I thought I knew, but........

Having just bought a new router, I was setting things up and once both my laptop and desktop were connected successfully, I chose the option that hid the SSID. When I rebooted my laptop (which runs Vista), it didn't connect to the router, and I couldn't get it to do so. As the SSID was not being shown, I was limited as to what I could do.

My desktop (which runs XP), which had been connected all the time, was OK, so I logged onto the router and set the SSID to display. When I went back to the laptop, which was still on, it had connected itself. On the face of it seems that with the SSID display off, the laptop wouldn't connect.

Does that make sense, or is something else going on that I don't understand?

I had the same problem with my daughter's machine. The solution was to select "connect even if the modem is not broadcasting" AND "Start this connection automatically". That seemed to solve the problem.
Hiding the SSID just makes the wireless router not shout it's name to all and sundry, the SSID can still be discovered by other network tools.
You should also have set-up encryption - ideally WPA2 but if not WPA, avoid WEP.
You should set up the router to limit access to your router to known mac addresses.
Good luck

I just learned exactly the same thing two days ago about Vista and the hidden SSID - but my network is WEP.

I don't know *anything* about this stuff, it's been set up for me by a friend - but why should I *avoid* WEP?

Avoid WEP because it is a very weak encryption method which is easily cracked. WPA is much harder to break, WPA2 being harder still.

As srobarts says, broadcasting SSID (the name of the router/network) means the wireless router announces its presence: if you look at the wireless networks within range, it will be listed there. If SSID is not broadcast, the wireless router doesn't announce its presence, but still accepts connections. In other words, you need to know it's there. And, of course, you need to know how to enter the connection details :)

I'd be tempted to leave SSID on for your convenience, but consider filtering by MAC address (the network card's serial number). Also, and I realise this is not fashionable but it's easy to do, change the password more than once a decade.

(I don't broadcast, MAC filter, have a router that does new passwords every 2 hours for new sessions. But I'm a dork. I have a separate AOSS router for the Wii and DSi. AOSS is a great idea.)

Avoiding WEP: In the real world, why bother? No-one is going to hack your network to hack you. They're going to do it for some other reason. (Having said that, I don't use WEP myself)

Ok.

First things first.

Hiding the SSID means that people cannot scan and find your wireless and then try to hack into it. Simple as that. They can use other means, but it just makes things a bit harder for them.

Now, you SHOULD have all the details (you know, SSID, password, WEP/WPA/WPA2, channel, etc. If not, why not? Print the settings off from the router) so you can set the network up manually.

As has been said, always use WPA or WPA2 IF you can. Things like Nintendo Wii's and DS' do not support WPA, only WEP, and it's the same with my stepkids' laptop with a Belkin "N" wireless card (so I had to set it up with bloody Window Zero Config instead of using the Belkin software) so, depending on what you have at home, WEP may be your only option. There are other ways to make things harder for people trying to break your ntwork, like MAC filtering, but someone who is determined will get through everything. But by that time he'll be using a neighbour's wifi because they didn't change the basic password to access the router!! That is one of the first things you should do wit a wifi, change your router password to something you remember easily so some slimeball can't access it.

All of the above has worked fine with me, stepdaughters and nieces are welcome to use my wifi when they are in the boozer below me (why should they pay for interweb when I can give them it free?) and nobody else has gotten into my network. I guess having a 40 letter WPA password, which is stuck in my memory and bears no resemblance to any other password, helps.

Happy surfing!

I don't want to start drifting the thread so early, but Wii is happy with WEP, WPA - PSK (TKIP), WPA - PSK (AES) and WPA2 - PSK (AES). DS is WEP.

Bushfiva beat me to it!

I actually have 2 WAPs, purely because the boys' DSs don't support WPA.

Hence one WAP runs WEP, with SSID off, MAC Address filtering on, using fixed IP addresses (no DHCP) with a custom subnet mask to limit the number of devices on the subnet.

The other is WPA for everything else (including the Wii), again with MAC Address filtering on, using fixed IP addresses. I keep the SSID on so that visitors can connect easily (or as easily as non-DHCP can be).

SD

StaceyF
There are several aspects to the security in wireless networks.
Hiding the SSID has been discussed above.
Restricting the access to sepecific MAC addresses stops others using your router for internet access (and access to the files in shared folders on your PCs)
Encrypting the traffic stops eaves dropping on your traffic between your PC and router.

Also, MAC addresses can be spoofed.

Just another layer of protection - make it as hard as possible for anyone to break into the network.

SD

Thanks for the answers. I'd not heard of the "connect even if the modem is not broadcasting" option in Vista before, so I'm sure that must be why I had a problem.

As for the router announcing its presence - if broadcasting is off, and you scan for networks, does that mean it doesn't show up at all? Or does it show up but not have the SSID, say something like 'default' instead, so you need to know what the SSID is to connect to it?

It doesn't show up.

I have a laptop which only supports WEP and it seems that the internal card cannot be upgraded to include WPA.

If I use an external USB wireless 'dongle' such as the Netgear WNDA3100, do I need to 'disable' the internal wireless card when using the external USB wireless adapter, or will it just add itself to the connections menu and allow me to choose which wireless connection to use?

You may want to turn the internal card off simply because you'll have two antennas close to each other. There's no technical reason other than interference why you can't run them both at once.

WEP is good enough for the vast majority of people, the vast majority of the time. No-one wants to siphon off your notebook data in the real world. Add MAC filtering to the router if you want, and change passwords from time to time.

I just use MAC filtering....

But at the place where I often go to work, they've been forced to use WPA due to some new security rule.

Of course public WLAN at airports doesn't use any encryption - and people are happy enough to use that.

I've noticed a couple of times (at Thiefrow) that a wireless access announces itself as 'Free Public WiFi' - which it isn't. I suspect that it's some spotty geek trying to hack into people's computers?

Off now to see if I can buy a USB 'dongle' at the local Currysdigitaldixon or whatever the hell it's called now....

http://i14.photobucket.com/albums/a341/nw969/Internet/zxzxz.jpg

LATER.......

I bought a Belkin G+ MIMO USB adapter from Currysdigitaldixon. £24.46 seems a good price. Installation of the hardware was an utter pain though - various complaints and geeky pop ups from Bill Gates and, of course, Belkin don't tell you that you'll need to add the USB adapter's MAC to the client list of your router, if you're using MAC association limiting. I guessed that was the snag I was having with obtaining a connection - and all was fine once I'd actually found the MAC and added it to the list.

Belkin's own software isn't worth bothering with, so I uninstalled it all and deleted all icons, folders etc.... The USB adapter still identifies itself when I plug it in; the difference being that you don't get all the annoying Belkin pop-ups and extra system tray icons.

It is possible to leave the internal wireless card enabled as well as running the USB adapter - you just get 2 icons in the system tray. Right click and 'disable' if you only want 1 connection.

It found a neighbours WPA router without any problem and prompted me for the passcode, so hopefully it'll do the same when I connect to the WPA-encrypted WLAN next week.

I've just added a new network card, and it installed a load of its own software under the guise of drivers. So is all this stuff not necessary? If I just plug the card into a USB port will Windows happily use it without using the disk that came with the hardware?

Windows will usually work it out. XP Pro will work it out a little better than XP Home.

I had a good one yesterday. I was hooking a mate's lappy up to Belkin router. The Lappy saw the router & announced it was connected, but continuously cycled through the acquiring network address phase without ever actually connecting.

No show either on the dhcp client list on the router. So, connected but not connected! Tried every trick I could think of, to no avail, then as a last resort, had a look in the services list whereupon I found that dhcp client had been disabled. Switched it back on and bingo!

I asked if he'd turned it off & why & he said that his mate told him to turn off a bunch of services pretty much at random, in order to speed the machine up. He'd noticed a deterioration in performance after he installed autocad & dumped about 60 gig of files on the hard drive, filling it up to about 90%.

I'm not sure the WEP thing is that big a deal unless you're in a tower block peopled with hackers.

I don't see many suspicious vehicles sitting round here with shady characters and laptops (apart from my daughter, occasionally).

I use WEP, with fixed DHCP for my own machines, and a list of MAC addresses allowed to access it (so the family can use it when visiting). It's simple, and I don't have to mess with it from one month to the next.

A determined hacker could listen long enough and find a MAC address that's allowed in, and spoof that. But then, he could bash the door down and help himself to the computers, too.

Up in Norfolk, I can see four : one WEP, two WPA, and one "open". The chap with the "open" one says "yes, it's for my neighbours each side."

Just a general note if you want to find out what a mac address is of the device you have connected. If you need to find out what your mac address is to put into a router then make a note of what your connection is called (e.g. Local Connection 1) or rename the connection so that it is obvious.

Then open a command prompt window (Winders +R then enter CMD and hit enter)

At the prompt type ipconfig /all this will return the information about all your interfaces - find the section for the connection you made a note of above and the value in the Physical Address: is the MAC address you need to allocate.

If you are a cable modem user do not mix up the MAC address of the cable modem with the MAC address of your network card - your cable provider will only ever be interested in the mac address of the cable modem and there should be a sticker on the modem with this. If you then install a cable router you would use the cable modem mac address to spoof the device on the cable network.

Any wireless network will only be interested in the MAC address on your machine itsef so ignore the cable modem mac address.

Cheers


Jof

If you need to find the MAC of an external adapter, it is often printed on the label. Otherwise 'All Programs' > Run > cmd > type 'ipconfig/all' > 'enter' and look for the right physical address as has been said.

My new Belkin G+ now works flawlessly on the WPA2 network - although it took a while to persuade the network administrator to fix his fault which was causing IP address errors! It hasn't been necessary to disable the internal wireless card whilst using the external adapter either.

There is no point in hiding the SSID at all except to stop the average user from connecting to your unsecured network. Anyone wanting to use the network can discover the SSID very quickly in seconds.

But if you want to stop people using your network, it does not make sense to leave it unsecured in the first place.

There is also no point in using WEP - it can be hacked in seconds. Literally. So why bother?

WPA is fairly safe, but again, why bother when you can use WPA2?

WPA2 is safe at the moment, so use it.

If you have WPA2, there is no need to filter a MAC address. It is not possible to get into the network without the key anyway.

So those that say that it is fine to use WEP, but then suggest to hide the SSID and filter the MAC address - this is not good advice, unless no WPA or WPA2 is available.

Virtually all devices are able to use WPA2 now, sometimes a firmware upgrade is necessary, though.

Regarding public hotspots, remember that anything non-encrypted (e.g. not https) you do can be intercepted by anyone in range. So use those hotspots with care. And always use a firewall when using a public hotspot!

Regarding the "Free Public Wifi" - these are not access points, but ad-hoc networks, which you can recognise from the different symbol. Never connect to an ad-hoc network that is not yours. I believe the default is that you will continue offering this network to others until you remove it. So these "networks" are a bit like viruses in that they spread from computer to computer.