OT: wifi setup advice

only seen this one so far... ;-)

Yup sounds that way.

Probably not. You can get ADSL routers with built in homeplug as well if you want. e.g:

would reduce the amount if extra stuff you need. Having said that, ADSL routers with wireless can be had for not much more than the price of ordinary ADSL routers.

(in fact a wireless access point with built in homeplug might be a nice solution - that way she can shift the wireless bit about should needs change)

Netgear and Linksys stuff seems ok. The Solwise range of stuff is ok, especially their homeplug gear. Their routers can often be improved by flashing with the routertech firmware

One other point - am I right in thinking that the new 'n' wifi standard

Its certainly better it seems. Have a read of the last bit on this page:

said that - 11g will do what you need well enough for less. Note also that the laptop probably does not have 11n support by default.

With 11n make sure you buy all your kit from the same supplier - since its early days and incompatibility may still be a problem.

Lobster's granny's getting a netbook..

i've just got a netbook, i recommend getting a cheap usb keyboard with it cos the keys are a bit small. and a usb mouse. cos trackpads are annoying.

ive just bought a new wifi router with an ethernet input, cos some rooms in my house cant get the existing wifi.. you can run a cable to the best position for it..

Belkin Wireless N1 Router F5D8231 High Speed 300MBS wireless £30

means you wont have to fiddle with the existing connection

[g]

Which halfs the through put on the wireless side as only one thing can transmit at a time. Probably not an problem in this particular case but worth bearing in mind.

Eminently sensible with many chains offering no quibble returns policies. Or even if you buy from an independant explain your situation and you may well get the same sale or return. After all you aren't going to open anything you don't need to use...

Might be worth a diagram or two of the set up so you can work out the kit and cables you need. nothing like a diagram to highlight an extra bit of string that isn't supplied with the kit or extra mains distribution board for the wall warts. Don't foreget a network card for the PC if that currently uses USB for the link to the ADSL modem. B-)

Personally I'd look at an ADSL router with built in firewall and a small (4 port?) ethernet switch and have a seperate, ethernet connected, wireless access point. A single box for everything is a single point of failure, a simple ethernet modem/firewall, network switch and WAP is even more resiliant but does increase the number of boxes, wires and wall warts. Means that the local LAN can still be used if the ADSL modem gets zapped by lightning or something...

Possibly but the lowest WiFi should be running faster than the ADSL unless your Mum is close to a 21CN enabled exchange or one with up to 24Mbps LLU and has that service. Of course if she wants to start streaming HD video wirelessly around then she'll need the highest wireless speed she can get. Be aware that like ADSL most WiFi speeds are "up to", the real world can be very different...

Time to crack WEP a few minutes.. time to crack WPA2 a few minutes. It doesn't make a lot of difference since the code for using nvidia GPUs leaked. Its easy to get a couple of hundred GPUs running code cracking now.

I've haven't heard of a feasible crack for WPA2. Do you have a link?

I agreed that WEP is easily cracked. I don't agree that WPA is easily cracked. As far as I'm aware, the current technique is to capture the client authentication handshake, then run a dictionary attack on the encrypted passphrase. This depends on the WPA passphrase being 'easily' guessed - so WPA is secure enough, so long as you don't use a password that is in the dictionary, or simple variant of it. WPA enforces a passphrase of at least 8 characters, so:

Don't use a word in the dictionary e.g. "password" Don't use a simple variant of a word in the dictionary e.g. using zero instead of the letter 'o' and 4 for the letter 'a' like "P4ssw0rd" - as there are systems that check for such simple substitutions.

I think WPA keys can be up to 128 characters, so a complete phrase is good, especially if it has a made up word in it - for example: "The flingtub is bufarked"

You can use characters that are not letters, e.g.

"The (slarty) flingtub is bufarked!", which makes automated guessing of the passphrase more difficult.

Alternatively, you can generate a completely random passphrase like: "Ye!knSV8%tK?q+G" - Just make sure you write it down and keep it secure for when you need to add new equipment to your wireless LAN.

Many of the cracking systems also rely on the SSID of the wireless LAN to be well known (they have the default SSIDs of wireless LAN equipment form many manufacturers programmed in) so change the SSID from the default to something else.

Cheers,

Sid

Regards,

Sid

Presumably it must also help to have the SSID display switched off, and to restrict access to specified MAC addresses, too? I do that at home on my own setup, along with using WEP (which I'm restricted to at the moment).

That, and the fact that anybody who wants to hack into my network would either have to be doing it from nextdoor or a car parked outside my house in a car, all of which I hope makes me safe to a reasonable level of certainty...

David

I think WPA keys can be up to 128 characters, so a complete phrase is good, especially if it has a made up word in it - for example: "The flingtub is bufarked"

You can use characters that are not letters, e.g.

WPA2 (TKIP + AES Encryption) with a complex preshared Key is good enough for WiFi (it's better than what is used on many commercial installs)

Use a long phrase, with a good mix of upper case & numbers, and variable spaces between words ... I use more than 50 characters ... save them as a text file on a USB memory stick.

Sounds safe enough - you don't see many cars parked in a car!

Not really. Here's a fairly good explanation why:

and

Spoofing MAC addresses is quite easy to do. However, restricting access to specified MAC addresses does 'raise the bar' slightly to deter casual attempts at unauthorised use of your WiFi.

If you are at all concerned about your security, you really should be using WPA with a good passphrase - but I think you know that.

By using the right (directional) antenna and increasing output power, someone _could_ access your WiFi from considerably further away. What level of security you choose is up to you - some people deliberately leave their WiFi networks open, others won't even use wireless.

Cheers,

SId

available would simply wait for these administration frames and simply decode these one. If no client join the network in the time frame, it is possible to force an already connected user to disconnect, it will automatically rejoin the network, disclosing the SSID..." which I take to mean yes it does indeed *help* to switch off SSID!

Sure, I know it's not infallible any more than restricting the MAC address is, or using WPA instead of WEP. However it stands to reason that if you have all three actioned it's going to present a lot more aggravation to a casual hacker looking for a network to crack for whatever reason, than driving round to the nearest crowded housing estate where he's inevitably going to find numerous wifi networks within range with a high probability of quickly finding one much unsecured than mine.

I do realise that WPA would be better - but I think it's about striking the balance between paranoia and realism. It's like home security - if you have five-lever locks, a dog, and a decent burglar alarm it's not going to deter the most determined professional burglar who really wants to get in to your house, but you hope that what will happen is that

99.99% of them will be deterred into attacking the house down the road which has none of those security features.

David

Thanks a lot John. I've spent some time going through the solwise site now - they certainly have some really cool kit, especially the wireless homeplug thing! Wonderful idea, and I'm definitely going to include that in my shopping list for her - being able to move it round the house is perfect, and having a moveable, plug-in job with an aerial attached would be very user-understable for my Mum - ie, if she's getting a poor signal, just go and fetch the gizmo and plug in in near where she's working.

The solwise site is really good - lots of very clear explanations for the novice about wi-fi etc and what's needed.

Actually, having thought about it some more I think I may have just persuaded her to move the goalposts a bit, and to dump her existing desktop (and her proposed new netbook) PCs in favour of a single new desktop-replacement laptop which she can use primarily in the spare bedroom (in conjuction with her existing monitor/keyboard/mouse) and then lug the laptop alone to use downstairs when she wants. I've been worried about having two machines to maintain via 'Remote Assistance'!; also concerned about the inevitable confusion of having copies of files on different PCs and the whole network resources thing. Finally it will let her use her email (Outlook Express) downstairs as well as upstairs - that wouldn't be feasible with the desktop/notebook scenario.

Thanks to all again. David

There is one very important point that is often overlooked in discussions of this nature.

A person breaking into a network with any kind of security, even WEP, is committing a serious offence, and is quite likely to get a prison sentence if pursued.

As I understand it, a person linking to an unsecured network is not committing any offence, unless they go on to steal or destroy something.

You misunderstand it then. The same offence is committed even if it is open. You may get away with it if the SSID is something like "free internet access for all".

It's you who misunderstand what I said. It is an offence to break into an encrypted network whether you do any damage or not. I saw that a man in London was given a prison sentence some months ago for doing exactly that.

I don't believe it is an offence to connect to an open network.

Do you disagree with one (or both) of these statements? If so, which one(s)?

I take it the difference is analogous to that between entering a house with an open door, as compared with picking the lock to enter the house.

It is an offence to connect to any wireless network without the owners permission, open or not! Clear?

Can you cite on this please, as Policeman son thinks it is fine to do with his laptop.

Dave

So that just means you can't trust the policeman's son.

If you use google you will be able to find the cases where people have been fined.