rlocone
Honor Our Heros, Our Armed Forces
Premium
join:2002-04-10
Kokomo, IN
| [XP Pro] Setting WPA2?
Hello All!
I was setting up a Linksys wrt54g yesterday. XP was giving me some lip about the key must be 5 or 13 characters long. In the router I selected key shared, and WPA2 personal with TKIP+AES. Windows would not work properly. Once I turned off the security it worked correctly.
What is the best setting to configure the router and for windows to work with the tight security?
Right now the router is set up with SSID broadcast to OFF, and MAC filtering is enabled. Also, I changed the default SSID. Also, I changed the default password.
Any help would be appreciated.
--
»www.solar.maximum.com |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
 ·BTOpenworld
| put back the ssid broadcast on and enter a complex phrase, exactly the same, longer than 20chars in both the router and comp. Any simple phrase less than 20 and that WPA2 connection can be broken into.
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006 |
|
rlocone
Honor Our Heros, Our Armed Forces
Premium
join:2002-04-10
Kokomo, IN
| Turning on the SSID would give it away. I don't want the WAP to come up on someone elses scans. If you don't the SSID. You are ass out. Are you kidding? WPA2 is easy to crack? I thought it was better then WEP?
--
»www.solar.maximum.com |
|
dspalding
join:2003-10-29
Durham, NC
 ·Dreamhost
1 edit | reply to rlocone
Hiding your SSID is false security, it protects nothing, and can complicate authorized connections. Just make your SSID cute and unique (see the other thread here about SSID names), and on a channel unique from your closest neighbors. (Do a scan. If everyone else is on channels 6 and 7, pick 9.) Can't think of one, use "BetelgeuseLives" (SSIDs are case-sensitve, btw).
I've had problems with Linksys' TKIP+AES. Stick with one. AES if all your adapters will support it, TKIP if not. Use a passphrase 20-30 characters, with numerals, uneven capitalization, and one or two punctuation marks, and you're as secure as Fort Knox. People seeing your SSID will not weaken you in the slightest.
If you haven't read the forum FAQ, DEFINITELY spend some time with that. Many questions and misconceptions cleared up in it.
BTW, WPA2 with a passphrase less than 20 characters is not easy to break. But with more than 20 is a good idea. Yes, WPA is a solid improvement over WEP like a Star Fleet shuttlecraft is an upgrade from a Yugo. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
|  reply to rlocone
Personally I use WPA-PSK (AES) with a long 63-character random ASCII key. Here the generator page...
»www.kurtm.net/wpa-pskgen/
--
"When all else fails, read the instructions..." |
|
rlocone
Honor Our Heros, Our Armed Forces
Premium
join:2002-04-10
Kokomo, IN | That is total coolness! Thanks for the link!
--
»www.solar.maximum.com |
|
A4DMofoka
@66.227.x.x
| Well I have a netgear router and I use WPA-PSK [TKIP] + WPA2-PSK [AES].
I have disabled the broadcasting of the SSID but I also limited the amount of computers connecting to the router by restricting the ip range to just three computers. I also added address reservation based on the mac addresses so that only the computers with the mac addresses will get the one of the three ip's available.
That is about as secure as I get....
But I also live in the country and on 15 acres and if someone war driving can get signal from the street in front of my house then have at it but stay still long enough for me to squeeze off this round. >:) |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
 ·Comcast
| reply to rlocone
If you're using a WRT54GS, you might want to try also using WPA instead of WPA2. If you're using AES encryption explicitly, the two offer essentially the same encryption.
I had significant problems with a linksys wireless NIC until I fell back on WPA-PSK AES instead of WPA2-PSK AES/TKIP.
MAC filtering is as much of a waste of time as disabling SSID broadcasts. It's been beaten beyond a bloody pulp by perpetual argument, and even just mentioning it creates discussion. Essentially, it offers no additional security and obfuscates the authentication process.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB. |
|
dspalding
join:2003-10-29
Durham, NC
·Dreamhost
| reply to A4DMofoka
On the scale of security effectiveness, WPA compared with MAC addr. filtering and SSID broadcast OFF is ....
...SSID off...MAC filter................................................................................WPA.
 |
|
