, this an encrypted network, if we find you sitting outside in your car working on a laptop hooked up to a cantenna, we shall call the police (where applicable laws are broken) or we will call a lawyer who knows what the applicable laws are."

[Tamblot]

In security, there are two questions.

First, how much are you willing to risk? If the information is just but a casual mail from a friend, then why bother with security.

second, how much are you willing to invest?


Some very common security in wireless is to hide the SSID.

Another is to enable WEP, TKIP or WPA.

Next is to use a AAA or RADIUS server.

And to have VPN over wireless.

In your case, evaluate how critical are your files. Is it worth the security that you are planning to implement?

[podperson]

Is that device a plain Access Point or is it a Router? If its an AP then you gotta to encryption just stick WEP since its the least bugged standard. If its a router check if you have the Mac Address Filtering option, this will register the MAC Address of the computers in your network and it will not allow any other computer whose LAN number is not registered to access the network. Check if you have the option not to broadcast your SSID or network name. Consult your manual or email the manufaturer they should be able to give you some tips.

[BayouPinoy]

Very good point about wireless security. It's not just a matter of exposing files on the network; it is also a matter of having your resources being used by other people without your permission--it's just plain wrong. Some wireless access points already have MAC filtering options (on top of 64 and 124-bit WEP encryption), hence that adds another layer of defense (e.g., the Linksys WAP54G AP).

[acronis]

just a followup qeustion about encryption also... does it affect the speed of the wireless network if you activate WEP or WPA?

[Tamblot]

not that much if encryption only. If you use VPN though, there is a noticeable delay to voice and video traffic.
It would primarily depends on the box that you are using.

[BayouPinoy]

There is some anecdoctal evidence to suggest that WEP can decrease wireless speed by 10-50%, depending upon implementation and the device in use. VPN further penalizes speed as this does involve a decryption step. I experimented with comparing 64 vs 128 bit encryption on my home network --- an 802.11b based network-- the speed difference was noticeable with the increase in encryption level.

[nomadix]

Quote: Good Day Istorians, Query lang, unsaon pag encrypt ani ako access point, actually this not brand new, guihatag rani sa ako friend. the unit is still working but my problem is that, anyone who has a WIFI and within the range can access the network. i want to have users to key in a WEP before they can access to my network.. unsaon ni mga bro... thanks

are you trying to use your AP in an office scenario or a home network scenario?

If your Network or Access Point supports it, you should enable it to keep prying eyes off your data and network. Most Access Points support 48-bit (also referred to as 64-bit) encryption, while some support the more advanced 128-bit Encryption.

you can configure your encryption method as WEP using
windows or utility software.

Be aware that using WEP on your Wireless Network can have a minor performance/throughput hit negatively, but is usually small and worth the added Security.


however, if it's just a home network, only the casual low-grade hacker who wants free internet access that you need to be concerned about.

I use open wireless encryption right now. (network mode: Infrastructure using Linksys on a Cisco AP)

[acronis]

Quote: Originally Posted by BayouPinoy There is some anecdoctal evidence to suggest that WEP can decrease wireless speed by 10-50%, depending upon implementation and the device in use. VPN further penalizes speed as this does involve a decryption step. I experimented with comparing 64 vs 128 bit encryption on my home network --- an 802.11b based network-- the speed difference was noticeable with the increase in encryption level.

so in your opinion... which is the best setup to implement? enable a 128 bit encryption (WEP or WPA?) or sacrifice security by just using 64 bit encryption for better speed?

[BayouPinoy]

If I started from scratch and able to spec my own hardware, I'd spring for the latest and greatest wi-fi device/standard and enable 128 bit WEP (802.11 g is 54 Mbps vs. 802.11b 11 Mbps). If WPA is available on my device, I would prefer it over WEP and if I am satisfied with the speed, I would keep it. If I really wanted speed as well as signal strength, I'd spring for one of those souped up MIMO-type devices. If i have "legacy" hardware/standard, e.g., 802.11b, then I would enable 64 bit encryption, change the default channel, and enable MAC filtering and make do with the speed. With my older hardware, I have 64 bit WEP enabled, and my son has no problem playing with his games on disney.com on my laptop. There is agreement that 64bit WEP is sufficient for home applications. The usual disclaimers apply and YMMV. For the enterprise, it appears that WPA is the norm.

Quote: Originally Posted by acronis so in your opinion... which is the best setup to implement? enable a 128 bit encryption (WEP or WPA?) or sacrifice security by just using 64 bit encryption for better speed?