Om my Vista machine under the security tab of my wireless network properties there is a drop-down list of various security types from which to choose. These include WPA2-Personal, No authentication (Open), Shared, WPA-Personal, WPA2-Enterprise, WPA-Enterprise, and 802.1X. However, there is no WEP option in the list.
Why is WEP option not on the list? I want to be able to use WEP security type for this wireless connection. My router supports WEP. By the way, which security type is more secure anyway, WPA or WEP? I seem to get conflicting anwers on that question.

 

WPA is WAY more secure than WEP. Any idiot with the right tools can break WEP in a matter of minutes. Stay with at least WPA, prefferably WPA2. Dont even waste your time with WEP.

 

Okay thank you for that advice. No wonder the Vista machine doesnt even include the WEP option.

 

My router settings include the option to enter specific MAC addresses in a MAC address Filter List, to only permit the pc's listed in the list to access my wireless network.
If I have that enabled and am using the WPA security setting instead of the WPA2, should I still be reasonably secure?
Reason I ask is because the IPTV box I want to connect wirelessly to my network only supports WPA but not WPA2.

 

Hi,

The MAC filtering will help some, but remember that there is no such thing as perfect security and that the biggest security hole is usually the user. At the end of the day, is not using your IPTV box really an option? Once you have WPA to cover your wireless, I'd focus on hardening the PC itself: virus scan, anti-phishing, anti-spam, etc. And user education, where it sounds like you're already asking the right questions.

regards,
JP

 

I honestly wouldn't bother with mac filtering. It's easy enough to snag a mac address using Wireshark (Ethereal) in just a few seconds, then set a wireless device up to spoof that mac.

Two of the best things you could do to protect yourself on wireless if you're really paranoid.

1. Don't broadcast your SSID, if they can't see your network, they'll be less likely to know it's there. (you will have to setup a profile for that wireless connection on any device that will connect to your network, the "view wireless networks" option won't work anymore, as it won't see it to connect to it)

2. Use a WPA key that's 20 characters or longer.

 

Yes, not using the IPTV is an option I've already decided against. I do already have WPA-2 to cover my wireless, and also already have a good pc protection in place, those that you mention. For one thing, the IPTV box will support WPA but not WPA-2 so I would have to decrease the level of security if I wanted to use the box. Is there a considerable difference in the level of security offered by WPA-2 as compared to WPA?

 

toofer, If I set the router not to broadcast my SSID, can you please advise the steps to set up a profile for my wireless connection and the steps by which I can then easily access/connect to my network with my wireless (Vista) pc since it won't be finding it automatically anymore after that. thanks

 

On the device that you want to connect to the network, right click the little icon in the tray for wireless, go to open network connections. Right click the wireless network connection there and go to properties. (going from memory on XP machine, can't remember off hand for Vista).

Click the wireless networks tab, click add, then setup your network info in the next window. Put in the SSID of the network, make sure you select WPA-PSK (pre shared key) in the network authentication drop down, otherwise it won't let you enter the WPA key. Also select TKIP as the data encryption. Enter your WPA encryption key, remember prefferably at least 20 characters. Click on the Connection tab and put a check in tehe box for "connecte when this network is in range", if you have that option. That should be it, ok out the rest of the windows and give it a minute, if it doesn't automatically connect, open "view wireless connections" and connect it there.

 

I right clicked on the little tray icon for wireless. There was no option to "open network connections". So instead I right clicked and selected the option called Connect to a Network." From the list in the box that then appeared, I right clicked my network and selected properties. In properties are two tabs, one of which is Security and the other Connection. But there is no "wireless connection tab" within the wireless connection properties. Within the Security tab it provides the info that my current security type is WPA2 and that my encryption type is AES. It also shows my network security Key there. With the Connection tab it gives the name of my connection, the SSID, and three checkboxes. One checkbox (checked) says Connect automatically when this network is within range. The next checkbox (also checked) says Connect to a more preferred network if available. The third checkbox (not checked) says Connect even though the network is not broadcasting.
I did not discover from what process I would be able to open "view wireless connections" either. And even if I did discover it, if I'm not broadcasting my SSID then would I even be able to view it anymore?
Also, I was of the understanding that AES encryption is more secure than the TKIP, is that incorrect?

 

Yeah, like I said that was a description for Xp. I'd have to look on my vista box when I get home to give you an exact walk through. I do know that somewhere in the network config on vista, there is a wizard to connect to a new wireless network, and that should walk you through adding all the info.

If you don't figure it out before tonight, I'll take a look at it when I get home.

And yes, AES is newer/better than TKIP. If your devices support AES, use it.

 

BTW, Vista does indeed support WEP, but as been said, it's been broken and shouldn't be used.


To add a network,

Control Panel -> Network and Sharing Center (or right-click the little icon in the system tray and select the same)

Under "Tasks" on the left hand pane, select "Set up a connection or network"

Click "Manually connect to a wireless network" and hit next.

Fill in the required information, and you're set.


But, disabling the broadcast of your SSID does nothing for protecting your network. Just because the beacon transmission no longer contains the SSID doesn't mean your network isn't still using it. Tools exist that will sniff your packets and find your SSID and MAC addresses in seconds. Hiding it will only give yourself problems.

Just make sure you have WPA2 and AES enabled, with an impossible to guess passphrase and you're good to go.

 

Do I actually have to connect to a new wireless network, or just reconfigure or otherwise change settings on my existing one? thanks

 

But in a sense it does add another layer of protection. It may not be alot, but it makes it just that much harder. For those that wouldn't know to look for an "invisible" network, would have one less thing to "play" with.

You'll actually have to "build" the network on your wireless configuration before your computer will even see that network.

 

Right now, with my SSID being broadcast, my wireless computer can see the network. The idea as described, to have to "build the network on my wireless configuration" in order for my pc to even see the network (with SSID broadcast disabled) sounds like a process I would likely need more understanding of before I attempted. It was already somewhat of a struggle for me to finally get my router and "simple" home network configured or set up correctly so it would actually work.

 

I do have WPA2 and AES enabled. And a passphrase that I guess could be considered impossible to guess, but I suppose I could think of something even more impossible as far as that goes. So maybe I'm good to go or close to it anyway.

If you say hiding the SSID will only give myself problems, then I think I won't hide it. I have enough problems already.

Thanks for the instructions/advice.

 

Hiding the SSID will not give you problems, however, if you do not feel like you need the extra layer of security then don't hide it. Like if your closest neighbor is a mile away, then I wouldn't worry about it. However, if you have lots of close neighbors, then it couldn't hurt.

I installed and manage the wireless network for a fairly large healthcare organization and our main networks are hidden. It has never created any problems for us.

If you would still like to do this, I can give you an exact walk through on a Vista box if you like.

 

If he has encryption turned on, then there is no added layer of security by disabling SSID broadcasts. Air sniffers do not look for SSID, they look for packet transmissions by scanning the known frequencies of the 802.11 channels. They can then pull the SSID and MAC addresses out of these transmissions. If someone is going to attempt access to your network, they will know the SSID and MAC addressses without even trying... the air sniffer will report these by default.

The only thing hiding them will do, is inconvenience yourself. It is much better to concentrate your efforts on an impossible to guess passphrase, and keeping up to date with the latest encryption.

 

I would like to at least learn how I can configure the pc on my network (a Vista pc) to automatically connect to my specific SSID without broadcasting the SSID from my router. If I followed the steps as shown here Answer
would I be on the right track? And if I wanted my wireless pc to connect automatically (instead of manually each time) wouldn't I need to check the checkbox? And if I wanted to connect to the network even though the SSID is not being broadcast wouldn't I need to check the other checkbox?