Router Security - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Tech Talk (/forumdisplay.php?fid=17)
+----- Thread: Router Security (/showthread.php?tid=95049)
Router Security by roflmao456 on 07-18-2010 at 07:39 PM
I have a Linksys WRT110.
If I disable the SSID broadcast, is it safe to disable the WPA stuff? 
RE: Router Security by CookieRevised on 07-18-2010 at 07:45 PM
Depends on what you call 'safe'.
If you disable the SSID broadcast, then the chances of finding your wireless connection gets very very slim (but probably not impossible).
But still, if someone happened to remember your SSID, he would still be able to connect to it. And if you don't have other security features enabled (like WPA) they would still be able to use the wireless connection.
So, it is 'safer' to disable the broadcast than if you wouldn't.
But it would be even more 'safe' if you would also enable the WPA encryption.
PS: the model of router doesn't matter for this though. This goes for all routers...
RE: Router Security by Menthix on 07-18-2010 at 07:47 PM
quote:No
Originally posted by roflmao456
If I disable the SSID broadcast, is it safe to disable the WPA stuff?
Disabling WPA means no encryption, which means *everyone* will be able to pick up your traffic from the air and spy on whatever you are doing. It also mean everyone can connect to your accesspoint and abuse your connection.
Disabling SSID broadcast doesn't mean you are invisible, just makes it a tiny bit harder for novice users to notice you.
Always enable WPA(2) encryption on any accesspoint. Don't chicken out on using WEP either as it is as bad as having no encryption. Neither does a MAC filter (without adding encyption) protect you from anything.
RE: Router Security by roflmao456 on 07-18-2010 at 07:58 PM
Alright thanks for the info. 
RE: Router Security by MeEtc on 07-18-2010 at 08:21 PM
Personally I would recommend using EAP-TLS if your router supports it, but for most home users, this might be a bit overkill
RE: Router Security by foaly on 07-19-2010 at 08:22 AM
quote:
Originally posted by Menthix
quote:No
Originally posted by roflmao456
If I disable the SSID broadcast, is it safe to disable the WPA stuff?
Disabling WPA means no encryption, which means *everyone* will be able to pick up your traffic from the air and spy on whatever you are doing. It also mean everyone can connect to your accesspoint and abuse your connection.
Disabling SSID broadcast doesn't mean you are invisible, just makes it a tiny bit harder for novice users to notice you.
Always enable WPA(2) encryption on any accesspoint. Don't chicken out on using WEP either as it is as bad as having no encryption. Neither does a MAC filter (without adding encyption) protect you from anything.
That's a new kind of paranoid... 99.9 % of the population have no clue how to even begin sniffing packets... WEP encryption is just fine for home users... And if you are this paranoid, what good will WPA do? Or what good will WPA2-psk do?
In your flow only WPA2 psk-aes is safe...
RE: Router Security by Menthix on 07-19-2010 at 09:21 AM
quote:Correct, and what's wrong with that?
Originally posted by foaly
In your flow only WPA2 psk-aes is safe
Why would anyone ever use WEP? Unless you have devices in your network which only support WEP. It is the same process to connect, so might as well use the technology which keeps you the safest.
quote:Even if that were true (a simple google search is all it takes), you only need 1 person to get screwed, and you won't even know when it happened.
Originally posted by foaly
99.9 % of the population have no clue how to even begin sniffing packets
Might as well keep my key to the front door under the doormat outside, because 99.9% of the people won't look there and it will be convenient should I eve lock myself out
. Most people with common sense just wouldn't want to take the risk when it is just as easy to apply better security.
RE: Router Security by CookieRevised on 07-19-2010 at 11:44 AM
quote:I do agree completely with this...
Originally posted by foaly
That's a new kind of paranoid... 99.9 % of the population have no clue how to even begin sniffing packets...
quote:Common sense isn't enough though, you also need to have the knowledge. And that is the most common problem...
Originally posted by Menthix
Most people with common sense just wouldn't want to take the risk when it is just as easy to apply better security.
On top of what foaly said, I dare to state that 99.9% of the people having a wireless connection don't have a clue how to secure it. Let alone know what the difference is between WEP, WPA, etc, or know what SSID broadcasting is, MAC address, etc.
Nevertheless, for those who are security-aware, and know how-to secure their Wifi, using basic security wont hurt I guess. But you don't need to have military graded encryption turned on either for everyday use though.
RE: Router Security by djdannyp on 07-19-2010 at 11:53 AM
Security is one thing, but being paranoid won't help anything.
To continue the house analogy......it's like locking the door, having a burglar alarm, etc......all they are are deterants....something to slow people down or put them off the idea.
If they want whatever it is, they'll get it anyway, somehow. But I would imagine that for the "casual" hacker, seeing any kind of security will put them off and get them to move onto something else. And I doubt that a more "advanced" hacker would be targeting a personal environment anyway......there's far easier ways of getting someone's credit card details (as realistically that's what any hacker is going to be after)
RE: Router Security by Menthix on 07-19-2010 at 01:02 PM
I'm not blaming regular people for not knowing the terms and using defaults. But if people ask for advise I tell them they might as well use the most secure settings by hitting the WPA radio button instead of the WEP one. It doesn't take any extra effort or any extra time.
If that is being paranoid to you, fine .
RE: Router Security by matty on 07-19-2010 at 01:09 PM
Currently WPA can only be hacked using a brute force dictionary attack. Therefore if your key isn't a dictionary word then there is no luck. Come up with a sentence and using the first letter of each word replacing letters with numerical representation (7:T; 3:E; 1:L etc) and mixing up the case. There you have it. A strong password. Take it one step further and use a radius server for authentication against AD. You configure who has access and who doesn't.
RE: Router Security by foaly on 07-19-2010 at 02:26 PM
quote:WPA TKIP is actually exploitable since 2008, it might not be a really effective exploit but an exploit it is...
Originally posted by matty
Currently WPA can only be hacked using a brute force dictionary attack. Therefore if your key isn't a dictionary word then there is no luck.
Btw I have a key to my house hidden somewhere around my house...
@Menthix it was not about what you said (of course its the best idea to use the most secure settings) it was about how...
I would also recommend using WPA2, but if it gives any kind of problem, I always recommend switching to WEP64bit with a 10 digit password. Which in my experience gives the least problems when using old windows versions or obscure hardware...