cancel
Showing results for 
Search instead for 
Did you mean: 

Should I encrypt?

tex
Grafter
Posts: 64
Registered: 30-07-2007

Should I encrypt?

Hi,
I have a Netgear router and I'm connecting two computers to my Plusnet internet. I have Norton Internetsecurity 2005 installed on both computers, should I turn on wifi encryption on my router for extra safety?

I don't know much about wireless connections so what would be the difference with/without encrypting?
10 REPLIES
cfroggett
Grafter
Posts: 38
Registered: 30-07-2007

Should I encrypt?

Even basic WEP encryption I would recommend because:

(a) it means that neighbours can not hijack your WiFi connection and use it themselves for the internet
(b)which also means that the more handy ones cant read your bank details while you are surfing around (for example)
(c) and it protects your PC from someone attacking you via wifi

WEP is easily broken, but I don't think anyone will bother trying it on one person. Most wifi kit comes with more advanced encryption these days (WPA / WPA2).

Bottom line is that security is defense in depth, you have products that can do this without any noticable impact, you should use it. This will complement anything else you have in place today
N/A

Should I encrypt?

Yes encrypt the connection with WPA/PSK, WEP 128 bit, or WEP 64 bit depedning on your router and operating system. In addition I would MAC address filter (this maybe called access control)
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Should I encrypt?

See this thread; http://portal.plus.net/central/forums/viewtopic.php?t=21083

Use both WEP and MAC address filtering, and hide your SSID if the option is available on your router.

This will stop all but the most determined hacker that is targeting you personally.

Using WEP encryption indicates that you do not want your wireless network used by others. Some people see a non encrypted network as invitation to share.

Chilly
cfroggett
Grafter
Posts: 38
Registered: 30-07-2007

Should I encrypt?

hiding the SSID and using MAC filtering does increase security, but at the loss of easy config, like I said, a single home setup I doubt anyone is really going to attack you, unlike a business / corp setup where that is a lot more likely (war-chalking).

Just having WEP normally puts neighbours off. I don't hide my SSID (security through obscurity is not really security), and I don't use MAC filtering as I tend to have a lot of house guests who arrive and use their wifi laptops etc. But then, if it was just me, then yeah I would probably do mac filter. Depends how paranoid you want to get.

Another thing is to reduce the power output of your wifi router - helps decrease the "outside your home" distance that people can connect. I stay in the Hilton in NY a lot, and on floor 40 or above I can see approx 25 WiFi networks, 75% of which are opening for sharing
N/A

Should I encrypt?

Anyone with any knowledge of using monitor mode in linux will know that hiding your SSID doesn't really help, as for MAC filter, it's very easy to change your MAC to an accepted one :-)

As for WEP and WPA, both are crackable, WEP being weaker but WPA not being totally safe, i'd stick to WPA2 if I was you, I'm not sure on the differences between WPA and WPA2 but that's the safest at the mo.
cfroggett
Grafter
Posts: 38
Registered: 30-07-2007

Should I encrypt?

agree with all your points - like I said, depends how paranoid you think you need to be with your neighbours!
N/A

Should I encrypt?

If you use MAC filtering, is there any point in encryption?
cfroggett
Grafter
Posts: 38
Registered: 30-07-2007

Should I encrypt?

Quote
If you use MAC filtering, is there any point in encryption?


yes - extremely easy to snoop your MAC address, then pretty much every operating system these days lets you re-program yours, hence I spoof you, easy.
N/A

Should I encrypt?

Would I not notice if you spoofed my MAC address? Surely that would lock me out of the network?
And if was locked out of the network, there'd be nothing for you to snoop...
cfroggett
Grafter
Posts: 38
Registered: 30-07-2007

Should I encrypt?

Quote
Would I not notice if you spoofed my MAC address? Surely that would lock me out of the network?
And if was locked out of the network, there'd be nothing for you to snoop...


not necessarily, its authenticating on MAC address to access the network, WiFi is "broadcast to MAC addresses" so I can see everything, and also request services. Worst case is that you may see an application stop working as I'm interfereing with service ports, but you'd probably not notice. Your box would only see one "MAC" address so it would only list one client.

I've never tried it, would be interesting to hear from someone who has, but theoretically the above would hold due to the broadcast of WiFi.

On a switched LAN it would error, as you have 2 "hard" ports, each broadcasting the same MAC. A switch works on MAC addresses, so when it has 2 that are the same on the same switch fabric it must error and send an alert, usually it shuts down the MAC port which was the "new" joiner and the old one stays live.