Wireless security confusion!!!!!

Mitzs · #1 31-Jan-2008, 03:05 AM

I have a choice of WPA Personal,
WPA Enterprise, WPA2 Personal, WPA2 Enterprise, RADIUS,
and WEP. I have chosen the wpa personal with the aes. But the next box is asking for a WPA Shared Key?

What is that and where do I find it? It does not explain this in the manual and I've looked for it twice and google is not helping at all!

Can anyone here make my headache go away?

Stoney · #2 31-Jan-2008, 06:24 AM

The WPA shared key is a key that is configured on the wireless device and also on the wireless client. When you connect to the wireless device using WPA it will check that the clients shared key matches the one on the router. If the keys match the client will be allowed to communicate with the device.

I wouldn't like to say for certain where you would configure this because I don't know what router you're using, but normally the Pre-shared key is on the same page as the Wireless security authentication method (where you chose WPA).

HTH

**Sparky** · #3 31-Jan-2008, 10:23 AM

Yup, what Stoney said. You configure the key on the router and then you have to put the same key in the wireless settings on the laptop. No key = no wireless = security!

The_Geek · #4 31-Jan-2008, 10:50 AM

If security is that much of a concern, enable wireless MAC filtering.

Mitzs · #5 31-Jan-2008, 10:53 AM

I guess I will just have to call linksy today then. I see where to put the key, which is where you choose what you want. But I am missing how to configure the key. That is not there. Thanks anyway guys. I appreciate your time.

**TimoftheC** · #6 31-Jan-2008, 10:57 AM

I am a little confused by this mitz

Is it not just a case of accessing the router via the administartion software (Linksys is via your web browser I believe) enabling WPA with a pre-shared key, making the key up youself and then making sure that the exact same WPA setting and key is configured on the client?

At least, that's what I used to do when I used a Lynksys Router. As I said though, I may be missing something here so ignore me if I'm being stupid

**Sparky** · #7 31-Jan-2008, 11:00 AM

Quote:

“

Originally Posted by Mitzs

I guess I will just have to call linksy today then. I see where to put the key, which is where you choose what you want. But I am missing how to configure the key. That is not there. Thanks anyway guys. I appreciate your time.

”

Can you post a screenshot?

AJ · #8 31-Jan-2008, 12:00 PM

Mitzs

The shared key is like a password that you make up. Make sure it has numbers and letter caps and lower case. Do this on the router, then when you fire up your lappy, it will ask you if you want to connect to the wireless network and then ask you for the key. Just type in the same key you installed in the router and away you go.

Easy really

zebulebu · #9 31-Jan-2008, 12:41 PM

Quote:

“

Originally Posted by The_Geek

If security is that much of a concern, enable wireless MAC filtering.

”

No offence mate, but that is about as secure as leaving your house door wide open when you leave. The only way to truly secure a wireless network is using WPA2/PSK with a key change every hour or so. A pain in the arse to be sure, but it will be as secure as its possible to get without using RADIUS (which has its own problems anyway)

Modey · #10 31-Jan-2008, 01:00 PM

Quote:

“

Originally Posted by The_Geek

If security is that much of a concern, enable wireless MAC filtering.

”

Mac filtering is nearly as good as WEP when it comes to security. ie. not very much use at all. It's fairly easy to spoof a mac address.

edit: Hadn't read Zeb's reply. What he said.

rwlk · #11 31-Jan-2008, 01:12 PM

Zebulebu,
I don't think you need to change your WPA2/PSK password every two hours!!. So far as it's a strong password with caps and lower case letters and numbers and symbols AND long enough, you don't have to worry that much. You could probably change it every two - four months. WPA2 is a strong authentication/encryption methods and generates session keys for every client for every session. This way, packet capture will be useless for hackers. Most hacker tools available against WPA2 have to capture a lot of packets before cracking the key (some tools force the AP to exchange heavy traffic for this reason). But it is still hard to crack. That's why it has to be NOT GUESSABLE and LONG ENOUGH (I insist on this).

HTML Code:

Is it not just a case of accessing the router via the administartion software (Linksys is via your web browser I believe) enabling WPA with a pre-shared key, making the key up youself and then making sure that the exact same WPA setting and key is configured on the client?

It's just that. It could be hard to save the same key for you client to always connect automatically to the same network but it all depends on the software you are using. Wireless Zero configuration can ease this process but security-wise, better use your wireless adapter software.

zebulebu · #12 31-Jan-2008, 01:21 PM

True - that's probably overkill, but it future-proofs you against any newly discovered vulnerabilities in WPA2. WPA1 & WEP were 'uncrackable' when they came out - and look what happened to them. A regular key change will allow you to be secure enough that, when there eventually IS a simple exploit for WPA2, you will have enough advanced notice of it to either disable your wireless completely or move to the newest 'latest and greatest' protection available.

Of course, you're quite right - all this is probably overkill for someone sitting at home with their own little wlan. I'm talking more from a corporate (e.g. paranoid) viewpoint here

**TimoftheC** · #13 31-Jan-2008, 01:37 PM

Quote:

“

Originally Posted by rwlk

Zebulebu,
I don't think you need to change your WPA2/PSK password every two hours!!. So far as it's a strong password with caps and lower case letters and numbers and symbols AND long enough, you don't have to worry that much. You could probably change it every two - four months. WPA2 is a strong authentication/encryption methods and generates session keys for every client for every session. This way, packet capture will be useless for hackers. Most hacker tools available against WPA2 have to capture a lot of packets before cracking the key (some tools force the AP to exchange heavy traffic for this reason). But it is still hard to crack. That's why it has to be NOT GUESSABLE and LONG ENOUGH (I insist on this).

HTML Code:

Is it not just a case of accessing the router via the administartion software (Linksys is via your web browser I believe) enabling WPA with a pre-shared key, making the key up youself and then making sure that the exact same WPA setting and key is configured on the client?

It's just that. It could be hard to save the same key for you client to always connect automatically to the same network but it all depends on the software you are using. Wireless Zero configuration can ease this process but security-wise, better use your wireless adapter software.

”

Quote:

“

Originally Posted by zebulebu

True - that's probably overkill, but it future-proofs you against any newly discovered vulnerabilities in WPA2. WPA1 & WEP were 'uncrackable' when they came out - and look what happened to them. A regular key change will allow you to be secure enough that, when there eventually IS a simple exploit for WPA2, you will have enough advanced notice of it to either disable your wireless completely or move to the newest 'latest and greatest' protection available.

Of course, you're quite right - all this is probably overkill for someone sitting at home with their own little wlan. I'm talking more from a corporate (e.g. paranoid) viewpoint here

”

Ok, another confused point I wana make

Zeb, can I assume that you are talking about setting the key that's created off the pasphrase you supply, to automatically change evey couple of hours?

It's just that, if you are talking about changing the actual "key" that you physically enter, then to change that every couple of hours on your router will mean a similar change to every client.

To me, both you and rwlk seem to be talking about slightly different things - or am I just being thick?

zebulebu · #14 31-Jan-2008, 01:51 PM

It's confusing I agree!

Basically, you never actually change the passphrase you use, but the key generated from it is regenerated by TKIP at a specified interval. So - although the passphrase you use to generate the key remains constant, the actual key used by the AP & devices connecting to it changes based on a random Key Derivation algorithm. This is set on the router - usually as 'group key renewal time' or something similar.

It's best to use a long truly random passphrase to guard against brute force attempts which are theoretically possible - I use a 20 character random string that is generated from this site and change it every few weeks or so.

Hopefully that's a bit clearer - you don't need to change the passphrase you use on the router every two hours! That would be a truly paranoid approach, and you might have trouble remembering to renew it at every interval

**TimoftheC** · #15 31-Jan-2008, 02:02 PM

He he - thanx Zeb.

Yeah, well aware of how wireless security works but I think it was this part of rwlk's post that confused me: -

Quote:

“

Originally Posted by rwlk

Zebulebu,
I don't think you need to change your WPA2/PSK password every two hours!!. So far as it's a strong password with caps and lower case letters and numbers and symbols AND long enough, you don't have to worry that much. You could probably change it every two - four months.

”

I read that and assumed you were also talking about changing the passphrase, but every two hours - hence my confusion