How are you securing your wireless network?

Discussion in 'General Discussion' started by Esquire, May 22, 2004.


What are you using to secure your wireless network?

  1. None - I'll take my chances

  2. WEP only

    0 vote(s)
  3. MAC Address Filtering only

    0 vote(s)
  4. WPA only

  5. A combination of WEP/WPA + MAC

  1. Esquire

    Esquire Mesquire Staff Member Member

    I haven't seen many polls on this topic, so tell us what security you are implementing. Guests are also welcome to participate.

    I'm using WPA (AES).
  2. Toxic

    Toxic Administrator Staff Member

    I use WEP+MAC, my WUSB11 only supports WEP but my Belkin F5D7010 supports WPA.
  3. FreeMan

    FreeMan Network Guru Member

    WPA - TKIP

    (WPA - TKIP)

    At least that is what I am TRYING to use. I have a client that will not let me VPN into their network if I use wireless unless I agree to WPA - TKIP.

    I have the WRT54G ver 2 router

    I purchased the Microsoft MN-730 PCI adapter (box says WPA support), but when I try to join the network, I get an error "WPA not supported this version". So I took it back

    I am having a difficult time finding a PCI card that supports WPA / TKIP. At least at the retail stores.

  4. Esquire

    Esquire Mesquire Staff Member Member

    FreeMan, like your avatar!!

    You'll find the following PCI adapters supporting WPA.



    and presumably you are running Windows xp and have updated with the WPA update for Windows xp. I recommend the Buffalo over the Linksys. It comes with a 4 feet antenna cable and Linksys doesn't, so you can relocate the antenna somewhat for better reception. I had it for a week to play around with last year and it seemed to perform better with my WRT54G 1.0 somehow. Sadly I had to give it back :cry:

    Happy shopping!
  5. FreeMan

    FreeMan Network Guru Member

    Thanks Esquire!!!

    The pic was too funny to pass up as an avatar :eek:)
  6. jdepew

    jdepew Administrator Staff Member Member


    Unfortunately, I still have one 802.11b device that does not suport WPA yet - my hp iPaq h2215 Pocket PC. Windows Mobile 2003 Second Edition is supposed to add support for WPA and hopefully with the expected free upgrade, I can implement it on my network.

    Currently, I'm using MAC filtering and have disabled the SSID broadcast (I know it doesn't do much for anyone looking hard enough). So far, not a single even attempted intrusion. Though for my own peace of mind and pacticing what I preach, I will move to WPA as soon as possible.
  7. Anonymous

    Anonymous Guest

    Re: Security

    The new firmware for the 2210 has already support for WPA.
    I am using a 2210 with a Linksys WCF12 WLAN card, and running WPA with VPN.

    My WRT54G is the ADSL router. Behind this im running my (linux) server as gateway for my LAN to WAN (throuh the WRT54G).

    Why i use my WRT54G in front of the server/gateway - that is capable to connect directly to ADSL line ??
    Because i would NEVER trust a Wireless Lan to give access to my local LAN connection. If any connection from the outside is need to my LAN, this must be done with a VPN connection with user authentication at the server side.
    This is the "safe mode" of wireless networking.

    Syncronisation from the 2210 to my PC is done with a VPN connection throu the WRT54G->Server/Gateway->LAN_PC.

    Didn't use the 2210 with WLAN at home, until it supportted WPA a couple of months ago.

    BTW: Have tried the Sveasoft (in februar) and had troubles with VPN. Switched to the WiFi firmware - no troubles at all - has now been running +100 days without reebot.

    Best Regards
    Anders Larsson - Denmark
  8. jdepew

    jdepew Administrator Staff Member Member

    Re: Security

    Anders, I would LOVE to know what firmware you are running because as of Apr 30's 1.10 iPaq ROM and linksys' January (latest) release for the WCF12, neither support WPA.

    WPA support isn't being included until the 'Second Edition' version of Windows Mobile 2003.
  9. Anonymous

    Anonymous Guest

    Re: Security

    Your problem is the Linksys driver - as always :lol:
    (I have tested it and found troubles with connection stability, low qality of driver, not always detecting inserted card etc.)

    Below i tell what drivers that does work.

    Part of the fixes listed on HP's homepage with the firmware is:

    Feature request: Wireless Protected Access

    The list of fixes can be found at:

    I have just switched to a new WCF driver from EagleTech. Look for ET-CWB1000PocketCE4.exe and the file.
    But the original PRISM driver PRISM_ForWinCE300.exe works just as good (if not better). The original PRISM driver is not officially available for download - but you can find it with Google.
    Don't use the Linksys driver - work as crap - pick either the Eagletech (that requires som work) or at best the old PRISM driver that works right out of the box.

    When installing the driver/firmware please note that you dont setup the connection with the PRISM panel. Use the MS connection setup.
    The easy way is to let your AP send SSID - the 2210 will then recognize the new network and start the wizard.

    BTW: MAC filtering and disabling SSID isn't any security enhancement - it's just as easy to find an AP with or without SSID broadcast, and MAC addresses can easely be cloned.
    MAC filtering and disabling SSID broadcast just makes your life a little harder - it dosn't help on your wireless security.

    And - you can find a lot about your 2210 on the Brighthand forums:

    The WPA support is not in the driver - it's in the firmware.

    I hope this answeered your questions - otherwise look at Brighthands or tell a little more about your problem.

    Best regards
    Anders Larsson - Denmark
    (hmmm .... think i better register)
  10. BitNix

    BitNix Network Guru Member

    And is now registered - you can PM if you need the driver(s)
  11. jdepew

    jdepew Administrator Staff Member Member


    Great tutorial!

    Yeah, I've been running the SMC CF card (SMC2642W), and because they haven't updated drives in forever, I had been using other Prism drivers designed for WM2003. In fact, I had written up something on Brighthand(maybe it was PPCT) on how to use several different Prism based drivers to get them working on any other Prism card.

    Unfortunately, the only reference anywhere to WPA working on the 2215 is this first and only post from someone on PPCT "I've noticed that since the ROM upgrade I finally have support for WPA security with my Linksys WCF12 WiFi card."

    Could you please post a picture/screen shot of the network config page where you see WPA? I am eager to get it working, but so far you make two people who have it set up sucessfully.

    and re the security - i know its not security, its just a deterrent, haven't had any problems so far and was waiting on the WPA.
  12. BitNix

    BitNix Network Guru Member

    Ok - here are the screenshots.

    WPA connections:
    Notice - this is the HP setup - not the driver.
    (you find it under Controlpanel->Connections tab->Connections->Advanced->Network Card = The connection you want to configure.)

    Flightmode (new function to switch off wireless network):

    Firmware version:

    And finally - Intersil Prism driver version (the EagleTech driver)

    Hope this solved your confusion :)
    (And yes - its not the standard WM2003 background - its Wisbar Advance)
  13. jdepew

    jdepew Administrator Staff Member Member


    So, I went through all the steps to replace the driver with the EagleTec one just to prove you wrong ;-) and without any suprise, there was no difference in the settings available for the adapter or for connecting to my network.

    So, I went and downloaded PocketShot to take some pictures. Well, I get through taking all the same shots you did up until i got back to the network authentication screen. I hit the drop down box, and WTF? WPA-PSK and WPA are there!!!

    Thank you! I don't know what I did, or how this was any different from the D-Link driver (same Intersil version, i believe), but it works. Gotta amend my poll answer now.

    Now using WPA!
  14. jagboy

    jagboy Network Guru Member

    what i do to wipe out all intruders is just turn the router off when you are not using it for long periods of time.

    or just turn the poer down on the xmit power.
  15. MarkFour

    MarkFour Network Guru Member

    MAC filter + WPA
  16. jagboy

    jagboy Network Guru Member

    me too. but i have broke into my own network but i was not using wpa was using wep that was when i really figured out that wep was really insecure
  17. jagboy

    jagboy Network Guru Member

    the people that leave their networks open are the people that i really like woohooo free wifi

  18. t4thfavor

    t4thfavor Network Guru Member

    wohoo free wifi i share the wealth and i will take my chances, besides i live on a dirt road noone will even try.
    and even if they did i dont have anything worth breaking.
  19. gotamd

    gotamd Network Guru Member

    I use WEP and MAC. I would use WPA and MAC, but I have older devices which don't support it. I'm not really that worried about it, to tell the truth.
  20. jagboy

    jagboy Network Guru Member

    cool i like free wifi where did you say you live again.

    even if you dont have anyting to break into i am sure that you do online banking.
    packet sniffer+open or unencrypted wifi=bank account empty
  21. Guyfromhe

    Guyfromhe Network Guru Member

    I use wep+mac filtering+ip filtering+a pile of firewall rules.
    the wireless network can't even touch the wired network, which is where all my computers are anyway..
    PLUS the power is turned way down, and it's checking based on interface not IP.. it's also filtered further down the line at the gateway...
    port 25 is blocked in 2 different places too :)
  22. jagboy

    jagboy Network Guru Member

    nice but this is alot of seurity. u should work for IT
  23. Guyfromhe

    Guyfromhe Network Guru Member

    i'd be using WPA but it's not natively supported in win2k and my dlink drivers don't seem to work when I use the version that works with WPA it doesn't seem to work and I don't care to troubleshoot it. I also have a zipit that doesn't suport WPA and a PDA who's wireless nic drivers don't support WPA.
  24. Eugenios

    Eugenios Network Guru Member

  25. jagboy

    jagboy Network Guru Member

    i dont aggree with this guy in many ways :roll:
    like mac address filtering. sure it can be spoofed. but how many packets need to go by till you get a mac. same thing goes for wpa. but i dont get me worong it is a lot hard for wpa. but come on. mac address filter is one of the only things that home users have beides wpa, wpa radius etc...

    he should have wrote a bolg on how to secure your network not bash the tools we use the secure them.
  26. Eugenios

    Eugenios Network Guru Member

    If you go to his site from one of the links in the blog, he has a nice article on security. From what he says, security is in the encryption type that you use and the passphrase you use. He suggests WPA-AES as the best available. I do agree with you however, that there are other ways to secure your network such as a good firewall. The WAP54G doesn't have a build in firewall. I use our ADSL firewall which does a good job for incoming from the Internet. However, if someone logs in directly to our WAP54G wireless access point I won't know it and don't have a way to protect our internal lan.

  27. iket

    iket Guest

    WEP + MAC + NoSSID + very low power + highly directional ant.

    Don't discount the effectiveness of the last two.
  28. Eugenios

    Eugenios Network Guru Member


    I can't see the logic in lowering the power of my wireless, especially when I want it to work at its peak performance. I like walking around the office and going almost anywhere. I get a "good" signal even when I am three offices away. So lowering the power doesn't make sense.

    A directional antenna also doesn't do me any good. If I was to link to points that are far away, okay, it makes sense to use a directional antenna. But when roaming around the office, its no good.

  29. Guyfromhe

    Guyfromhe Network Guru Member

    1, macs are sent in the clear... mac filtering is really only helpful against the script kiddy next door who can't figure out how to boot a live linux cd...
  30. jagboy

    jagboy Network Guru Member

    this sound fimilar.
  31. Guyfromhe

    Guyfromhe Network Guru Member

    thats because it's a well known fact.
  32. Eugenios

    Eugenios Network Guru Member

    Not for long, alot of kids now-a-days are getting into linux. The smart ones at least!-)

  33. jagboy

    jagboy Network Guru Member

    me for one
  34. Guyfromhe

    Guyfromhe Network Guru Member

    and you still couldn't hack my network
  35. jagboy

    jagboy Network Guru Member

    whats your ip :D
  36. Guyfromhe

    Guyfromhe Network Guru Member, let me know if you find anything...
  37. jagboy

    jagboy Network Guru Member

    the hacking begins
  38. Guyfromhe

    Guyfromhe Network Guru Member

    is that you on optonline?
  39. jagboy

    jagboy Network Guru Member

  40. Eugenios

    Eugenios Network Guru Member

    More on the WPC54G driver...

    LinkSys told me that my specific card only supports version 2 of the installation software, and that only version 4 supports WPA-AES. This is getting weirder and weirder. How can LinkSys have two cards with the same model number and each one uses a different software version?

    I don't get it. Unless the difference is between the US version and the EU version. But then again, why don't they tell me so? I seem to be talking to someone who is not a technician and every time the ball goes around it seems to have a different color! :(

  41. Guyfromhe

    Guyfromhe Network Guru Member

    they have 3 different routers with the same model number lots of companies like making different hardware versions of the same product with the same model...
  42. Eugenios

    Eugenios Network Guru Member

    Yes, but they use the same advertisement for products with the same brand. And the problem is that I bought something that says it support WPA-AES but doesn't... because as LinkSys told me, I must change the product I bought (which has version 2 firmware) and get the one with version 4 firmware. On the box and in the Documentation they don't mention that anywhere. In other words I bought a "pig in a sack". :(

  43. wiredless

    wiredless LI Guru Member

    WPA2+AES (it's all you need as long as you have a strong key)

    SSID's are sent in the clear as well
  44. CaNsA

    CaNsA Network Guru Member

    i would use an encyption method, but tbh i cant be arsed. i never buy anything online, or use the wifi myself. i lease it out to the people i share with and they only download etc. if i needed it i would.

    my 2p
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice