05-16-2005, 11:30 PM | #1 (permalink) |
At The Globe Showing Will How Its Done
Location: London/Elysium
|
Wireless/Security Questions?
Greetings Kids,
I have a few questions for the assembled wisdom. Another wireless network as sprung up in the neighborhood. Can a competing network erode or degrade my wireless signal? When I click on my Linksys Monitor, it is detecting a signal that is comparable to my strength. I have WEP enabled and I am a different channel (it appears they don't.) Whenever that signal approachs mine or surpasses mine my connection turns to nothing. I can normally download at 300-240kbs. On occassions such as this, I can only download at 40-60kpbs (uploading isn't even an option.) Is this connection ruining mine? Or is this simply my crappy Comcast connection? Any thoughts, suggestions, info, etc. Thanks
__________________
"But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history." |
05-16-2005, 11:40 PM | #2 (permalink) |
Crazy
Location: whOregon
|
its possible that if their signal is stronger than yours, your client may switch to their network and they might just have a slower connection, or be utilizing alot of their bandwidth. You should watch your connection info and see if you are switching to their network. If you are, you can fix this by either prohibiting your client from connecting to untrusted sources (varies by brand of wireless software your using), or designate it to always use this connection, and specify yours.
two networks shouldn't interfere, especially if they are running on different channels. If you are loosing signal from your network intermittantly, i would try relocating the access point or look for possible interference producing devices (cordless phones, microwave ovens, etc) in the vicinity. Depending on your brand, you might find some relatively cheap antenna upgrades you can throw on your router, or you might also consider getting a power over ethernet adapter for your wireless AP if there is one made for it, and send a piece of cat 5 up into your attic and place the AP up there. Its amazing what a little elevation can do for your signal. |
05-17-2005, 01:45 AM | #3 (permalink) |
Go Cardinals
Location: St. Louis/Cincinnati
|
I would look into other devices that could interfere with your netowkr signal, as well as placement of the router as those two would have the largest contribution to signal quality.
Another option (if your connection is password-protected like it should be), would be to connect to your network, and disable all other connections so your wireless card will not be constatnly searching for other access points.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department. Chris Griffin: That would explain all the gravity. |
05-17-2005, 05:48 PM | #4 (permalink) |
Master of No Domains
Location: WEEhawken, New Joisey
|
Also, 2.4 Gigahertz cordless phones will SERIOUSLY degrade your 802.11b experience. A neighbor with one of these babies could be causing some issues.
What are you using to connect wirelessly? If it is Windows, are you using XP and letting Windows pick your wireless? You can set preferred networks, if this is the case...
__________________
If you can read this, thank a teacher. If you can read this in English, thank a veteran. |
05-17-2005, 08:41 PM | #5 (permalink) | |
Junkie
|
Quote:
Though there are typical 11 (or sometimes 14 depending upon your country) channels in the 2.4Ghz frequency range, only three of these are "non-overlapping channels"; 1, 6 and 11. As you can see from the graphic below, the other channels, whilst distinct, "overlap" with nearby channels. In other words, each channel is about 22Mhz wide, but they begin less than 22Mhz from each other. The only way to ensure that you don't have any interference is to ensure that you choose a channel that is at least 22Mhz from the interfering channel. Put another way, make sure you are at least "5 channels" away from any other channel you can detect if possible (and more if possible). So if they are channel 1, you should choose 6 or preferably 11. Hope this makes sense. BTW, you say you have enabled WEP. If possible, use WPA as WEP is not secure. If you cannot, at least change your WEP key every few weeks. It's good practice. Any more WLAN questions, just ask. Mr Mephisto |
|
05-18-2005, 07:08 PM | #6 (permalink) |
At The Globe Showing Will How Its Done
Location: London/Elysium
|
Wow! There is sooooo much I don't know and sooo much to know. First, I honestly have to idea how I connecting to the network. If its through Windows or not. (I am running with XP SP2). I am so embarrassed. Second, the other network is using channel 6 and I am on channel 4. So I guess I should use 1 or 11. Wow, you think you can get a handle on things and then you open another door and there is another library to learn. Thanks everyone for the help, suggestions, info.
__________________
"But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history." |
05-18-2005, 11:24 PM | #7 (permalink) |
At The Globe Showing Will How Its Done
Location: London/Elysium
|
P.S.
If WPA is the way to go I have WPA Radius and WPA PreShared Key options on my router. Which do I choose and why? Thanks again
__________________
"But a work of art is a conscious human effort that has to do with communication. It is that or its nothing. When an accident is applauded as a work of art, when a cult grows up around the deliciousness of inadvertent beauty, we are in the presence of the greatest decadence the West has known in its history." |
05-19-2005, 01:22 AM | #8 (permalink) |
Addict
|
They're both considered anout as secure. Radius is just a more random password generation.
You will also want to allow ONLY your mac address. Bit of a pain if a buddy turns up and wants to use your router, but it's only a few more clicks to add him. If you use your network card's software instead of the XP wireless wizard, you sometimes get the choice to ONLY detect on a certain channel. Netgear is one such product. It's not nice, but you could possibly read up on connecting to that person's wireless router and reset it for them. If they haven't bothered to secure it, chances are it's still broadcasting the default SSID and from that you can see right away what type of router it is. Most manufacturers use the same admin login and password on all models. (As you can see here) You'd actually be doing him a favour if you secured it and 'turned down the volume' for him. |
05-19-2005, 01:25 AM | #9 (permalink) |
Addict
|
Also check this page for a brief ru-down on securing your own wireless network.
http://www.pcnineoneone.com/howto/80211bsecurity2.html |
05-19-2005, 02:27 PM | #10 (permalink) | |
Junkie
|
Quote:
You can't use WPA Radius unless you have a RADIUS server. Which you won't. RADIUS servers are used by large companies to manage authentication for many users. WPA-PSK stands for WPA - Pre Shared Key. You create a "key" on your laptop and access point. This key is then used to generate dynamic WEP keys, which in turn are further hardened by the use of TKIP (Temporal Key Integrity Protocol). Make sure your key is at least 12 (preferably 20) characters long. And don't use a simple word. Use something random or a mixture of letters and numbers. It will make your WLAN almost impossible to hack. Mr Mephisto |
|
05-19-2005, 02:29 PM | #11 (permalink) |
Junkie
|
Here's a bit more information on securing your WLAN. This is a repost of what I wrote in another thread.
1 - Enable WPA if at all possible Background WPA (WiFi Protected Access) greatly increases WLAN security. It introduces several new enhancements, including TKIP (Temporal Key Integrity Protocol) that mitigates against so-called AirSnort or Wardriving attacks, and MIC (Message Integrity Check) that protects against Man in the Middle attacks. It also increases the WEP Initialization Vector from 24bits to 48bits, which is a huge improvement, as this makes the statistical likelihood of a weak IV being captured much lower. Finally, WPA introduces a dynamic key management feature, which allows for regular and automatic regeneration of WEP keys. Implementation WPA for most home wireless kit will run in WPA-PSK mode. The PSK stands for Pre Shared Key. This is effectively a password that you enter in your Access Point and your client that is used to independently generate new WEP keys on a regular basis. Ensure your passphrase is at least 20 characters long! Caveats Not all Access Points support WPA. This is unfortunate, but is not the end of the world. However... "What happens if my Access Point doesn't support WPA?!!!" Well, you can still follow the steps below. And you should manually setup a WEP key on your Access Point and your client devices. This is a pain, but ABSOLUTELY NECESSARY. You should also change this regularly; at least once every few months. 2 - Change default SSID Background SSID (Service Set Identifier) can be considered analogous to a network name. All Access Points come "out of the box" with a default SSID. Every hacker worth his salt will know the most common SSIDs. Common examples are "Linksys" (for Linksys kit), "Netgear" (for Netgear kit), "Tsunami" (for Cisco kit) etc. Implementation Change the SSID to something more appropriate to you. Your name, favourite band, pet... whatever. Just don't use the default. Caveats None. There is no reason this should not be done. 3 - Disable SSID Broadcast Background SSID (Service Set Identifier) can be considered analogous to a network name. Most Access Points "broadcast" this by default. That is, they advertise the SSID to any listening client devices. This is fine for enterprise networks or "hotspots", but there is no reason to advertise your network to your neighbours. You will know the SSID anyway (see above), so you don't need to broadcast it. Implementation Different for all manufactures, but it should be pretty obvious. Just look for "SSID Broadcast" and disable it. Caveats This should not be considered a security improvement, as it's still possible to ascertain the SSID of a network that is not broadcasting, but it IS best practice. Just do it. 4 - Enable MAC filtering Background All Ethernet devices, including WLAN interfaces, have a MAC address. This is a 6-byte hexadecimal address that a manufacturer assigns to the Ethernet controller for a port. MAC addresses are "lower level" that IP addresses and are used on the Data layer. You can setup your Access Point to only allow certain MAC addresses (ie, certain devices) use your WLAN. In other words, you configure it to only allow your computer (laptop, sister/brother's etc) to associate to the WLAN. This will prevent unwanted visitors from hitching a free ride... Implementation Search for MAC Filter in your Access Point config guide. You will have to go to each computer you will use on your WLAN and note down their MAC address. Make sure you note down the WIRELESS adaptor, and not the wired network card! It's a bit tedious (as a MAC address is a long sting of hex), but it's worth it. Caveats Not entirely foolproof, as experienced hackers can spoof MAC addresses. But it certainly adds greatly to security. 5 - Turn down transmit power Background Most Access Points can transmit at up to 100mW; some even more. Why bother covering more area that you need? There's no point is offering temptation to the people across the street, so you should turn down your transmit power to the lowest level that sufficiently covers your house/apartment. Implementation Different for every manufacturer. Check your user guide. Caveats You may need some tweaking to get it right. If you do, then congratulations. You just carried out what is called a "Site Survey" in the industry. Soon, you'll be doing this for a living! 6 - Change the admin password Background All Access Points come with an Admin account and password. You would be surprised at how many people leave these as the default ("Admin" and "Admin" for Linksys kit for example). You should change the password to something only you know as soon as you can. Implementation There shouldn't be any problem doing this. Just look for the Admin or Account Management section on your configuration page. Caveats Make sure you note down what you change the Admin password to!! 7 - Change default IP address Background Most access points come with the default RFC1918 IP address of 192.168.1.1. Most hackers know this. Bad combination. Try changing the IP address to 192.168.x.1, where x is a random number between 2 and 254. Implementation Different for every manufacturer. You should be able to do this from the Admin web-page for your access point quite easily. Caveats Remember than when you change the IP address of the router, you will have to remember the new one when you access it again via a web-browser!! Of course, that's the whole point, but just dont' forget it. Chances are, once you make the change, the current web session will no longer work and you'll have to start another session; you just changed the address after all. 8 - Reduce the size of your DHCP Background DHCP (Dynamic Host Configuration Protocol) is a system that dynamically provides your clients (ie computers) with an IP address every time they join a network. In simple terms, your computer gets an IP address from your access point, and you don't have to worry about messing around with esoteric network settings. IP addresses are assigned from a "pool" of available addresses. The AP has to ensure it doesn't give the same address to two computers, or there would be problems. This "pool" of addresses often has up to 254 addresses available. Most home networks have only a handful of computers. By reducing the number of addresses in the DHCP pool to exactly the number of computers you have, you reduce the liklihood of a hacker gaining access to your network. They simply won't get an IP address in the first place. Implementation Again, this is different for every manufacturer. It is usually in a "Network" or "DHCP" section on your AP configuration web-page. Caveats None really. Just make sure you have enough IP addresses left in your pool for your computers. Remember that reducing the pool to the exact number of computers you have means that "friends" as well as hackers and freeloaders won't be able to use your network either. If you have visitors that come to your home to use the network often, then this may not be suitable. Any questions, please feel free to ask. Mr Mephisto |
Tags |
questions, wireless or security |
|
|