Wireless Router Options

[mouettus]

http://www.futureshop.ca/catalog/proddetail.asp?logon=&langid=EN&MSCSProfile=3C79F0C7EA3162B2CBD0FBE711EB53EB42F8B304C028EA4212A0EB4DC71C45EA754E7D71DECFBB51822FE5D2FB2A3E7A1DCFCDA6C723B59486383EDD47522DCF35FBF0BFE1A3DE7870589AAF69B39E203F42333AB1399C530400BEFF3642EACA9E706F2694D3852FBEFFF996D136BA6B9AEA50335B3A12F8&sku_id=0665000FS10076846&catid=19994

Great value. In stock in Ottawa right now.

Done.

I have no "N" equipment at home. Would it make it more reliable?

 

[jonnythan]

I have no "N" equipment at home. Would it make it more reliable?

Don't mind the "N" designation. 802.11N routers are compatible with both G and B with no issues whatsoever.

 

[Reorx]

We've had this kind of discussion many times and it always goes the same way. Buy a Linksys, no they suck. Buy a Netgear, no they suck, etc.

I have always used NetGear. It's just one of those things...the first wireless router I ever bought was a NetGear and it worked fine for years so I just stick with NetGear.

Yup. It's a wireless mess out there. There are so many incompatibilities (between devices, and companies) out there, standards are always changing, and companies are merging and splitting.

Conclusion: Every wireless router has it's pro's, con's, and misc quirks. None of them are perfect. Even the $2000+ Access Points from Cisco.

So what do I do?

1. What is your budget?
2. What wireless devices do you currently have? (B/G/N/A, all 4?)
3. What routers are available in your area? (you mentioned you wanted to buy locally).
4. What's the max distance you would like to be from the router?
(lol, this is just like buying a receiver. what speakers, and separates do you have? budget, availability?)

Securing your wireless network.

Sure this is easy to say, (and do) but... I still have wireless devices that get used everyday in my house that can only do 802.11B-128bit WEP, and my son's Nintendo DS will not attach to an access point unless it is broadcasting it's SSID. So what do you suggest?

Broadcast your SSID, use WEP (takes 3-5min to hack), set your DHCP IP Pool to the # of devices you have (3 devices, 3 assignable IP addresses), and assign IP's to the MAC's of your devices. Also very important...on the router change your default admin and user passwords. Try not to have a bunch of unpassworded share's on your pc's. Make backups of your important data.

There are always ways to hack into a system though. The stuff above will detour most of the 8-15yr olds hackers.

Newer security maybe available for your devices through a bios flash.

Hope this helps some.

 

[jonnythan]

Securing your wireless network.

Broadcast your SSID, use WEP (takes 3-5min to hack), set your DHCP IP Pool to the # of devices you have (3 devices, 3 assignable IP addresses), and assign IP's to the MAC's of your devices. Also very important...on the router change your default admin and user passwords. Try not to have a bunch of unpassworded share's on your pc's. Make backups of your important data.

There are always ways to hack into a system though. The stuff above will detour most of the 8-15yr olds hackers.

Newer security maybe available for your devices through a bios flash.

Hope this helps some.

I'm sorry, this is awful advice.

Do not use WEP. Do not use WEP ever. Unless you want people sniffing your traffic and passwords. WEP, with any key at any strength, can be cracked in a matter of minutes with any number of free, common tools.

Do not set your DHCP IP pool to the exact number of devices you have. This does not affect someone who wants to break in and will just cause you headaches when a device resets or a friend comes over and wants to use your network.


Use WPA or WPA2. Use a long, complicated, non-dictionary key for the WPA key. "Dictionary" WPA keys can be broken. WPA with a long, complicated key cannot (yet) be broken.

Use a large DHCP pool.

It doesn't matter if you broadcast your SSID. I do for convenience. Some don't. Whether it's "broadcast" or not, any simple software package can pick it up. Many vendor-provided wireless software utilities recognize non-broadcast SSIDs just fine.

Definitely change the admin password on the router.

 

[10010011]

I'm sorry, this is awful advice.

Do not use WEP. Do not use WEP ever. Unless you want people sniffing your traffic and passwords. WEP, with any key at any strength, can be cracked in a matter of minutes with any number of free, common tools.

Do not set your DHCP IP pool to the exact number of devices you have. This does not affect someone who wants to break in and will just cause you headaches when a device resets or a friend comes over and wants to use your network.


Use WPA or WPA2. Use a long, complicated, non-dictionary key for the WPA key. "Dictionary" WPA keys can be broken. WPA with a long, complicated key cannot (yet) be broken.

You missed the point too. I mean you are both correct to use the strongest security possible.

Like I said 128bit WEP is the strongest level of security many wireless devices still offer.

Here is what I do.
Use DD-WRT firmware in my routers with strong admin password
128bit WEP
MAC level access control (Only MAC's I set get wireless access)
Broadcast my SSID

I know it is far from perfect, but there are so many wide open access points around here. I just do not see anyone taking the five minutes to crack my network when they can hop right on my next door neighbors.

 

[solomr2]

If I was buying a new router at this time I would go with the "N" spec, mostly because they're faster, and they cover a much bigger area (more than double that of G). For the money at this point, they are not much more expensive than B/G routers, so for the extra few dollars you will get a better solution. However, there is a small caveat that the "N" spec is not yet finalized, so whatever you buy today may require some patches in the future when the spec is finalized. But I wouldn't worry about this, virtually all the routers now are guaranteed by the manufacturer to work with the final spec or they will replace them.

Personally, I've been using Netgear for the past 4-5 years. They've been pretty reliable for me, and they offer real Stateful Packet Inspection (SPI) as a true firewall should, so it can detect hackers better. In fact, if you are really paranoid, you can set it up to email you whenever it detects suspicious activity.

I'm not a fan of LinkSys, too many problems. I personally went through 2 in short order, and I have friends that had problems with them, so I've put them on my boycott list.

 

[solomr2]

I'm sorry, this is awful advice.

Do not use WEP. Do not use WEP ever. Unless you want people sniffing your traffic and passwords. WEP, with any key at any strength, can be cracked in a matter of minutes with any number of free, common tools.

Do not set your DHCP IP pool to the exact number of devices you have. This does not affect someone who wants to break in and will just cause you headaches when a device resets or a friend comes over and wants to use your network.


Use WPA or WPA2. Use a long, complicated, non-dictionary key for the WPA key. "Dictionary" WPA keys can be broken. WPA with a long, complicated key cannot (yet) be broken.

Use a large DHCP pool.

It doesn't matter if you broadcast your SSID. I do for convenience. Some don't. Whether it's "broadcast" or not, any simple software package can pick it up. Many vendor-provided wireless software utilities recognize non-broadcast SSIDs just fine.

Definitely change the admin password on the router.

I agree with most of this.

WPA keys are better for security than WEP. Use a good long key, non-dictionary, with alphanumeric characters.

MAC Filtering is also a good step, but as noted it can create a bit of hassle if you want to let a friend or guest use their laptop since their mac is not in your list.

I don't like to broadcast my SSID. This is typically the first place a hacker will start, so if they don't see your SSID they may just move on.

Definately change the admin password and if possible also change your default device name.

If you suspect someone is likely to try and hack you, you can use a router with SPI and have it alert you when somthing suspicious is going on.

Finally, the best way to avoid being hacked is to turn it off! If you're not home and you don't need your computers on for anything, just turn them off. Besides saving energy, I don't think anyone has yet figured out how to hack a computer that has no power going through it.

 

[Reorx]

jonnythan, and solomr2,
You guys should really read the whole thread, and not just the last few posts.
Above is a earlier quote from 10010011. I bolded and underlined the parts you missed.

Sure some of the older Linksys was a little better and had more memory, but DD-WRT fixes many of the Linksys short comings. I also will have to say I have had nothing but bad experiences with Netgear hardware.

Sure this is easy to say, (and do) but... I still have wireless devices that get used everyday in my house that can only do 802.11B-128bit WEP, and my son's Nintendo DS will not attach to an access point unless it is broadcasting it's SSID. So what do you suggest?

Also, on my post...

Newer security maybe available for your devices through a bios flash...

Some security is better then none. If a newer security protocol is available through a flash, then he can update his network security for his devices. Ideally yes, WPA2 with 256-bit AES, and a non-broadcasted SSID.

As for DHCP and MAC Filtering for visiting friends...it takes less then a minute to login to your router, and make the necessary adjustments. I'd have to disagree with your practice of using a large DHCP pool. And yes it does affect hackers, though not much. It depends on the hacker's tools and knowledge.

Reorx

 

[jonnythan]

The best idea for the DS is to use a separate, firewalled wireless access point or one of the Nintendo USB dongles only when the DS is in use.

Compromising your entire network by using WEP on all of your wireless devices is foolhardy and you are *begging* for your passwords to get stolen, email read, etc.

DHCP does nothing. Spoofing an IP address or simply using a valid address outside of the range is absolutely trivial. You may have your router's DHCP pool set for 192.168.1.100 - 104, but 192.168.1.25 will work just fine. Restricting the DHCP pool literally does nothing but cause headaches for yourself.

 

[jonnythan]

You missed the point too. I mean you are both correct to use the strongest security possible.

Like I said 128bit WEP is the strongest level of security many wireless devices still offer.

Here is what I do.
Use DD-WRT firmware in my routers with strong admin password
128bit WEP
MAC level access control (Only MAC's I set get wireless access)
Broadcast my SSID

I know it is far from perfect, but there are so many wide open access points around here. I just do not see anyone taking the five minutes to crack my network when they can hop right on my next door neighbors.

The problem is that once cracked, they can sniff your traffic. It's not such a big deal if the occasional person uses your bandwidth. The problem is that, given five minutes time while you're on your PC and I'm next door or parked across the street, I can gather your email passwords, Audioholics user name and password, etc etc, just by listening to your internet traffic.

No one is going to crack your WEP key so they can use your bandwidth. They're going to do it so they can sniff your traffic, hack into your computer, deface your web and messenger accounts and change your passwords, and steal your identity. In my work as a personal computer consultant, I encountered more than one person who was a victim of this because they used improper wireless security.

Using WEP is inexcusable this day and age.

 

[10010011]

Using WEP is inexcusable this day and age.

Well tell the manufacturers who are still producing devices that only use WEP.

I am just doing what I have to do to use the devices already I own.

Sure I would love to throw away a perfectly usable device every time something better comes along, but damn, I am just not made of money.

 

[jonnythan]

By the way, the DS has no problem with networks that do not broadcast their SSID. They must just be entered manually.

And personally, if I couldn't afford a $30 USB dongle for the DS and a $20 wireless network card upgrade for any computers using non-WPA compatible wireless adapters, I'd simply stop using wireless networking until such time as I could afford the upgrades.

The risk/reward simply cannot balance out on the "OK, I'll use WEP" anymore. Someone with absolutely zero knowledge can crack your network and start harvesting passwords and cracking your computer within an hour given the incredibly easy availability, ease of use, and sophistication of today's software hacking packages.