Hi there, love the article, i have a Netgear rangemax router at home WNR834b. I have 16 different items connecting regularly, including 3 PC, 2 PC Laptops and a MacBook Pro, 3 Nintendo DS, 3 Iphones, Ipod Touch and a PS3 Wii and Printer. The router speeds at a max of 270 Mbps. Initially I tried Wep passwords but when i chose the faster modes it only allows for WPA-PSK (TKIP) + WPA2-PSK (AES)security. Problem is that many of my client items DS and Wii and PS3 do not liek the higher security. Until recently i ran the network at WEP the lowest common denominator. Recently I read up on Access Control Lists and now finally understand what MAC addresses are (not where my mac book pro used to live) I have now connected all devices in an access control list,
My QUESTION ? is since they are the only devices allowed on my network can i now dispense with security passwords as all of my connected items are working properly with the security switched off. This is a home network in suburbia.
What is Wi-Fi Protected Setup? (WPS)
Categories: WGR614L (Legacy Product)
WPS (Wi-Fi Protected Setup) was introduced and developed by the Wi-Fi Alliance (http://www.wi-fi.org/) to help standardize and simplify ways of setting up and configuring security on a wireless network. Traditionally, users would have to manually create a wireless network name (SSID), then manually enter a creative, yet predictable security key on both the access point and the client to prevent unwanted access to their wireless network.
This whole process requires the users to have the background knowledge of the Wi-Fi devices and the ability to make the necessary configuration changes. WPS was introduced to relieve and remove all of the guesswork of securing a wireless network by typing a short PIN (numeric code) or pushing a button (Push-Button Configuration, or PBC).
On a new wireless network, WPS will automatically configure a wireless network with a network name (SSID) and strong WPA data encryption and authentication. Wi-Fi Protected Setup is designed to support various Wi-Fi certified 802.11 products ranging from access points, wireless adapters, Wi-Fi phones, and other consumer electronics devices.
Advantages of WPS
- WPS automatically configures the network name (SSID) and WPA security key for the access point and the WPS enabled client devices on a network.
- You do not need to know the SSID and security keys or passphrases when connecting WPS-enabled devices.
- No one can guess or figure out your security keys or passphrase because the keys will be randomly generated.
- No predictable passphrases or long sequences of hexadecimal to enter
- Information and network credentials are securely exchanged over the air using the Extensible Authentication Protocol (EAP), one of the authentication protocols used in WPA2.
- WPS has been integrated and supported in Windows Vista (currently, Windows Vista only work in Registrar mode)
Disadvantages of WPS
- It does not support “Ad-Hoc” mode or network where wireless devices are communicated directly to each other without an access point.
- All of the Wi-Fi devices on the network must be WPS certified or WPS-compatible, otherwise you will not be able to take advantage of the ease of securing the network.
- Difficult to add a non-WPS client device to the network because of the long sequences of hexadecimal characters generated by the WPS technology.
- This technology is fairly new, so not every vendor will support the WPS technology.
Facts about WPS
- WPS is a non-proprietary specification that will be a certified technology controlled by Wi-Fi Alliance.
- WPS is an optional certification program for Wi-Fi Certified products.
- Not all Wi-Fi Certified products will include WPS support, users need to look for the Wi-Fi Protected Setup logo or term on the products to ensure that the product is WPS compatible.
- There are 2 primary methods used in the Wi-Fi Protected Setup:
- PIN entry – a mandatory method of setup for all WPS certified devices
- Push button configuration (PBC) – an actual push button on the hardware or through a simulated push button in the software. (This is an optional method on wireless client).
- If you are using the PIN method, you will need a Registrar (access point/wireless router) to initiate the registration between a new device and an active access point/wireless router. (Note: The PBC method may also need a Registrar when used in a special case where the PIN is all zeros)
- WPS is NOT a new security feature – it makes the existing security features easier to configure.
NETGEAR products supporting WPS
- WNR834Bv2
- WGR614v8
- WGR614L
- member since: 01/23/2008
- rank: 2 of 6305
- 15 articles authored
- 8 forum threads started
- 265 comments
Fro what I understand there are programs called "Packet Sniffers" that can wirelessly get info. They then can in turn find out your MAC addresses. From there they just fake a login using your address.
So I would say just to be on the safe side go with at least WEP. That can be hacked also but it requires more work and unless you have a very geeky neighbor it probably won't be a problem.
View unverified member's comment - posted by RN
Using MAC filtering is a great step in securing your home network. It essentially hinders anyone from using your network as a means to attack another entity (which hackers frequently do).
However, as a certified IT security expert, I can tell you that a hacker would have no need to access your router or your internet connection to steal YOUR information. All of your communication with the wireless router is basically in "plain text". There are many FREE various wireless sniffing software programs out there. All s/he would need to do is be within range of your wireless signal and grab all the information straight from the air using these sniffers. You will never even notice it - until you make an internet transaction and realize a week later that your banking information has been stolen. The purpose of wireless encryption is not only to keep hackers from accessing your home network, but also from not being able to interpret the wifi signals you are creating by communicating with your router.
It's also important to note that WEP is not a very secure form of wireless communication. Even basic hackers can crack the encryption key within a matter of minutes. It is much better to use WPA or better yet WPA2 encryption. Also, if at all possible - since you figured out how to enable MAC filtering - go into your router and disable SSID broadcasting. That way no one will SEE your network. Someone will have to be actively LOOKING for your network in order to access it (or sniffing for signals). My point here being that it will make it LESS LIKELY for someone to just stumble upon your network.
Right now, it seems to me like you have a wireless network with NO encryption broadcasting. This means that anyone within range just has to open their computer and look at a list of available networks. And yours won't have an icon of a padlock next to the signal strength. Which network do you think they will try to get into first? Sure, you have MAC address filtering turned on so the laymen won't be able to connect, however if a hacker notices that you have MAC filtering enabled, s/he may get curious and turn on a wireless sniffer to see what's going on with this network.
Another thing to consider. A person "in range" of your signal doesn't necessarily have to be only 100ft away. They sell amplifiers which can pick up signals from miles away. I can be a teenager a few neighborhoods away from you and still pick up your wireless signal (as well as hundreds more). If you make your network invisible to him (DISABLE SSID broadcasting) then he probably won't even think to search for your network - he'll most likley just try to break into an unsecure network.
This advice does, however, come as a double-edged sword. The hacker may see hundreds of unsecure wireless networks, then try and look for networks with hidden SSIDs (there are programs which detect hidden ones as well), and maybe think that a network that goes out of its way to hide it's SSID AND enable WPA encryption must have something worth looking into and your heightened security may have painted a target for the hacker.
Bottom line: you're doing a great job about being concerned about security, you just need to take it one step further and enable WPA. That is the best way to secure your network without looking like you're hiding something valuable. It is very common for household networks to encrypt their wifi networks with WPA, but not so common for them to hide their SSID.
Hey Teo a very comprehensive answer thanks, I have mac filtering, ssid off and WPA-PSK (TKIP) + WPA2-PSK (AES) enabled security. My original problem was that my rangemax wnr 834b can be set to 270mbps but because i have a range of older and newer devices nintendo ds wii iphones laptops etc, when i max out the speek to 270 i can only use the WPA-PSK (TKIP) + WPA2-PSK (AES) setting at which the older devices cannot recognise the router but they would if the router was on flat out without security. Anyways i got around it by adding a new N wireless card to one pc and a new N usb to a laptop they were the main culprits. Thanks again for the lesson and well im pretty sure my network which incidentially has nothing worth stealing except my mothhly download is now secure.
Regards
RSS
