| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89380 | 2008-04-29 04:20:00 | Wireless LAN's - to encrypt or not to encrypt | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 663852 | 2008-04-29 04:20:00 | What do you guys do for your WLAN's in terms of locking them down. And more specifically, what is the consensus on WPA's effect on throughput? Does it slow things down at all? I must admit I don't bother with encryption - I just: - change the default router IP and admin username/password - enable MAC filtering - use a nonsense SSID and disable broadcast - shut my router off when I'm not using it (don't always remember to do this!) |
nofam (9009) | ||
| 663853 | 2008-04-29 04:27:00 | I personally use WPA or WPA2 on all setups now, generate a massive password and copy it into a txt file in their my docs. I can't hack it. Hiding the SSID and using Mac addy filtering will stop all but the most determined people. Hiding the SSID works well, but is not really feasible for everyone. I haven't noticed any difference in performance with an encrypted network. |
wratterus (105) | ||
| 663854 | 2008-04-29 04:48:00 | Performance depends on your hardware - if you have a router with good crypto acceleration then encrypted performance should be similar to unencrypted, however if the router lacks this then throughput will start to crawl... Personally I use WPA2-PSK on my network, and sometimes WPA-EAP if I can be bothered configuring it. Keys are 64 chars of random mush generated by piping /dev/urandom through md5sum. |
Erayd (23) | ||
| 663855 | 2008-04-29 05:32:00 | My WPA encrypted wireless network performs just fine. Encryption does not exist to secure your network (you are doing that ok with passwords etc), encryption exists to secure your data. At the moment all wireless traffic you are generating can be examined by someone who knows what they are doing. For example if you interact with your router using http or telnet, the username and password used to access your router will be broadcast unencrypted and therefore easily captured. |
AvonBill (11358) | ||
| 663856 | 2008-04-29 08:40:00 | I use WEP along with MAC filtering and limit the number of connections possible. I also set the IP's to never expire for each client connected so even if my lappie's not connected the router won't assign the IP to a new machine. I also have my router's firewall enabled and there is a software firewall installed on each client PC as well. Having said that if someone wanted to hack your network they would do it. I've had more attacks through my router (with wireless disabled) than I do with the wireless switched on. At then end of the day encryption is a good idea along with any other form of security you can setup... rather safe than sorry if you ask me. Cheers, |
chiefnz (545) | ||
| 663857 | 2008-04-29 09:44:00 | Both WEP and MAC filtering can be cracked in a matter of minutes by somebody that knows what they are doing. WEP should only be used as a last resort when WPA or WPA2 is not available. Many WAPs firmware can be upgraded to use WPA if they have WEP only. See video.google.com | johnd (85) | ||
| 663858 | 2008-04-29 09:48:00 | I use WPA2, MAC address filtering and stop SSID broadcasting. Plus I change the codes every week or so and also have a separate network for guests where they cant access any of my computers. Full firewalls on each computer and I also insist that my guests have one before they get on and of course the firewall has its one on. |
beeswax34 (63) | ||
| 663859 | 2008-04-29 21:23:00 | You should all read this article (blogs.technet.com) and the comments. The author links to another article on "Why Identity and Authentication Must Remain Distinct" which I also found useful. | AvonBill (11358) | ||
| 663860 | 2008-04-30 02:03:00 | If you have quality hardware (access point and client adapter) with hardware accelerated encryption, there is no impact on throughput. I would always enable encryption. If you dont, there is nothing stopping from other people from using your internet bandwidth. |
utopian201 (6245) | ||
| 1 | |||||