I replaced my old hardwired router with a new one that includes 802.11G capability in addition to the 4 ethernet connections. I got it mainly for times when I want to use my laptop in the shop, where there isn't a LAN connection. Everything sets up just fine and all computers can talk to each other and the internet just fine. The problem is when I turn on the WEP features to keep someone outside the house from getting into the LAN with their own wireless adapter, I get limited connectivity messages from Windows, and none of the machines (hard-wired or wireless) can get out on the inernet.

OK, can somebody steer me to a basic idiot's guide to implementing security for a wired/wireless LAN? I looked at the US Robotics site (it's their router), but the information is either way too basic or gets lost in a maze of acronyms that must make sense to somebody. I've got too much valuable information stored on the shared LAN drive to let just anybody get at it. What I need is to set up the wireless access so only one or two particular laptops can access it, and also encrypt the data, yet still be able to get out on the net.

With all the industry grousing and warnings that consumers aren't properly securing their wireless access, you'd thinkthere would be a simple guide for doing it. Haven't been able to find one, though.

The hardware works just fine. I can access the LAN through wireless just fine as long as I have none of the security features enabled. I've got the wireless feature disabled right now until I can figure this out. I just don't want to leave my network open 24/7 to anyone.

Regards;
Beanbag

Originally posted by Beanbag
OK, can somebody steer me to a basic idiot's guide to implementing security for a wired/wireless LAN? I looked at the US Robotics site (it's their router), but the information is either way too basic or gets lost in a maze of acronyms that must make sense to somebody. I've got too much valuable information stored on the shared LAN drive to let just anybody get at it. What I need is to set up the wireless access so only one or two particular laptops can access it, and also encrypt the data, yet still be able to get out on the net.
- OK, to only allow certain machines to access your router, you need to setup a MAC Address access list, but I have no idea if your router supports this. Now, every network card has it's own unique MAC Address (though hackers are sometimes able to make their network card have any MAC address they desire). You need to first enable the MAC access control functionality, then enter the MAC address of each network card you wish to allow access, this applies only to the wireless port on your router, not the ethernet connections by the way. Note that enabling an access list will only prevent other machines from connecting to your network, it won't do anything to prevent eavesdropping on your wireless data.

- You should also change your router's SSID (Network Name) from it's default value and configure your router to disable broadcasting of it's SSID, this means a user can only connect to your network if he or she knows your SSID, it's not much extra protection as hackers can also get around this, but it helps.

- Since you just bought this router, does it by any chance support WPA as well as WEP? The reason I ask is that WPA is apparently a lot more secure than WEP, you can read all about it in this Beginners Guide to Network Security (http://www.pcstats.com/articleview.cfm?articleID=1489)

Aha! Someone who appears to know what they're talking about. Bless you (or something like that).

Yeah, the router supports MAC addressing; I just couldn't find an explanation of what exactly a MAC address was supposed to be used for, other than confusing network newbies.

SSID: yep, it gives the option to disable broadcasting it, just never said why one might want to.

Don't know about WPA. I'll check for that in the alphabet soup.

Thanks for the link. I'll look into it and doubtless will be back with more questions.

Thanks again;
Beanbag

That still doesn't explain why you are having connectivity problems with WEP enabled - it should work fine.

I assume that you've enabled WEP on your router and put in a password. You've then put the same password in on your Win XP laptop and it can connect some of the time.

If that is the case, you could try changing the channel on the router. Wireless networking runs over a number of (overlapping) channels. If your wireless router is set to use channel 7 and your next-door neighbour uses channels 6,7 or 8 then you can get performance and connectivity issues where the signal drops out. I'm not aware that WEP makes it worse, might it might do.

You should have a setting on the router to change the channel. The wireless adapter in the laptop should automatically find the new channel so you shouldn't need to do anything to the laptop (a reboot won't hurt).

WEP isn't great, but if you're a home user and mainly browsing the internet, it's probably good enough. Unless you're a heavy user (e.g. big file downloads) someone would have to collect packets outside your house for days or even weeks to crack your WEP encryption. If you see someone trying this, it's probably polite to take them out a coffee and donut from time to time :)

Originally posted by iain
If your wireless router is set to use channel 7 and your next-door neighbour uses channels 6,7 or 8 then you can get performance and connectivity issues where the signal drops out. I'm not aware that WEP makes it worse, might it might do.
I think Beanbag's issue goes deeper than that since he says he loses internet connectivity for all machines on his network with WEp enabled, whether connected via ethernet or wi-fi.

Good point, I'd missed that. No idea, really. The only things I can think of are
1. Beanbag's making some mistake when turning on WEP and some other setting gets changed too.
2. There's an error in the router firmware. Updating the router firmware is worth a try, if there is a newer version available on the manufacturer's website.
3. God is doing it to teach Beanbag a lesson, the nature of which will become clear only after death :)

Originally posted by Iconoclast
I think Beanbag's issue goes deeper than that since he says he loses internet connectivity for all machines on his network with WEp enabled, whether connected via ethernet or wi-fi.


Turning on WEP should have no impact on hard-wired connections. Unless you are playing with more than one setting at a time.

I'm guessing the router is not working right and needs replacing.

Just a quick note to let you know I'm paying attention to the thread. Thanks for the input. I've pulled a bunch of stuff off the net and have been reading my way through it. For now, I just shut off the wireless side of the modem and have been working hardwired while I sift through the materials and your answers.

Most likely, it's something I did while monkeying around with the settings. The good news is that it's REAL easy to reset the router to the factory settings ( log in as administrator and click on a button). I'll be messing with the settings over the next couple of days and will let you know what works.

Nice to have intelligent, warm-body forum support.

Regards;
Beanbag

Another thing to do, if you haven't already, is change the administrator password from the router supplied default, as all hackers know these :(

I also second the advice about using WPA encryption over WEP. WEP is weak (though better than nothing). If you bought your router in the last year there's a good chance that it will support WPA, and just trying that option might be worth seeing if it solves the connection problem. It's simply a case of choosing a pass-phrase and defining the same on the wireless PC.

Turning off the broadcast of SSID is an excellent security feature, but you need to keep broadcast on until you've got the wireless PC connecting ok. Then you'll know that all settings are correct and can safely turn off the broadcast.

You might also want to turn off any MAC filtering suggested earlier until the connection works. Keep the settings as simple as possible at first to give it the best chance or working. In fact, you could even try turning off any encryption initially to see if that helps to isolate where the fault might be.

OK, after a week of fiddling with the wireless router, I threw in the towel and returned it. Never did resolve the issues. The wired portion worked just fine UNTIL the wireless feature was enabled. Then, everything went down -- limited or no connectivity warnings on all machines, wired and unwired. I could occasionally get things to work by disabling all wireless security features and leaving my network wide open with its pants down around its ankles.

I suspect it was an older model, since all it had was WEP. One thing I found out in my research into solving the problem(s) is that wireless appears to be about as smart as leaving your billfold in the driveway. I've got too many private or irreplaceable things on the network to risk wireless, so for now I'll stay wired.

Thanks for all the help. Even though technically not a success, a lot of learning occurred, which is progress.

Regards;
Beanbag

Originally posted by Beanbag
OK, after a week of fiddling with the wireless router, I threw in the towel and returned it. Never did resolve the issues. The wired portion worked just fine UNTIL the wireless feature was enabled. Then, everything went down -- limited or no connectivity warnings on all machines, wired and unwired. I could occasionally get things to work by disabling all wireless security features and leaving my network wide open with its pants down around its ankles.

I suspect it was an older model, since all it had was WEP. One thing I found out in my research into solving the problem(s) is that wireless appears to be about as smart as leaving your billfold in the driveway. I've got too many private or irreplaceable things on the network to risk wireless, so for now I'll stay wired.

Thanks for all the help. Even though technically not a success, a lot of learning occurred, which is progress.

Regards;
Beanbag

This is a bit late, but may be of help to anyone else in a similar situation. If you only had WEP it may be that either your card (in the computer) or the router was only supporting 802.11b, not g. There is an issue with the key lengths on some cards. There are apparently 2 different standards for the encryption key length, if I remember correctly, in one standard the keys have to be 40 bits or 104 bits and in the other they have to be 64 bits or 128 bits. If the lengths of the transmitted and expected key don't match the encryption will simply fail. On some systems it will warn you, and on others it will simply fail silently and not work. I suspect that may have been the problem you had. Windows XP with SP2 supports both key lengths IIRC, but older versions of wireless support in XP only support the 104 bit option - in which case you would have to use a manufacturer's setup utility and disable automatic windows configuration.

Originally posted by Pragmatist
I suspect that may have been the problem you had. Windows XP with SP2 supports both key lengths IIRC, but older versions of wireless support in XP only support the 104 bit option - in which case you would have to use a manufacturer's setup utility and disable automatic windows configuration.

I think you're right. There was a set of instructions with the router that had you "turn off" some Windows features because of some compatability issues. I followed the instructions (as best I could) and it --appeared-- to have done what it was supposed to (instructions written by folks who do this sort of thing every day, and have forgotten what it's like to do it for the first time).

It's a moot point. All the research and information I found basically said WEP is better than nothing, but just barely. I can live with the inconvenience of having to plug in an RJ-45 cable when I need to connect with the home network; I can't afford to lose works in progress on my machines. Yes, I back them up to CD regularly, but I'd lose the revisions made since the last backup, some of which are major.

For now, I'll just hunker down behind the firewall and let Norton AV Pro take care of anything that tries to sneak in. Thanks for the information.

Regards;
Beanbag