Wireless security best configuration

Similar Messages

• Best wireless security for mixed Mac OS X, Windows XP and Windows 2000

  While I am posting, I may as well ask this question too.
  It seems that WPA/WPA2 are only supported by Windows XP or later.
  But I also think I read somewhere that there are different flavours of WEP for Macs and Windows.
  For a home network based on AE, what is the best form of wireless security to handle 2 Macs (iMac and MacBook Pro), a Windows XP and a Windows 2000 notebook (all running wireless G).
  Thanks

  Thanks for the suggestion Michael - unfortunately software changes to the Win2k machine are not an option for me - it has been completely locked down by my corporate IT dept.
  So I think I am stuck with WEP. From scouring the Apple tech discussion posts it looks like a five letter ASCII or thirteen letter ASCII password in WEP are my only options, but I am not sure which of these is most appropriate for all 4 machines.

• Wireless security with zero client configuration

  Dears,
  i have a client that needs to have 802.1x based wireless security with zero configuration at his smart-phone devices , just needs to select the ssid prompt for authentication ,login by his domain account and that's it .
  is it possible ?

  You can find examples on the Internet depending on what Radius server your using.
  Here are some:
  http://www.labminutes.com/sec0095_acs_wireless_dot1x_peap_eap_tls_machine_authentication_2
  http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Best configuration for Time Capsule & Airport Extreme running one wireless network?

  We just moved to a house that does not have Ethernet pre-wired so I've had to re-setup the wireless network in a different configuration and it seems we're experiencing deteriorated wireless signal for devices like laptops.  It will work perfectly fine (and fast! wheee!!!) but then it will slow to a crawl and mostly timeout.  before I reset everything and start from scratch, I'd like some help.  As an FYI, when connected via Ethernet to either of these, Internet is blazingly fast… so my problem here is the Wireless portion. 
  As some background, here is how we had the network set up in the previous house which was working great (although it was wired for Ethernet which made things A LOT easier):
  Airport Extreme (4th Generation)
  Wireless Mode: Create a Wireless Network
  Internet Facing (Connected to the Cable Modem)
  Location: Upstairs Utility Closet (with Smartbox and cable modem)
  Time Capsule (1st Generation)
  Wireless Mode: Extend a Wireless Network
  Joined to existing network above, but also connected to the Ethernet jack
  Location: Upstairs Office
  Here is the current set up we have running:
  Time Capsule (1st Generation)
  Wireless Mode: Create a Wireless Network
  Internet Facing (Connected to the Cable Modem)
  Radio Mode: 802.11n (b/g compatible)
  Location: Upstairs Office
  Airport Extreme (4th Generation)
  Wireless Mode: Extend a Wireless Network
  Joined to existing network above with NO incoming Ethernet connection
  Location: Downstairs Family Room
  My understanding is that the Airport Extreme should pick up and relay the signal downstairs, as well as provide the router for the devices downstairs that need Ethernet (TiVo, Apple TV, etc).
  So, my question is (and thank you in advance for helping me sort this out!), what would be the best configuration to optimize the Wireless performance in the house? 
  Also, for whichever device is the one picking up the existing network and providing the router capabilities for the Tivo and such, is it possible for it to pick up but not rebroadcast the signal?  I think in this new house we may have a good enough signal from the office, without the need to rebroadcast it.  My theory is that in this house, they are too close together and interfere with each other and/or devices aren't sure which to choose so they bounce back and forth endlessly.  Again, just a theory.
  Many thanks again for your help! If I've left out any information, please ask and I can provide. 

  Should they be running on the same channel (as with the "Extend" option previously? Or just both on Automatic channels?
  I would recommend the Automatic setting on both devices because this will allow each router to scan and choose an open channel automatically. If  you want to set the channels manually, keep them separated by at least 4-5 channels. You would not want to ever use the same channel for both devices in this type of "roaming" setup.
  Is there a way to limit bandwidth per device (or action) so that it doesn't monopolize the network and keep other devices from using it?
  Nothing that I am aware of. It sounds like  you have some young users who are likely visiting Bit Torrent sites, which will really gobble up the bandwidth with big, heavy downloads. The Time Machine has to back up the same files again when it makes the next pass, so that clogs things up again.
  Backups would go 3-5 times faster, on average, if the computer(s) could connect using Ethernet, but I understand that wires are not cool with the younger crowd.
  should BOTH the TC and AE be set up in Bridge mode?
  The AirPort Extreme should be set up in Bridge Mode.
  The Time Capsule...it depends. If the TC is connected to a simple cable modem...then the correct setting for Connection Sharing would be "Share a public IP address" on the TC. That is because a simple modem has only 1 IP address to deliver. The TC takes that address and "shares" it with other devices by setting up a local network for all your other devices.
  If the TC is connected to a gateway....a combination modem/router in the same box that usually has 3-4 Ethernet ports on the device....then that device would be considered the main router on the network and the TC would be  configured in Bridge Mode in that case to function correctly on the network.

• Best Wireless Security Settings-WRT54G Linksys Router

  I've been running into problems attempting to set the wireless security settings for my router and then trying to connect to the internet from my iBook. As long as I enable SSID broadcasting I can find my router but the problem starts when I enable the security settings. The iBook will then ask for the password and nothing I've inserted works??? I'm at a loss. I've given up, those sorts of brickwalls can do a number on your head--major headache this weekend..so I will try again tomorrow. I thought the passphrase is your password--the only thing that I haven't tried (after searching the forums here) is putting the $ in front. Does anyone have this particular router that can give me some suggestions (in basic, simple terms please) that can help me get started on a good security setup so that I won't be scared someone in the neighborhood (as I've read previously) is scanning and can log onto my internet connection. Thanks!
  iBook G4   Mac OS X (10.4.5)  

  Why in heaven would you want WEP to secure your network when you can have WPA which is more secure and doesn't have this kind of problems???
  With the right tools (available free on the net) you can crack almost any WEP protected network in less than a day (I have done this with my friends to prove them how weak WEP is).
  So imagine you set your WEP protected network, a neighbor crack it and use it, all of this while you CAN'T use your own network.
  You should try WPA, good luck...
  BTW: I have the same router, with WPA and SSID broadcast disabled.
  Message was edited by: CD5VS

• Configuring 802.11 wireless security in WRT110

  I wish to implement 802.11 wireless security settings in my router WRT110. I am unble to see how it can be done . Any suggestions ?
  Thanks
  Shrikant

  Gain access to your admin pages in the router and select the wireless tab.
  Then go here.

• Wireless Security & Authentication methods

  Hi,
  I've some experience on WLAN Networks, but I would like to have your opinion around Wireless Security implemenations.
  We have several sites where we have some Cisco Access points running IOS. We are currently doing WEP 128b, with Mac-Authentication against a central ACS Server.
  But having fixed WEP, and mac registrations is not very practical.
  Do you know about any method to have authentication against Active Directory (passing through the Cisco ACS), and Dynamic WEP Keys ?
  Any recommendation is welcome.
  Of course with this we would like to bring up our level of security.
  Thanks a lot for all,
  Best Regards,
  Jorge

  802.1x/EAP authentication is the most popular authentication method in wireless. The following documents explain how to configure EAP authentication.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

• WRT100 wireless security

  Last week I bought the WRT100 router.  It's kinda working (loss of signal and weak signal) so I'm not sure I want to monkey around with it but I was reading the user guide about wireless security and I am a little concerned.  Should I attempt to change the security settings to WPA or WPA2 and MAC filtering?  I'm not sure what this means but it sound like I need it not to get hacked.  Also will any of this slow down my connection wired or wireless.  Any suggestions. 

  Before you try to setup wireless security, you need to get your router working properly.  Leave your wireless unsecured for now, until you can get it working properly.
  1)  If you connect a computer to the router, by ethernet wire, do you get a properly working Internet connection?
  There are many causes for poor wireless connections, and many solutions:
  First of all, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
  Poor wireless connections are often caused by radio interference from other 2.4 GHz devices. This includes wireless phones, wireless baby monitors, microwave ovens, wireless mice and keyboards, wireless speakers, and your neighbor's wireless network. In rare cases, Bluetooth devices can interfere. Even some 5+ GHz phones also use the 2.4 Ghz band. Unplug these devices, and see if that corrects your problem.
  In your router, try a different channel. There are 11 channels in the 2.4 GHz band. Usually channel 1, 6, or 11 works best. Check out your neighbors, and see what channel they are using. Because the channels overlap one another, try to stay at least +5 or -5 channels from your strongest neighbors. For example, if you have a strong neighbor on channel 9, try any channel 1 through 4.
  Also, try to locate the router about 4 to 6 feet above the floor, in an open area. Do not locate it behind your monitor or near other computer equipment or speakers. The antenna should be vertical.
  Also, in the computer, go to your wireless software, and go to "Preferred Networks" (sometimes called "Profiles" ). There are probably a few networks listed. Delete any network named "linksys". Also delete any network that you do not recognize, or that you no longer use. If your current network is not listed, enter its info (SSID, encryption (if any), and key (if any) ). Then select your current network and make it your default network, and set it to automatic login. You may need to go to "settings" to do this, or you may need to right click on your network and select "Properties" or "settings".
  If the above does not fix your problem, download and install the latest driver for your wireless card.
  Some users have reported improved wireless performance by switching from WEP to WPA encryption.
  If you continue to have problems, try the following:
  For wireless g routers, try setting the "Transmission Rate" to 54 Mbps.
  If you still have trouble, download and install the latest firmware for your router. After a firmware upgrade, you must reset the router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it.
  Report back with your results.  When you get your router working properly, we can proceed with setting up wireless security.

• Wireless Security Problem (PC Laptop)

  My PC laptop will connect wirelessly whenever I create an unsecured wireless connection; however, whenever I enable the wireless security feature; it no longer connects to the internet (0 bytes received). Any thoughts?

  Hello Tesserax,
  Thank you for your reply and assistance.  I was able to resolve this issue by updating my wireless adaptor driver.  I found another user on my laptop's support website that had the same issue.  I'm FINALLY... utilizing my wireless internet .
  Best regards,
  Shawn

• Wrt160nv2 wireless security help

  Hello I'm new to this forum and had some questions regarding the wireless security settings on this router (WRT160Nv2) I have the security mode set to: WPA2 and what I need to know is which Encryption is better AES or the other setting which is TKIS or AES shouldint it be just TKIS? Any info would be great thanks still trying to figure out the router...

  AES offers a higher level of encryption than TKIP, or "TKIP or AES". 
  Here are my other tips for setting up wireless security:
  To set up wireless security, you must use a computer that is wired to the router.
  Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" or the "Security" section of the router's setup pages, located at 192.168.1.1
  First, give your router a unique SSID. Don't use "linksys".
  Make sure "SSID Broadcast" is set to "enabled".
  Next, leave the router at its default wireless settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
  To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
  Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
  WEP - poor (see note below)
  WPA (sometimes called PSK, or WPA with TKIP) - good
  WPA2 (sometimes called PSK2, or WPA with AES) - best
  WPA and WPA2 sometimes come in versions of "personal", "enterprise" or "radius". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
  The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
  Retest your system and verify that your wireless Internet connection is still working correctly.
  And don't forget to give your router a new login password.
  Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
  Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
  One additional issue is that Windows XP requires a patch to run WPA2.   The patch is located in SP3, so you will need SP3 to run WPA2.
  Note:
  WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption.
  Message Edited by toomanydonuts on 06-25-2009 03:43 AM

• Facetime works with wireless security disabled, dropped otherwise

  On a D-Link DIR-615 wireless router, configured as an access point.
  Security mode: WPA-Personal
  WPA mode: WPA2 Only
  Cipher type:AES
  I tried inserting a 1.3 Mb file, to no avail.
  I have an iPad mini with OS 8.1.2
  Please let me know if more information is req'd.
  To have facetime with my son and grandchildren I have change the security mode to 'none' during the session! Really? If I do not, we have about a one minute session that is dropped.
  Any ideas will be explored!
  Thanks in advance,
  Grandpa Pete

  Three answers:
  1-The router is an access point as it is a 'slave' to the wired router. The wired router assigns the ip addresses and is connected to the Comcast-Arris modem.
  2-Security mode options: None, WEP, WPA-Personal, WPA-Enterprise and
  the password options are Auto (WPA or WPA2), WPA2 Only, WPA only. I chose the WPA2 only as some other place I'd seen something about a problem with the TKIP cipher. I'm a novice, though. What you're suggesting makes sense and I'll try to go to WPA only.
  3-I tried inserting a file showing the wireless router setup page, via a screen shot. I can't even insert a half Mb file, for whatever reason. The error page says to keep it to less than 2 Mb.
  -As above, the wireless device must be an access point. It's in the living room, where wireless devices are mostly used. The wired router is in one corner of the house, with the main winxp pc.
  -I can't make the wireless router security mode WPA2, so I used WPA for everything and see if it works for the next facetime session. All the other wireless devices are now functional.
  -I'm not understanding the third option. Is that for my tower, each wireless device?
  (No, winxp is not a joke. I use it as my main pc os and have no need to replace it. I'm posting my problem in this forum because we now have an apple product, the mini iPad, and I'd sure like to use it for the facetime with the wireless security setting on during the session. So far, it's REQUIRED to turn the wireless security off to keep the facetime session longer than about 60 seconds.)
  Thank you very much for your time! I really appreciate it. As a novice, routers are still mysterious to me, what with all the settings inside of them.
  Grandpa Pete
  btw: my question is not solved. Not at all! I still believe I have an unsolved question. I don't know why the green box and checkmarks exist! Did I miss something?

• Remoting Security: Best Practice

  I am exploring Remoting and I am curious about security best practice. By default, Enable-PSRemoting will configure an HTTP listener that listens to all addresses. Initially I thought this address was the addresses of the computer making
  the demoting request, but it isn't, it's the address on the local machine that is doing the listening. My reason for thinking this was the controller machine IP was that I thought I might want to limit successful remote requests to just the one machine. From
  a security standpoint this seemed better than letting any machine initiate a remote session. I know that the remote session is limited by the permissions of the user initiating, so any real threat is only because I have already been breached anyway. But still,
  I wonder if there is a way, and value, in limiting remoting to a subset of machines?
  Or is the default here really fine from a security standpoint as well?
  Thanks!
  Gordon

  It is most secure to configure remoting and restrict it using Group Policy.  GP will let you define subnets for both ends of the conversation network wide.
  \_(ツ)_/

• Wireless Security & Methods

  Hi,
  I've some experience on WLAN Networks, but I would like to have your opinion around Wireless Security implemenations.
  We have several sites where we have some Cisco Access points running IOS. We are currently doing WEP 128b, with Mac-Authentication against a central ACS Server.
  But having fixed WEP, and mac registrations is not very practical.
  Do you know about any method to have authentication against Active Directory (passing through the Cisco ACS), and Dynamic WEP Keys ?
  Any recommendation is welcome.
  Of course with this we would like to bring up our level of security.
  Thanks a lot for all,
  Best Regards,
  Jorge

  An ACS server can be used to do authentication based on user logon to AD.
  So it would only require a single login if your wireless adapter supports it.
  You would just need to enable the wireless vlan to do 802.1x (EAP-FAST) authentication.
  This document would answer some of your questions.
  http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa09186a00802030dc.html

• Wireless security cam

  hi,
  I am planning to install several wireless security cams at home, and the one from linksys seemed  a good choice to me. 
  I am looking for a specific feature that I am not able to find any explanation on. In the features I see that I am abe to watch live immages remotely, and record those live images. What I am also looking for, is that the system can automatically takes and record immages, even when I am not connected to the cam.  assumethat there is a stranger in  our house, I wantthose images t be recorded at a later stage so that I can see who has been there. 
  Is that possible with the linksys cam?
  Many thanks in advance.
  Best regards,
  Koen

  Yes,using the motion detection feature on the linksys camera it is possible...Some good linksys camera are WVC54GC,WVC54GCA,WVC80N.

• Wireless Security Solution

  I have heard a lot of talk about Wireless Security. And have at least a working knowledge of the two possible solutions, VPN and EAP. However, how to choose the best possible solution? VPN is expensive and still leaves me vulnerable to Impersonation attacks. EAP is cheaper but nonetheless leaves me vulnerable to Brute Force attacks. Of course the chances of someone walking into our building(s) and stealing a laptop with VPN software on it are probably greater than any of the aforementioned threats. I guess what I'm looking for is a "voice from above" to guide me on which solution I can take to my superiors and say "This is what we are going to do" and why solution X is better than solution Y.
  Thanks!
  STU...

  Stu,
  VPN vs WLAN: To what degree do you want to geographically control access? If WLAN is
  attractive because you’re looking at a LAN bridging solution, then VPN is over-kill. But if the distances are great (connecting from home) WLAN is out. In WLAN terms how big is your proposed "cell" (800m) or is the reach of users measured in miles? I can share with you an outline of WAP security controls for WLAN if what you’re leaning toward is a LAN-bridging solution. That should help you get your arms around security for a Cisco-centric WLAN solution. I do security 100% of the time, and I just finished due-diligence for WAP WLAN bridging.
  -Mark