Airpanel WEP security question

[JohnWPB]

I Just purchased an Airpanel a week ago. I am not a network person, so never thought too much about the security, as nothing crutial is being shared.

Living in a condo though, I can see other wireless networks are available. I set my Dlink wireless router to enable WEP at 128 bit.

When I went to set up the AIrpanel, I noticed that only 40 & 100 bit encrytion was available. Going back to the dlink, it has 64, 128 & 256 bit available. Neither one has a similar setting that matches the other one.

I really don't like the fact of having the network available for anyone who wants to use it within range, including browsing the Internet from MY IP addresss!

Any suggestions, or is there something I am missing here?

 

[Rupp]

John,
Another way to accomplish the same thing and not slow down your network with encryption is to use the filters option on your router (if it offers this) I have a DI-624 and you can use MAC Filtering to only allow the MAC address's of your choosing to connect to your LAN.

 

[electron]

Have you tried selecting 100? I was under the impression supports 128 bit, but I have seen it before where the manufacture will list 100bit eventho it is really 128 bit, so I would give it a shot.

 

[smee]

40 and 64 are the same thing. So are 100 and 128. It all depends on which bits they are actually counting.

If I recall correctly, the code that you set (the key) only affects 40 (or 100) of the bits. The rest are fixed (by the vendor).

By the way, is it 100 or 104? 104 is an even 13 bytes.

 

[dcpool]

Rupp is exactly right in what he says as well John. As you said you are not sending particularly 'secret or proprietary' information, you just don't want to share your bandwidth with the world

Using MAC address filtering (also often called an access list) you can do this without 'encrypting' the data that is being transmitted over the air. Depending on your equipment this can be done either at your router AND OR at the airpanel. For this you only need the MAC accdresses of the network cards that will be connecting.

HTH,
Doug

 

[electron]

Keep in mind that mac addresses are easy to spoof, so I wouldn't rely on just that for security, it will only stop people who don't really know what they are doing. WEP isn't perfect either but will definitely help.

 

[smee]

As you said you are not sending particularly 'secret or proprietary' information, you just don't want to share your bandwidth with the world

You may not have private information going across the wireless part of your network, but you are opening your network and all machines on it to the outside world. If there is anything on any machine on your network that you don't want people to be able to get to, you need to be careful. It's not just intercepted wireless that you need to worry about.

The less you protect the wireless part of your network, the more you need to worry about the individual machines - passwords, firewalls, file sharing, etc.

Most of my networking is wired - I have very little traffic on my wireless stuff. But I'm using everything I've got available - WEP, MAC filtering, non-broadcast SSID - to keep others out. Not that I've encountered any problems, I'd just rather not have to worry about it too much.

 

[DavidL]

My "solution" was to move into the sticks where folks don't know what wireless is
And applying all that Smee does

 

[Squintz]

Keep in mind that mac addresses are easy to spoof

This is a little off topic but if mac addresses are easy to spoof then would it be possible to spoof a mac address for use with VoIP? I want to have two adapters active in two differnt locations. Both do not need to be used at the same time but it would allow me to leave my house phone alone while on business. Using the linksys pap2!

 

[JohnWPB]

Thanks for all the advice! I will try the MAC address, and possibly the encrytion to see if there is a negligable loss in speed.

I was in Chicago a few months ago, in a Hotel on the 21st floor. It was in the middle of downtown, adjacent to Oprah's building that she owns and lives on the top 2 floors, and surrounded by a lot of other "close proximity" residential buiildings. I never had to pay for the in room wireless service. I popped open the laptop and there were no less than 8 networks available! I found a couple that were open and was able to use them hehehehe

As for the Airpanel 150, I just verified, the selections are 40 & 100. I also thought this was strange as it dosen't fit the norm, 8,16,32,64,128,256 ecte ect...

 

[smee]

Every so often, I check for wireless networks at work using my PDA (we don't have a wireless network here). I just tried it now.

I found 6 networks broadcasting their SSIDs. Five of them do not have WEP running. They may have MAC filtering, but I'm not going to try and connect to find out.

Of the 5 without WEP, 3 have the SSID "linksys" and one has the SSID "default". The other one is "tmobile" - from the Starbucks across the street. I had to stand in the window to find that one.

 

[electron]

John, did you try selecting 100 (128bit) and configure the router for 128bit? It should work.

 

[dcpool]

Electron,

I am awared MAC addresses are easy to spoof, but how would someone find out the MAC addresses that I have set to be allowed access?

Doug

 

[electron]

Just look for wireless traffic and copy the mac addresses in use

 

[stevech]

Perhaps OBE by now, but Apple's Wireless LAN stuff is by my experience compatible with what the rest of the world calls IEEE 802.11 and WiFi.

They use different terminology.
In 802.11 (except for 802.11i, new), there are but two encryption key lengths: called 64 and 128 bits in WiFi. Apple calls them 40 and 100. They're the same. In OSX, Apple calls the WEP Key the network "password". I found that Apple distinguishes between hexadecimal WEP keys and pass-phrases (alphanumeric rather than hex) - by asking the user to prefix a "$" if the WEP key (password) is Hex.

This is all OK if you are in a homogeneous Apple-only network. I went through this, briefly, in getting an iBook with OSX to connect to an existing DSL+Linksys WiFi WLAN. It worked fine: WEP128 static key, PC and iBook both on the WLAN.

I don't know what an Airpanel is, but I'll assume it complies with IEEE 802.11b.