Shoutbox

Hi, I'm currently using a Win XP SP3 PC connected to the internet using a Cisco ADSL modem physically connected via a network cable to the PC's network card (so no wireless). I bought a netbook that has WiFi that I plan to use in my home. So I also bought a Cisco WRT54GL wireless router. My plan is to keep the PC physically connected to the internet and the Netbook accessing ADSL via wireless. So the basic config would be:
- The ADSL signal cable going to the Cisco ADSL modem
- A network cable going from the Cisco ADSL modem to the Cisco Router
- A network cable going from the Cicso router to the PC
- The netbook accessing the internet via wireless using the router.
My question is:
1) When I'm not using the netbook, can I disable (or turn off) the routers wireless transmissions so that it acts only as a physical router? If so, how?
2) Will placing the router between the modem and the PC in the above described manner affect the internet speed (lower)?
3) Will the router (acting in physical mode only, i.e., no wireless) add an extra layer of security for the PC? Will I still need to keep the PC's installed software firewall (I'm using NIS2011)?
4) Does installing the router imply changing many of Windows' settings? Is it easy to revert back to the PC' original state if I ever decide to uninstall the router to the original config?
Thanks.

1) You can do that manually via the router's web interface; the wireless access point can be disabled when you're not using it. If security is your concern, there are multiple mechanisms you can configure to prevent unauthorized access, including MAC address based filtering. The access point also automatically adjusts its transmitting power based on the number and position of connected devices.

2) For the cabled devices no. Wireless devices will be limited to the access rate of the wireless standard used (also by half duplex).

3) Although it can't compare to a full featured stateful firewall solution, the router will keep your network behind a NAT, adding a layer of security.

4) No, you usually don't have to change anything. However, some applications will require the use of the port forwarding mechanism on the router to be able to listen to incoming connections.

quote:

---

Originally posted by mezzanine
1) You can do that manually via the router's web interface; the wireless access point can be disabled when you're not using it. If security is your concern, there are multiple mechanisms you can configure to prevent unauthorized access, including MAC address based filtering. The access point also automatically adjusts its transmitting power based on the number and position of connected devices.

---

Thanks messanine. Regarding security, I also read I have the choice of either WEP or WPA (I read WPA is better), and also the ability to use encryption. Are all of the security options that you mention manageable through the router's web interface? Is the MAC address unique to each hardware or can it be cloned? I guess I can also unscrew the two antennas from the back of the unit when wireless is not in use for an added security. Thanks

If you really want to add as many possible layers as possible consider doing the following:
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

- Obviously even when your SSID isn't broadcasted it can still be detected (IE via NetStumbler)
- All devices these days support 802.11 G
- WPA2 I am not sure if it can be cracked yet but WPA can
- MAC's can be spoofed (they are unique between each device, the first few bits are identical between manufacturers) however guessing the exact MAC of your NIC is next to impossible.

---

If you really want to screw with people then leave your WIFI open/unsecured and have a radius server that you must authenticate to

quote:

---

Originally posted by matty
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

---

Of all those WPA2 WPA2 (AES+TKIP) is the only one really adding security. Others don't add much security for the reasons you already pointed out, although they don't hurt if you want to put up with the hassle. What matters most is your passkey. WPA2 can still be bruteforced, same rules apply as with a password:
- Non-dictionary
- Length
- Mixing types of characters

Straight from Microsoft: http://www.microsoft.com/security/online-privacy/passwords-create.aspx

quote:

---

Originally posted by Menthix

quote:

---

Originally posted by matty
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

---

Of all those WPA2 WPA2 (AES+TKIP) is the only one really adding security. Others don't add much security for the reasons you already pointed out, although they don't hurt if you want to put up with the hassle. What matters most is your passkey. WPA2 can still be bruteforced, same rules apply as with a password:
- Non-dictionary
- Length
- Mixing types of characters

---

The reason I suggested doing the aforementioned is because most people won't know how to get around it.

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

then again, if they can break WPA2, they will know how to get around all the other measures

quote:

---

Originally posted by foaly

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

then again, if they can break WPA2, they will know how to get around all the other measures

---

I don't disagree with you, however I don't know if WPA2 has been cracked yet. I know WEP and WPA have been.

quote:

---

Originally posted by matty

quote:

---

Originally posted by foaly

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

then again, if they can break WPA2, they will know how to get around all the other measures

---

I don't disagree with you, however I don't know if WPA2 has been cracked yet. I know WEP and WPA have been.

---

TKIP has been IIRC, but WPA2 TKIP+AES not yet...

Does the WRT54GL router support WPA2? If not, will flashing the firmware with either Tomato or DD-WRT provide WPA2 suppport?