PPRuNe Forums - View Single Post - Securing WiFi at home
Thread: Securing WiFi at home
View Single Post
Old 21st January 2005 | 20:01
  #14 (permalink)  
IO540
20 Anniversary
 
Joined: Jun 2003
Posts: 13,787
Likes: 0
From: EuroGA.org
I think there is no doubt that WPA-PSK is very secure indeed. Just make up a really long silly key like ghryenf8f74bh2kg74hs4 and nobody will be able to brute force that.

The problem is that unless one has quite recent kit, and preferably all from the same manufacturer, the more one goes down the encryption route the less likely it is to work.

I've spent many hours getting wifi networks to work, and I do this sort of IT cr*p almost for a living! I can get WPA working only between certain devices.

The other advice is good: stop SSID broadcast (will stop your IT-thick but nosy neighbour seeing your network when he does a "look for networks" on his PC); put in MAC filtering, but these won't stop anyone remotely clued-up who has detected your emissions and is sitting outside your house in a car. Plenty of people drive around with the kit (basically laptops with PCMCIA wifi cards that can be put into promiscuous mode, and the right software) looking for open wifi networks through which they can download all sorts of stuff, obviously anonymously.

The other thing to consider is that on a typical consumer wifi access point the wifi port is on the *inside* network, so if someone can get through the wifi they will have access to all PCs on the network, including all those connected to the wifi router via ethernet! They will still need to get past the Windows login (or use some exploit) but a lot of people have their PCs wide open. The XP firewall won't help here either.

WEP is OK if the attacker can't capture much data, but if it is used for a lot of volume (e.g. connecting a desktop PC to a wifi router, and the PC does printing through it) then the key can be cracked after an hour's hard use (one needs about 5GB to crack a WEP key).

WPA is a must for security but as I've said above there are compatibility problems, and since an access point needs to support the lowest common denominator, if you have an older laptop which supports only 64-bit WEP then that's what you have to use.

The other approach is to get a wifi router which supports a VPN (e.g. a Draytek 2600) and use the VPN that comes with Windows. Then you can leave the wifi connection wide open; nobody will be able to break it. However I would still disable SSID broadcast just for the benefit of the neighbours
IO540 is offline