How to better secure my wireless transmissions on my home WLAN? VPN?
How to better secure my wireless transmissions on my home WLAN? VPN?. Discuss How to better secure my wireless transmissions on my home WLAN? VPN?, on Wireless Forums.
How to better secure my wireless transmissions on my home WLAN? VPN?
I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
f/w 4.20.7).
Connected wirelessly to this is a home-built desktop PC running XP Home
SP2 using a 54g PCI unbranded card.
Also connected wirelessly is a laptop PC (Medion 42792), also running
XP Home SP2 using an internal 54g Broadcom based card. (Most of the
time, this laptop is CAT5 cabled to the router, but the wife likes to
roam the house with it, so it does go wireless.)
Neither machine is left on server-like.
My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
wireless transmissions, using VPN I am guessing. I have looked at
OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
want).
If possible, I would also like both machines to be accessible from
another PC behind a similar setup in another location, via the
internet.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
"__spc__" <spamtime@ntlworld.com> wrote in news:1129533584.138528.85590
@f14g2000cwb.googlegroups.com:
> I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
> f/w 4.20.7).
>
> Connected wirelessly to this is a home-built desktop PC running XP Home
> SP2 using a 54g PCI unbranded card.
>
> Also connected wirelessly is a laptop PC (Medion 42792), also running
> XP Home SP2 using an internal 54g Broadcom based card. (Most of the
> time, this laptop is CAT5 cabled to the router, but the wife likes to
> roam the house with it, so it does go wireless.)
>
> Neither machine is left on server-like.
>
> My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
> wireless transmissions, using VPN I am guessing. I have looked at
> OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
> want).
Any financial stuff or things of that nature, I would use wire. It's as
simple as that.
>
> If possible, I would also like both machines to be accessible from
> another PC behind a similar setup in another location, via the
> internet.
>
It's called port forwarding. You should keep the machine out of the DMZ.
The other possibility would be port triggering -- look it up but I doubt
that it's going to work for you in Remote Desktop Sharing situation over
the Internet with two machines on the LAN if that's what you're after.
Port forwarding only works with one IP/machine behind the router and you
should use a static IP on the router for the machine.
Port Triggering is for a game situation where you have more than one
machine using the same port(s) behind the router to play the game over
the Internet with multiple players as an example.
You can also use IPsec that's on the Win 2k and above O/S(s) if you're
looking for a VPN between the machines on the LAN or WAN -- use Google.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In <1129533584.138528.85590@f14g2000cwb.googlegroups. com> on 17 Oct 2005
00:19:44 -0700, "__spc__" <spamtime@ntlworld.com> wrote:
>I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
>f/w 4.20.7).
>
>Connected wirelessly to this is a home-built desktop PC running XP Home
>SP2 using a 54g PCI unbranded card.
>
>Also connected wirelessly is a laptop PC (Medion 42792), also running
>XP Home SP2 using an internal 54g Broadcom based card. (Most of the
>time, this laptop is CAT5 cabled to the router, but the wife likes to
>roam the house with it, so it does go wireless.)
>
>Neither machine is left on server-like.
>
>My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
>wireless transmissions, using VPN I am guessing. I have looked at
>OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
>want).
WPA is in general quite secure, on a par with VPN. PSK (shared key) can be a
weakness, but only if (a) too short a passphrase is used and/or (b) the
passphrase falls into the wrong hands. If you want to maximize your security,
set a maximum length passphrase (at least more than 20 characters) of
pseudo-random characters, and change it regularly -- I change my passwords
whenever daylight savings kicks in or out, just as I do my smoke detector
batteries.
Good way to generate secure passwords:
Password Safe* <http://passwordsafe.sourceforge.net/>
Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
it's open source and free, and has been subjected to extensive peer review.
* NOT <http://www.passwordsafe.com/>
--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
"__spc__" <spamtime@ntlworld.com> wrote in news:1129560420.782959.166180
@z14g2000cwz.googlegroups.com:
> Thanks for this Duane - the links were useful, and I read them in
> conjunction with the WRT54G user manual which helped greatly.
>
> So, for port forwarding, do I need a static IP address from my ISP - so
> that I know which address to use when accessing the service externally?
>
>
The static IP is for whatever IP/machine on your LAN the traffic for the
inbound port the application on the machine needs open to be forwared to
that IP. Set the NIC on the computer through the Windows O/S to use one
of the router's static IP(s) and not an IP that can be issued through the
DHCP of the router. If the DHCP IP(s) that can be issued are 5 as an
example, then the DHCP IP(s) the router can issue are from 192.168.1.100
through 192.168.1.105. 192.168.1.106 and out are static IP(s) on the
router. The D in DHCP means Dynamic.
So the NIC on the card would be set to *Use the following* IP(s)
IP = 192.168.1.106
Subnet = 255.255.255.0
Gateway = 192.168.1.1 or is know as the router's Device IP.
Use the following DNS IP(s) --- which are the ISP(s) IP(s)
DNS1 = XXX.XXX.XXX.XXX
DNS2 = XXX.XXX.XXX.XXX
You'll find the ISP's DNS IP(S) on one of the router's Admin Screens,
which you'll also see the ISP's IP that has been issued at the time to
the router. The DNS IP(s) are static IP(s) that you'll enter for DNS1 and
DNS2.
If you port forwarded to a machine that uses a DHCP IP, the IP could
change for the machine to something else. But using a static IP like
192.168.1.106 in the above example, the IP for the machine on the LAN
that is being port forwarded to will not change its IP and port
forwarding will always point to 192.168.1.106. because it's static.
That's what is meant by using a static IP on the router is make the
computer's NIC wire or wireless use one of the router's static IP(s) so
that the computer keeps the same IP and it never changes.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
__spc__ wrote:
> Thanks for this Duane - the links were useful, and I read them in
> conjunction with the WRT54G user manual which helped greatly.
>
> So, for port forwarding, do I need a static IP address from my ISP - so
> that I know which address to use when accessing the service externally?
Pah, so ntl tell me I need to upgrade to their business tariff if I
want a static IP address. Hmmm, not sure how much that'll cost, but I
bet it's a lot more than the rate I'm on now...
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
> Pah, so ntl tell me I need to upgrade to their business tariff if I
> want a static IP address. Hmmm, not sure how much that'll cost, but I
> bet it's a lot more than the rate I'm on now...
You don't need to although it's a little more effort.
The WRT54G has the option of supporting a few dynamic DNS providers such
as dyndns.org. Go there, register a hostname and configure that in the
WRT54G
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
"__spc__" <spamtime@ntlworld.com> wrote in news:1129576378.982307.162480
@g14g2000cwa.googlegroups.com:
>
> __spc__ wrote:
>> Thanks for this Duane - the links were useful, and I read them in
>> conjunction with the WRT54G user manual which helped greatly.
>>
>> So, for port forwarding, do I need a static IP address from my ISP -
so
>> that I know which address to use when accessing the service
externally?
>
> Pah, so ntl tell me I need to upgrade to their business tariff if I
> want a static IP address. Hmmm, not sure how much that'll cost, but I
> bet it's a lot more than the rate I'm on now...
>
>
What's a static IP from the ISP have to do with anything? I don't know
about this NTL. The BB connection I used when doing port forwarding never
changed even using a DHCP IP from the ISP. But my router was up 24/7 365
connected to the Internet and the IP never changed when I was using port
forwarding on the router.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
> about this NTL. The BB connection I used when doing port forwarding never
> changed even using a DHCP IP from the ISP. But my router was up 24/7 365
> connected to the Internet and the IP never changed when I was using port
> forwarding on the router.
Same with NTL as long as the connection stays up. Mine has changed only
when the router has been down and replaced by an alternate router or say
a PC for a short while but that's to be expected.
Even when the router has been turned off and on again, the same IP
address has been maintained.
Don't know which tarrif the OP is on but if it's the 3Mbps one then by
the end of the year that's supposed to go to 10Mbps at no extra charge.
:D
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
Thanks David - I will have a look at the DDNS options.
Duane - ntl is the biggest provider of cable broadband in Great
Britain; their tech support last night confirmed that they have short
lease times on IP addresses.
I don't want to chance the IP address changing if I'm to provide the
address to others to access the ports on one of my machines (even
though my router & modem are on 24/7).
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
Sadly, I'm on the 1MB connection...
I don't want to set up a public server, I just want my family to be able to
access JPEGs etc. on my WLAN 'server' so I guess the semi-permanent IP
allocation from ntl will suffice; I can always advise of a change.
"David Taylor" <djtaylor@bigfoot.com> wrote in message
news:MPG.1dbeb09c5cff269c989ebc@news.cable.ntlworl d.com...
>> about this NTL. The BB connection I used when doing port forwarding never
>> changed even using a DHCP IP from the ISP. But my router was up 24/7 365
>> connected to the Internet and the IP never changed when I was using port
>> forwarding on the router.
>
> Same with NTL as long as the connection stays up. Mine has changed only
> when the router has been down and replaced by an alternate router or say
> a PC for a short while but that's to be expected.
>
> Even when the router has been turned off and on again, the same IP
> address has been maintained.
>
> Don't know which tarrif the OP is on but if it's the 3Mbps one then by
> the end of the year that's supposed to go to 10Mbps at no extra charge.
> :D
>
> David.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
> I don't want to set up a public server, I just want my family to be able to
> access JPEGs etc. on my WLAN 'server' so I guess the semi-permanent IP
I know where you're coming from but you could also host the pics on a
hosting site so that family members could also select them and choose to
have them printed and sent to their home.
Re: How to better secure my wireless transmissions on my home WLAN? VPN?
iOpus' iPig is a good and free VPN solution for this purpose, I am
using it myself.
This is the information they provide on their website:
"How does iPig security compare to WEP or WPA encryption?
WEP encryption is already broken and thus not secure. WEP will stop a
casual user, but freely available programs like AirSnort enable any
Cracker to break into your WLAN with little trouble. Making matters
even worse, the cracking techniques most frequently used will work
equally well no matter what WEP key length you're using.
WPA encryption itself is secure, but stops at the hotspot. Thus while
it protects your data while it is "in the air", it offers no protection
at all if the hotspot itself is corrupted.
In contrast, if the data is encrypted with iPig, the data is still
encrypted while it passes through the hotspot. Thus, even an "evil
twin" attack can not compromise your security. "
How to better secure my wireless transmissions on my home WLAN? VPN? 
Linear Mode
