What wireless security settings?

Help Support HMEM:

Omnimill

Well-Known Member
Joined
Oct 29, 2009
Messages
1,090
Reaction score
46
I've just bought and hooked up a Netgear 3500L wireless router in preparation for iPad2 when it arrives. The Netgear paperwork says to use the highest security level but this reduces the throughput so I'm wondering what setting to use for good performance/security?
The options are, in increasing security:

None!
WEP
WPA-PSK (TKIP)
WPA2-PSK (AES)
WPA-PSK (TKIP) + WPA2-PSK (AES)

Throughput is:

Up to 54 Mbps
Up to 145 Mbps
Up to 300 Mbps

Anyone care to offer some thoughts on this?

Vic.


 

Foozer

Well-Known Member
HMEM Lifetime Supporter
Joined
Nov 26, 2008
Messages
1,168
Reaction score
76
Location
Camano Island, WA
Omnimill said:
I've just bought and hooked up a Netgear 3500L wireless router in preparation for iPad2 when it arrives. The Netgear paperwork says to use the highest security level but this reduces the throughput so I'm wondering what setting to use for good performance/security?
The options are, in increasing security:

None!
WEP
WPA-PSK (TKIP)
WPA2-PSK (AES)
WPA-PSK (TKIP) + WPA2-PSK (AES)

Throughput is:

Up to 54 Mbps
Up to 145 Mbps
Up to 300 Mbps

Anyone care to offer some thoughts on this?

Vic.
I use the WPA2-PSK (AES) scheme on a cisco wireless n gigabyte router. Run a movie server to feed the popcorn home box and so far no jitters. did get some pausing with the netgear router

Robert
 

George_Race

Well-Known Member
Joined
Jul 28, 2010
Messages
125
Reaction score
2
There is a simple way of providing probably enough security so that no one will connect and use your bandwidth.

Every computer has a 12 digit code called the MAC address. They look something like this: 28:EF:04:0E:B0:06

All wireless routers allow you to restrict connections to your router by the MAC address. You simply turn that feature on in your router setup and then put in ONLY those MAC addresses that belong to your individual computer hardware.

Anyone who tries to connect to your router will not be able to attach, as they will not have a recognizable MAC address in your router MAC table.

It is usually found under "Wireless MAC Table" in your setup.
George
 

milotrain

Well-Known Member
Joined
Jan 20, 2011
Messages
138
Reaction score
1
Spoofing a MAC address is trivial, I would not count it as security. Additionally it's a pain if any guests ever want to use your wireless network.

First rule of wireless internet connectivity is that it is inherently not secure. There is no way around this. However, in almost all situations WPA2 is plenty secure. Use a longish key with numbers, letters, capitals and symbols and you should be fine.
 

S3MIH3MI

Active Member
Joined
Feb 24, 2011
Messages
39
Reaction score
5
You could do the MAC address but if you ever change your network card or buy a new computer, you will have to add it.
Also if you have anyone come over, like kids grand kids friends, and they want to be able to connect, then this becomes a pain.

I suggest WPA-PSK (TKIP) + WPA2-PSK (AES). the computer must suport the type of connection you are brodcasting to connect. This option offers the 2 most common. Also give your router a simple name, not the default name.
And change the default password (Admin admin ) to your own.
then set it as not to broadcast. This will hide it from most. When you need to connect a PC for the first time you have 2 options.

1 change it to broadcast and auto connect then enter pass phrase. Once connected change it back to not broadcast.

2 If it is not broadcasting, you will need to setup network manually. Then enter the name of your router and pass phrase.


hope this helps
 

shred

Well-Known Member
Joined
Jul 19, 2007
Messages
1,949
Reaction score
6
WPA2 with a decent pass-phrase and you'll be ok, broadcast or not, unless you're a bank or something. For a little while my day job was wireless network security. It's fun and scary seeing how fast you can break into WEP-protected networks. The only downside is if you have older (like 5-10 year old) networking gear, a lot of it doesn't speak WPA2. In that case, use WPA or WEP, turn the power down as low as you can and try not to send anything important over it

MAC spoofing is pretty trivial as others have said. Keeps the neighbors out, but not the drive-by hackers. It also does nothing to secure your data against sniffing.

Also if you can, check around to see who is on what channels and pick an empty one (there are really only 3 totally non-conflicting ones in the "usual 2.4Ghz" band, 1, 6 and 9. Most all routers default to 6, so try 1 and 9 first, then in between if those are all full. Some apps will still have a 'site survey' mode where you can see who is on what channel.
 

Troutsqueezer

Project of the Month Winner!!!
Project of the Month Winner
Joined
Aug 8, 2009
Messages
930
Reaction score
12
Or you could move way the heck out in the middle of nowhere and don't bother with any security settings, like I do. ;D
 

Omnimill

Well-Known Member
Joined
Oct 29, 2009
Messages
1,090
Reaction score
46
Thanks very much for your thoughts on this guys! I've set it on WAP2 at present with a good obscure password with numbers and set it not to broadcast so I expect it should be ok for now.

Vic.
 

milotrain

Well-Known Member
Joined
Jan 20, 2011
Messages
138
Reaction score
1
You should be absolutely fine. The only way you wouldn't be is if someone specifically wanted to get on your network, and that's like locking your house against someone who want's in.

Trout's right on this. The only truly secure way of using wireless technology is keeping people far enough away from it.
 

Latest posts

Top