security question

clueless · EVDO Newbie Joined: 11 Jan 2008 Posts: 3

I set up my ctr-350 yesterday and am thrilled to have all 3 home computers online at the same time! No more fighting over the 595U card.

I am clueless about computer things (it took me a while just to post -this is my first ever, anywhere!). I was happy just to figure out how to get these machines able to access internet. I tried to go back and upgrade the security settings to best and then I couldn't get things working. Until I can read up and determine what will make this work I need to know the risk. We live in the country and there is noone around for at leat 1/4mile in all directions. Is the security within the cradle point setup just to keep neighbors from seeing your data? If so is it safe for me to do banking, etc. online even without security improvements?

While I am here, I wasn't sure about security from using the 595U on each individual machine. Does the internet security we have keep us relatively safe? One machine has AVG and the other 2 Norton. One is running VISTA and the other 2 Windows XP. We use Windows firewall on AVG but it is disabled on the Norton machines and we use their firewall.

Thanks for any help!

rjs2015 · EVDO Fledgling Joined: 28 Dec 2007 Posts: 23

I just hooked up my CTR350 and was going to sit down this weekend and try to figure out the security issues. I tried to read a bit about it in Network for Dummies (at Barnes and Noble) but did not get very far.

When I set up our computers a screen did indicate "an unsecure network." I hesitate to make changes to anthing because everything is working so well (two Dell desktops and one MAC) all sharing the VerizonUSB727 through the CTR350.

Hope advice to you can help me too!

deparson · EVDO Junkie Joined: 30 Aug 2006 Posts: 248

You should enable WEP or WPA security on your EVDO router. This will keep your data safe between your computer and your router. WEP is easy; just give your router and computer the same password and you are all set.

You asked about banking, etc. That is secure even with security on the WiFi link off. Web pages like these are encrypted already from your computer to the bank's computer; or Amazon.com, etc. Just look for HTTPS in the address and you know you are good to go. What people could get from an unencrypted WiFi link are things like what you search for, what you do when you visit evdoforums.com, or other such sites.

The real risk, IMO, of running an open access point where anyone in range can connect is someone finding their way to one of your computers via your home network and accessing your files. This is MUCH easer than intercepting a WiFi data stream to steal data. I have seen public access points that have Windows computers attached with open access to the c:\ drive!! Ouch.

Finally, some people will point out that WEP or WPA or [fill in the blank] encryption can be broken. This is true but the real world chance of ANY ONE ever intercepting even unencrypted WiFi data is so very very low that it is hardly worth thinking about. If you add WEP or WPA you are going to protect your network from just about any risk of data compromise.

xrayman · Posted: Fri Jan 11, 2008 5:33 pm Post subject:

I recommend WPA2 over the older less secure WEP if the client computers have newer wireless network cards. To protect against a brute force attack, a truly random passphrase of at least 20 characters should be used, and 33 characters or more is recommended. Also change the default Admin password for the router.

rjs2015 · EVDO Fledgling Joined: 28 Dec 2007 Posts: 23

Thanks for the info. This forum is very helpful for people like me! Laughing

clueless · EVDO Newbie Joined: 11 Jan 2008 Posts: 3

Thanks for the info. It was very helpful. I had updated the passwords upon setup and felt better about waiting to attack the security issue again.

Today I tried unsuccessfully to do so. I ran the cradle point wizzard and then made sure my computers network settings had the same network, encription and network key. When I tried WPA, my internet went down when I got to the point of rebooting the router. I couldn't log in so I would reset the router. Finally I set it to WEP. The reboot worked fine and then I was able to connect to the network. It showed it was a secure network. I had a weak signal and a message something like limited connectivity. I couldn't access the internet. I put my 595U directly into a computer to check and the signal was fine. I finally put it all back to the default wizzard setup and it works great but I am still concerned about fixing it.

I just saw that you can open a support ticket with 3G so that may be my next step as it is probably something very easy that I am not aware of.

Thanks again daparson, xrayman. Let me know how you do on your set-up rjs2015.

rjs2015 · EVDO Fledgling Joined: 28 Dec 2007 Posts: 23

I am a newbie plus and I was delighted when I was able to get my computers to use the internet with my CTR350 and USB727. I am almost afraid to make any changes because things are going VERY WELL.

Could someone help me with the basic security for my network? All 3 computers are accessing the CTR35--USB727 throught the wireless (I purchased USB wireless add-ons at a local store).

So--
1. should I immediately change the administrator password for the CTR?
2. what should I do to keep passerbys from jumping on my network? We live out in the woods and I checked. From the road we have a very weak to no signal so I am not too worried but I still want some protection.

Thanks!

xrayman · Posted: Wed Jan 16, 2008 11:03 am Post subject:

What was said in the post above by deparson is all correct. Changing the admin password on the router will keep someone (kids) in your house from messing with router settings, much more likely than an external attack. Just because you get a low signal at the end of your driveway is not a guarantee someone will not hack your WiFi network, it is just unlikely. To keep just about anyone from leaching your connection I recommend WPA2 over the older less secure WEP. To protect against a brute force attack, a truly random passphrase of at least 20 characters should be used, and 33 characters or more is recommended.
More important keep your anti-virus program up to date. I can't believe the number of new computers I see that have no protection from new viruses because they let the anti-virus program subscription run out. If you don't want to pay for the subscription get AVG free.

clueless · EVDO Newbie Joined: 11 Jan 2008 Posts: 3

rjs2015, I just used the security wizzard to enable WEP and made sure the properties of my network settings matched (like I did last week) and everything is working perfectly. All I can figure is that we had storms and later my normally reliable 595U also was dropping when it was directly hooked up to a computer. Before I opened a support ticket I decided to just give it a try and all seems to be fine. To give you some encouragement I thought I would share my success with you. I too had to add a USB wireless adapter to one of my machines, the other 2 had them. I was happy to even figure out that problem!
If xman or deparsons is out there I have a question that may help rjs2015 too. How do you determine what encription your machine can support? I am guessing the reason I had trouble with WPA is that my oldest machine may not support that. I would like to be brave and try to upgrade to WPA but can't figure out how to see if this is doable. THANKS!
PS- what is a brute force attack?

xrayman · Posted: Fri Jan 18, 2008 12:25 pm Post subject:

You possibly could upgrade your older machine with a new driver for the WiFi but most likely you will need a new WiFi card. In most cases WEP will be good enough but you never know who is outside. Easy way to test is to get a new USB WiFi device from Wal-Mart and try it in the older machine. Remember to remove the old WiFi card or disable in bios if it is built in. I have had problems with encryption working because of a weak signal or high interference to the WiFi card.
Brute force attack = http://en.wikipedia.org/wiki/Brute_force_attack

deparson · EVDO Junkie Joined: 30 Aug 2006 Posts: 248

Before spending time upgrading to WPA do keep in mind that the chances of anyone cracking your WEP encryption (or evening viewing an unencrypted wifi data stream) is very, very, very, very, very low. Very low Smile

SlyFerret · EVDO User Joined: 19 Mar 2007 Posts: 70

Clueless,
I live out in the country as well. My neighbors are not quite as far away as yours, but still not real close. There is virtually no traffic.

WiFi has a theoretical maximum range of about 300 feet. I know that I don't have any neighbors within that range.

I leave my WiFi open. I am an IT guy, and I fully understand the risks involved, and decided that there was no need to lock down my WiFi, due to my geographic location. I use an older 802.11B wireless access point that doesn't do WPA anyway, and WEP is so badly broken that there isn't any point. With WEP, if somebody actually wanted into my network, they'd be in within a few minutes (that's all it takes to crack WEP on a fairly new laptop).

It also makes it much easier when guests come over with laptops or more commonly WiFi enabled PDA's to get online at my house.

When I lived in town, I ALWAYS locked my network down. I also regularly lock my clients networks down. If I lived in town, I would buy a newer router and use WPA.

If you'll feel more comfortable locking down your network go for it. Is is necessary? Probably not given your location.

-SF

xrayman · Posted: Fri Jan 18, 2008 2:01 pm Post subject:

Before I went to WPA the kid next door hack into my WEP (protected) WiFi network. At this time I have not had another intrusion.

jackrodgers · EVDO Addict Joined: 23 Mar 2006 Posts: 1131

Software is available that will crack wep protection.

http://binaervarianz.de/projekte/programmieren/kismac/

I have only looked at the site and not tried the software as I have no interest in doing this.

I assume such is more than readily available for windows.

Google 'crack', 'hack' and so on...

rjs2015 · EVDO Fledgling Joined: 28 Dec 2007 Posts: 23

I ran the setup Wizard and changed to WEP. I was asked for a password and then when I was finished I saw a long WEP key.

I went to my other computers with wireless connection and could not get on. Do I use the password or the WEP key? I tried both and could not connect.

My computer with the etherent cable is fine. But for now I went back to no security.

HELP.

Before I tried to go to WEP and was using no security I noticed this-----
When I go to the Cradlepoint adminstration and view the wireless clients I only see the other computer using the wireless. Can I be safe in assuming that no other wireless devices (like my only neighbor) is not on my network?