How to make a wireless more secure...

[QbA]

My wireless is running... i have a linksys router and along with my t42.

In the connection properties i see "unsecured wireless network". What are the changes you would recommend in order to make it more secure?

Thanks.[/quote]

[lfeagan]

So, there are two basic parts of security in this case:
1) Access control--limit access to the router
2) Protect the data being transmitted

So, to do 1 there are a number of alternatives, though for simplicity's sake I am going to assume you are running on a home network and do not have a RADIUS server and don't really want to run 802.11x. So, the easiest form of access control is just to set the MAC address filtering to only allow your wireless card to access it. It isn't a big deal, and yes, I am aware of all the caveats, but you might also want to stop SSID broadcast. Once again, it is an easy way to stop "prying fingers" from getting curious.

As for protecting your data, run WPA-PSK TKIP. WEP is better than no security, but its not great. WPA is a much better choice. There have been some great articles on the internet and you can also find a lot of information if you happen to know someone who reads IEEE Security & Privacy about WEP being fairly easily crackable. WPA should keep your data safe.

Hope this helps get you started.

[Plinkerton]

I don't know much about this, so for my home router, I have MAC filtering on, and my SSID broadcast disabled.

That's all I have. I'm not connected to the desktop computer with a network or anything.

Should I be doing more?

[DavidNZ]

MAC filtering is good because it basically prevent someone else from logging in to your network. Of course, there is always the chance that they could spoof your MAC address, but that's only if they're really desparate. I say: if they want internet access that bad, let 'em have it. SSID being hidden is good to, but it doesn't mean you're invisible to snoops - just means that they don't know your network name. The can sniff this if they really want. Those two combined, you're making any (local) hacker's job harder, which is good.

What you should also do is encrypt your wireless data. I use WEP at 128-but encryption, but lots of people say go with WPA. Your T42 should be able to support WPA, as should your router. Without encryption, everything you transmit can be packet sniffed by anyone within range, meaning passwords, credit info if you're shopping online, or email.

if you use WEP, just remember to change the 'key' every month or so. And if you see any strange cars outside your house just sitting there, day after day, go offer them some lemonade!

[Plinkerton]

I can't figure this thing out. I have a Linksys W54SGRT or something like that. When I enable the encryption, and generate a key thingie, it doesn't seem to work. I enable the WEP encryption, I type in a passphrase, then I generate a key. After I save my settings, my wireless disconnects on my TP. I go to the wifi network thing, and select my WAP. It gives me a place to enter the key, and then confirm it. The key is quite long. After I do that, I hit connect, and it never works. I'm using the standard stock network stuff that comes with the T42. I don't use anything else.

What am I doing wrong?

[bevross]

Well, you know you have to configure both the Linksys & the Thinkpad the same? To configure the Linksys, type 192.168.1.1 in your browser to access the menu. Don't know if this is the problem. Hey, I had one of your routers & it turned out the wireless access point part was broken. Got another & it works. Also, in the security setup for the linksys wireless: pick WPA-Pre-Shared Key as the "mode" and TKIP and the "algorithim" Do the same for the Thinkpad.

[lfeagan]

Here is another tip, which is pretty obvious, but often overlooked, only implement one thing at a time. There is a low likelihood that you could get all the things setup right the 1st time if you tried to do them all at once. My suggestion would be to setup WPA first, then add on the MAC filtering and other things like that. If you have trouble with WPA, check for firmware updates for your Linksys. Also, try using WEP too. The setup is pretty similiar, though WEP is a tad easier to setup in general.

[Plinkerton]

Bevross, I got the part on the router, but it's the ThinkPad part I'm having trouble with. Where exactly do I go to select that option on the Thinkpad?

[skanky]

access connections will be able to let you use WPA or alternatively you can use XP SP2's wireless zero config util.

[Plinkerton]

No SP2 yet. My computer is working great, and I don't want to screw it up before I can make a system backup.

It just seems strange, that when I set it up, and plug in the generated key, it just doesn't work. Maybe i'll update the firmware.

Thanks guys. i'm going to sleep.

Until tomorrow.

[skanky]

or this: http://tinyurl.com/4fyux if you want to stick with SP1.

[DavidNZ]

Plink,

Best thing to do is start from scratch (reset your router) and, as mentioned above, one thing at a time. Get a hold of a manual for your router, but i would recommend doing everything in this order:

Use the ethernet cable it likely came with to connect to it and configure it. I would suggest sticking with 128-bit WEP, so basically you would be just turning that on and assigning a key for it. Once you've got the router all set up, generate a new profile in Access Connections. It'll ask you what level of encryption, saying WEP and give it the key. That way, when you tell AC to find your wireless network, it knows that the router will ask it for a key.

[Plinkerton]

Alright everyone. Thanks a lot. i think I'm going to update everything. I'll update the firmware, and reset the router and all that stuff, and probably install SP2.

Last time, with my other T42, the SP2 install went well. Later on in the week though, my computer completely died and stopped working, hence this replacement. I don't know what exactly happened to it, but definitely want to keep it from happening again. Can anyone give me an exact list and links of what I need to install prior too or after the SP2 install? Drivers and other updates, etc.

I don't think I'm going to install SP2 until I'm positive on what I need to do.

Thank you very much everyone. I'll keep you updated on what happens with the router.

[DavidNZ]

Relating to SP2, I don't think I'm even going to bother with it.

For the most part, it's about security. Well, the way I figure it, I sit behind a hardware and software firewall both at home and at the office, and I keep my machine patched. I watch the logs of my router and it's funny to see bots trying to poke a hole. Nobody has gotten through yet (AFAIK).

I don't want the improved Windows wireless network stuff because I like AC. So, in the end, and I've even read this in a major Australian computer magazine, if you are protected, leave it for now, which is what i'm doing. Heck, it took me a year to install SP1 on my old R32, and in that time I was never infected, never hacked and nothing major went wrong (aside from two dead motherboards, that is!).

*sigh*

David

[Plinkerton]

Alright. maybe I won't install it. It always makes me nervous as it's installing. It's like I'm waiting for something bad to happen. My friends Drafting office doesn't mess with it either. They all say if it ain't broke...

I'll get my encryption going and all that. Other than that, I use Zone Alarm, have updated Norton, and use Mozilla Firefox. I use the wireless router at home, which is 99% of the time, and the other time I use my University's wifi network, which you have to log in to with a password and user name. I run Spyware checkers all the time also. I have heard that the router is a hardware firewall.

I don't know too much about all this stuff, so If all that is protection enough, I would rather not deal with SP2. My last computer died, and I can't have this one screwing up too.

Thanks,
Plink

[skanky]

ive used SP2 on a toshiba laptop since the network admin install was released (before it was put on windowsupdate) and i gotta say ive had no problems with it whatsoever.

[EvilTee]

Me too. We have SP2 installed on all XP computers in our office. Works fine.

[Plinkerton]

Yeah. I don't know what I want to do. I installed in on my other T42, even thru wifi, and everything seemed to work out fine. I'll probably do it eventually.

Anyhow, with regards to getting my encryption going, I got it all figured out. I turned off mac filtering, and turned on my ssid broadcast, then configured the WEP, and plugged in the key, and it worked. I then turned off ssid broadcast, and turned mac filtering back on, and everything still works fine.

Thanks a lot for all the help,
Plink

Now if you could help me out on my other question, I would be forever grateful!

It's right here:
http://forum.thinkpads.com/viewtopic.php?t=4675

Thanks again!

[DavidNZ]

My desktop in my office has SP2 with nary a problem, but i'm holding out. As I say, to my way of thinking, if you are firewalled (both hardware and software) and have active virus protection enabled, I hardly see the point.

You watch, I'll have to eat those words at some point. Story of my life...