Need guidance to secure a wireless router behind a wired router
adarryl
No Man Stands So Tall As When He Stoops To Help a Child. Icrontian
I sure could use some direction on how to secure my wireless connection. My home network setup is bit complicated. Here is how it goes:
ADSL modem> D-Link 4 port router> Zonet 16 port switch> Zonet Wireless router. In all, 5 desktops are served by this setup and only one notebook uses the wireless connection. In the wireless router's config utility, I have STATIC IP information entered that consists of the Primary (hardwired) Router's information. I have "Wireless WAN" selected under WAN Medium, a specified MAC addy, Security mode WPA2-PSK, AES selected as an algorithm, plus a pass phrase. Everything works fine with this setup. Still, when I survey wireless connections in my area using the Realtek LAN Utility, my wireless comes up as OPEN with no encryption. Going back in the wireless router's utility, I went to WLAN Settings and set Security Mode to WPA2 Personal, selected AES for WPA Alogrithms and set a pass phrase. After applying these settings, I lost wireless connectivity and couldn't get it back except by reversing settings. So I am stumped. I figure I am missing something obvious, but dang if I know what it is. Can anyone point the way? THX!
ADSL modem> D-Link 4 port router> Zonet 16 port switch> Zonet Wireless router. In all, 5 desktops are served by this setup and only one notebook uses the wireless connection. In the wireless router's config utility, I have STATIC IP information entered that consists of the Primary (hardwired) Router's information. I have "Wireless WAN" selected under WAN Medium, a specified MAC addy, Security mode WPA2-PSK, AES selected as an algorithm, plus a pass phrase. Everything works fine with this setup. Still, when I survey wireless connections in my area using the Realtek LAN Utility, my wireless comes up as OPEN with no encryption. Going back in the wireless router's utility, I went to WLAN Settings and set Security Mode to WPA2 Personal, selected AES for WPA Alogrithms and set a pass phrase. After applying these settings, I lost wireless connectivity and couldn't get it back except by reversing settings. So I am stumped. I figure I am missing something obvious, but dang if I know what it is. Can anyone point the way? THX!
0
Comments
Here is a 5 year old Ziff Davis article on those myths.
http://www.zdnet.com/blog/ou/the-six-dumbest-ways-to-secure-a-wireless-lan/43
WPA2 with AES & a really long password will suffice for most systems. ie
And you'll have no one on a "phone" snooping on your system...
What makes it all crackable is really short words or phrases like "bobs wireless" etc... easy to type in and remember for all your wireless friends who come over to use your system.
Also easy for dictonary / phrase attacks...
Good Password Generator: https://www.grc.com/passwords.htm
The long keys can be exported to a keychain and imported when needed, so you don't have to type it in or remember it.
Nobody is going to sit outside your house and beat on your secured network when there are 15 other networks down the road wide open.
wififofum
wifiscanner
wifi analyzer
these are only a few tools that i found in the android market, i have had a lot of success with wififfofum in the past, with the google operation systems being unix based its only a matter of time before airodump and aircrack are ported over for a cell phone if it hasnt already
It is agreed that apps are out there for just about every device to allow the discovery of wireless network info. The info has to be accessible or users / range extenders / printers etc would have a difficult time connecting...
These phone apps are not going to let you on my network, they can probably capture the packets you need to drag home to your i7 for analysis. Using the common CoWF ESSID / Dictonary hash table (33GB = 1000 common ESSID & ~1M words) you pound away at the data. But wait... my ESSID is not common, so you'll have to regenerate the hash against my uncommon ESSID.
Using Pyrit and the i7 you'll get about 1300 keys/s. Add 4 GTX295's and you will get 89K keys/s. You run this against a 1M / 2M word list. Still no luck, must be random characters. You would not have the time or the diskspace to run a full hash table generation on anything over 10 characters of random data...
I digress though as most can't run the tools to capture the packets in the first place.
I am not stating that these phone apps are not out there or that you cannot see my wireless information or you might even be able to crack a bob1 password on your phone.
My issue was with information that gives a false sense of security. When people here ask how to secure their wireless network properly, a strong non dictionary password of 20 characters or more should be the first order of business, WPA2 w/AES then everything else is either secondary or moot. If they choose to make their password bob1 and WEP cause they have an old laptop then that is their choice, but they are properly informed first.
Just a personal peeve with me...
The crux of this conversation is to use either 20+ random characters with WPA2-AES or something like 3 uncommon words strung together (I can't find the link showing the math behind that, but it was millions of years of supercomputer time).