dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7417
share rss forum feed


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to Reno7

Re: WPA2 password advice - for my mom

Why am I the only one noticing what a cheap bastad hes being by sluffing off his old router on his mother. When I give relatives products its the good stuff. (If its not good enough for me, its not good enough for family).

I would get a wifi router or another AP or something with a built in guest wifi (or multiple essids etc). That way your mother can have her connection set and written down somewhere but doesnt have to remember a damn thing. Same with guess essid and password. Then ensure that the AP or the actual router have a way of isolating the guests to the internet only.

Oh wait, I have a netgear RT314, IM going to give it to Sooner Al, as a gift to a senior. ;-P
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to DelmarPip

said by DelmarPip:

hey reno dont use any security at all just use that thingy that only allows the macs you set up to be able to use the wifi and forget about security its just a waste of time anyways

but this is just my advice you dont have to do this do what you wanna do cuz to be honest i turn off the wifi at night

Hey Delmar, I thought South Padre Island was a name of a prison?

Seriously, other than conserving power, hate to break the bad news but most hacking is done during the day. Furthermore, mac addresses can be spoofed very easily by 12 year olds and they are not enycrypted. mac addresses = no security.
If you need a simple analogy, think of it as having a porch light on next to an unlocked door. Wow, turning off the porch light will miraculously deter crime. In other words it has no effect on the security of the door. LOCK THE EFFING DOOR PIP!!!! forget about turning the light off. LOL
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

I would only use MAC security for bridges, ie just to help ensure that only the 2 bridges were talking, I wouldn't depend on it to keep people out thats what WPA2 is for



DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to Anav

For me if I were to give a relitive a wifi router I wouldn't give one of the ones I use not for being cheap just because I don't think any of them would want to learn to use cisco IOS to configure it.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Why would anyone in their right mind want to learn cisco IOS. The ADSM gui is just fine and a picture is worth a thousand cli commands.



DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

You can get more accurate and better configs by knowing what your doing.

All the config's I've seen from that tool are bloated and over all crappy.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Well thats funny because the commands on the run config are the same whether or not you create them via the gui or cli commands. Thus I cannot credit your comments with any validity. What I think your referring to is the fact that they handle nat differently on 8.43 and beyond and it seems to confuse the crap out of so called self proclaimed cisco experts more used to previous versions.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5
reply to Anav

said by Anav:

Oh wait, I have a netgear RT314, IM going to give it to Sooner Al, as a gift to a senior. ;-P

Ha Ha...

Just wait till the AARP police get hold of you...
--
"When all else fails read the instructions..."
MS-MVP Windows Expert - Consumer


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to Anav

In the past I've had ADSM generate a config and then on review of that config I tossed it and made my own, mine had lower CPU and MEM usage and better performance.

those easy configs tend to have extra crap that someone with real knowledge wouldn't bother with (like sometimes settings for features your not even using on the given router, or ACL's that can be simpilified to do the same with fewer lines)

sorry if you've not come across good cisco techs in the past that could actually improve crappy auto configs.


twixt

join:2004-06-27
North Vancouver, BC

3 edits

1 recommendation

reply to Reno7

said by Reno7:

Next weekend I'm going to setup WiFi at my mothers house. I'm going to upgrade to a higher end router and giver her my old router and use WPA2 Personal.

Myself, I've always used a randomly generated 63 ascii character password (which the only negative is typing that sucker into a cell or something where you can stick it on a text pad and paste it in).

My mother has a lot of family and close friend visitors with a few that occasionally stay the night. They are going to be using the WiFi.

So, I'm trying to figure out exactly what to do for a password. I'm not around to watch her network, so I want something secure, but I also need something that's easy for 'guests' to type in.

Any thoughts? Like maybe some kind of sentence or phrase that's easy to type? Thanks!

-

Hi, Reno. Currently, the most secure reasonably-easy-to-remember password/passphrase design involves the use of a three-to-five-word assembly of unrelated words - with the words concatenated together.

Have your mom pick three words at random that she can remember. String the words together in a random order. That becomes the password/passphrase.

-

Important things NOT to do:

1. The dog is not one of the words.

2. Her street is not one of the words.

3. Husband's name is not one of the words.

4. Mother's maiden name is not one of the words.

4. You get the idea from the above - the words are *not* ones that are readily deducible by strangers using publicly available information. Non, nil, nix, nicht, nein, etc., etc., etc...

-

Example:

1. A vacation destination your Mom found memorable (IOW, the one that comes to mind first when she thinks about it)

2. Something about her best elementary school friend that immediately comes to mind when she thinks of that person.

3. The name of the spice she uses to make her favorite dish.

Have her string the words together in a pattern that she remembers. Whatever order comes to mind for her first.

-

Suggestions for improved security:

1. At least one of the words should be in a language which is unrelated to the others. Such as, one word in Hungarian and the rest in Spanish (if she is a native Spanish speaker).

2. Use other examples than the ones I suggest above. Those were just ideas to get you thinking on the pathway to getting random unrelated words that are easy to remember.

Doing the above will end up with a passphrase that is resistant to dictionary attacks - and is complex enough that it resists brute-force cracking methods - while remaining easy to remember.

-

Once you have this, write a document that contains all the Router information:

1. SSID

2. Admin Password

3. User Password

4. WLAN Authentication/Encryption Scheme (WPA2/AES only)

4. WLAN Passphrase

PRINT THE DOCUMENT. ERASE THE DOCFILE. Defrag the machine to overwrite the docfile such that it cannot be recovered.

Keep the Document in a safe place - NOT related to the Computer. With her other important documents is logical - that way it will be remembered if/when she forgets the passphrase.

Note: Keeping stuff like passphrases on USB keys is unreliable. If you do so - in order to have a backup of her document - have a paper backup as well.

-

Physical Security considerations:

1. The Router itself must be physically located where it cannot be tampered with unobserved. A room that can be locked is best. This is especially necessary with computer-savvy teenagers - who will simply reset the router and use it unsecured if they have physical access to the unit.

2. Do not expect your mom to be savvy about risks regarding friends-of-friends. Make her aware that the Router password is the electronic equivalent of her front door house key. This does NOT get released into the hands of people your mom does not personally know and trust.

3. Teach your mom how to disable the radio on her Router (or at least how to turn the Router off). Get a promise from her that she will disable the radio (or turn the Router off) the moment she discovers someone untrustworthy has had access to either the router or her machine(s). She is also to promise she will contact you to have the WLAN passphrase regenerated and redocumented if it is compromised.

-

Final comments:

1. There is way too much info from so-called "experts" in Security that is folklore, fantasy and fiction. Resist the idea that "security" is utterly compromised if your passphrase is not incomprehensible gibberish containing characters that you can't even type on a keyboard. This is nonsense.

2. Any good router that will do WPA2/AES is all that is required to be secure. However, it is important to be able to DISABLE all other transport schemas (such as WPA/TKIP, WEP or WPS) - since these can be compromised in seconds to minutes.

Note: Currently, only WPA2/AES is secure and as such, this is the only scheme that can be permitted to be used. If anybody whines because their favourite toy won't connect that way, tough. Get new toys. Do not allow your mom to compromise the security on her system to accommodate any friend, relative or such. There is no replacement for the ability to say NO - and the backbone to stick to that.

3. The longer a passphrase exists without being changed, the higher the probability that info will get into the hands of someone it should not. Changing the passphrase after "the family and kids" have visited for 2 weeks - and left to go back wherever they came from - is a really good idea.

4. Security is not compatible with complacency. Security is not convenient. Breaking security is supposed to be hard. If friends and/or family get annoyed with the above requirements - it indicates they don't take their own security seriously. As a result, they won't take your mom's security seriously either. Thus, she needs to be mindful that if they aren't trustworthy - it is appropriate that she deny access to her network.

Hope this helps.