| reply to stevech0
Re: securely mixing WEP and WPA - two routers required? Steve: please can you clarify how the access point would be connected to my original ADSL router? Would it just be hanging off a LAN port, and configured to be on the same subnet?
And just for clarity - the solution you are proposing won't isolate my WEP LAN from my WPA LAN will it?
I take your point that there are steps I can take to make my WEP network more secure, but my inquiry is specifically about the scenario where my WEP has been hacked. How far can I protect the rest of my network in this event?
If I don't take measures to isolate the WEP from the WPA network, then from a security perspective I might just as well set the entire network to WEP, no? |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | An access point with multiple essids will do the job.
Case in point
»www.us.zyxel.com/web/product_fam···A2007128
Ensures defined WIFI groups such as guests, only have access to the internet and not other PCs LAN devices etc..
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
| reply to LiquidEyes
said by LiquidEyes:Steve: please can you clarify how the access point would be connected to my original ADSL router? Would it just be hanging off a LAN port, and configured to be on the same subnet? And just for clarity - the solution you are proposing won't isolate my WEP LAN from my WPA LAN will it? Me, I'd just use WEP128.
Access point connects via CAT5 cable to a LAN port on your router or a switch. |
|
|
|
| quote:
Me, I'd just use WEP128.
Actually it is WEP 104, not 128 but but why bother? WEP 104 bit can be broken using the same tools in the same amount of time as WEP 40 bit. So why bother with the extra bits since you are not concerned about security anyway. |
|
| said by whynot40 : quote:
Me, I'd just use WEP128.
Actually it is WEP 104, not 128 but but why bother? WEP 104 bit can be broken using the same tools in the same amount of time as WEP 40 bit. So why bother with the extra bits since you are not concerned about security anyway. Actually, it is both, and they are the same thing. It depends on whether you include the 24 bit initialization vector in the bit count. |
|
| reply to Anav
Anav, how do multiple ESSIDs help me?
Creating 'wifi groups' may prevent the layman from logging into my WEP network, but once somebody is on the WEP section of my LAN (e.g. because I let them, or because they defeated the encryption) what stops them from seeing everything else on the LAN?
I'm already using one access point, and it completely merges all my wifi-networked and ethernet-networked PCs into a single network. The AP's ESSID is different from the router's SSID, but none of my PCs 'know' whether any other PC is wired or wireless.
(I have my ADSL router in room A where the telephone line is. In room B I have a number of PCs connected by gigabit ethernet, and they all share a wireless access point, which in turn talks to the router in room A. There are also a couple of PCs in other rooms which have wifi cards and talk to the router directly. Every PC can see every other PC. Everything has an IP address on the same subnet - at the IP level, there is no distinction between a wireless NIC and a wired NIC.)
A number of the suggestions posted here appear to be ways of improving the security of a WEP network at the wifi configuration level, which is great - but ultimately, don't encryption and ESSIDs go out of the window once the WEP network has been hacked?
As a thought exercise to illustrate my point more clearly: imagine that instead of a WEP network, I've got a totally unsecured wifi network - with no encryption or protection whatsoever - and I want my ADSL connection to be shared by both my secure WPA network and the unsecured network. Exactly how would I go about that? |
|
| reply to Tom Blue
quote:
Actually, it is both, and they are the same thing. It depends on whether you include the 24 bit initialization vector in the bit count.
As defined there is a 40 bit or a 104 bit secret key which has the public IV concatenated to it to produce the input for the PRNG. So if you are referring to the key size WEP 104 is correct. If you are in marketing and want to "prove" to your customers that your product you call it WEP 128 without mentioning that the key size is only 104 bits. |
|
2 edits | It is referred to both ways in the literature, in user manuals, and in product descriptions. To clarify to people who read this stuff and may become confused,
40 bit is identical to 64 bit WEP, and
104 bit is identical to 128 bit WEP.
It has nothing to do with marketing, unless the marketing person is an idiot. It has to do whether you are describing the raw key that is entered (by a user, for example) or the length of the string of bits as transmitted over the wire. |
|
| said by Tom Blue:... unless the marketing person is an idiot... a redundancy of terms? |
|
| reply to Tom Blue
quote:
or the length of the string of bits as transmitted over the wire.
Please explain this. I must have missed the part of the 802.11 spec where the 104 bit key is transmitted over the "wire". Only the 24 bit IV is sent and it is not part of the key. As previously described the 40 or 104 bit key is concatenated with the 24 bit IV and used as input to the PRNG which in turn generates the encryption key used in the RC4 algorithm. I would appreciate it if you pointed out where the key or the key concatenated with the IV is transmitted over the "wire". |
|
| said by Lasko :
Please explain this. I must have missed the part... Come now... Do you really think anybody gives a shit ? Start a new thread. You are off topic. |
|
