(Wireless)
Sony Viao desktop running XP Pro
Linksys WUSB54G wireless adapter
Driver version: 2.0.2.0
Linksys Wireless Network Monitor v4.2
(Wireless)
Toshiba Satellite laptop running XP Home
Dell WLAN 1350 wireless PC Card
Driver version: 3.40.73.0
Dell Wireless WLAN Card Utility
I have a wireless network set up with the above computers on a cable
connection through Cox Communications. DHCP from the router is
disabled and all three computers have static IPs. The SSID broadcast
is also disabled. WEP security is enabled.
The wired desktop and wireless laptop have no connection issues at all.
Despite the SSID being hidden, the laptop has had no problems
continually accessing the network over the past 3 weeks. This morning
I switched the Sony from wired to wireless and have had nothing but
problems with it. I verified all the settings with the laptop (IP,
DNS, etc.), but could not access the network with the Sony. After
alternating between the Linksys network monitor and Windows Wireless
Zero Configuration, I finally enabled the SSID broadcast. This allowed
me to connect to the network and the Internet (via Firefox/IE), but I
receive the message "You are connected to the acess point, but the
Internet cannot be found." in the Linksys monitor. The big issues is
that I cannot access the Internet/streams from Winamp, Windows Media
Player, iTunes, etc. Also, if I disable the SSID broadcast - even
after saving all the settings using the Linksys monitor - I immediately
lose the connection and cannot reconnect until I enable the SSID
broadcast. Firewalls are not the problem.
Any suggestions would be appreciated. Have been fighting this all day
and don't know exactly how to proceed (other than wiring the Sony to
the router again).
On 5 Aug 2006 16:13:25 -0700, spacemonkey485@yahoo.com wrote in
<1154819605.345770.275240@i3g2000cwc.googlegroups. com>:
>Setup:
>
>Linksys WRT54G wireless router
>Firmware v1.00.6
>
>(Wired)
>eMachines desktop running XP Home
>
>(Wireless)
>Sony Viao desktop running XP Pro
>Linksys WUSB54G wireless adapter
>Driver version: 2.0.2.0
>Linksys Wireless Network Monitor v4.2
>
>(Wireless)
>Toshiba Satellite laptop running XP Home
>Dell WLAN 1350 wireless PC Card
>Driver version: 3.40.73.0
>Dell Wireless WLAN Card Utility
Good stuff.
>I have a wireless network set up with the above computers on a cable
>connection through Cox Communications. DHCP from the router is
>disabled and all three computers have static IPs.
Why? DHCP isn't a security issue, and manual IP is error-prone hassle.
>The SSID broadcast
>is also disabled.
Won't help security -- a waste of time that just makes life harder.
>WEP security is enabled.
Correction: WEP insecurity. WEP is so easily broken that it's
essentially useless, just like SSID hiding, MAC filtering, and turning
off DHCP..All you need is WPA or WPA2 with a strong passphrase.
>The wired desktop and wireless laptop have no connection issues at all.
> Despite the SSID being hidden, the laptop has had no problems
>continually accessing the network over the past 3 weeks. This morning
>I switched the Sony from wired to wireless and have had nothing but
>problems with it. ...
>Any suggestions would be appreciated. ...
1. Unhide the SSID.
2. Remove any MAC filtering.
3. Use DHCP instead of manual IP.
4. Troubleshoot with all security turned off
5. Then switch to WPA or WPA2 with a strong passphrase.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 5 Aug 2006 16:13:25 -0700, spacemonkey485@yahoo.com wrote in
> <1154819605.345770.275240@i3g2000cwc.googlegroups. com>:
>
> >Setup:
> >
> >Linksys WRT54G wireless router
> >Firmware v1.00.6
> >
> >(Wired)
> >eMachines desktop running XP Home
> >
> >(Wireless)
> >Sony Viao desktop running XP Pro
> >Linksys WUSB54G wireless adapter
> >Driver version: 2.0.2.0
> >Linksys Wireless Network Monitor v4.2
> >
> >(Wireless)
> >Toshiba Satellite laptop running XP Home
> >Dell WLAN 1350 wireless PC Card
> >Driver version: 3.40.73.0
> >Dell Wireless WLAN Card Utility
>
> Good stuff.
>
> >I have a wireless network set up with the above computers on a cable
> >connection through Cox Communications. DHCP from the router is
> >disabled and all three computers have static IPs.
>
> Why? DHCP isn't a security issue, and manual IP is error-prone hassle.
>
> >The SSID broadcast
> >is also disabled.
>
> Won't help security -- a waste of time that just makes life harder.
>
> >WEP security is enabled.
>
> Correction: WEP insecurity. WEP is so easily broken that it's
> essentially useless, just like SSID hiding, MAC filtering, and turning
> off DHCP..All you need is WPA or WPA2 with a strong passphrase.
Does that mean "select WAP rather than WEP for security mode"?
What would be a strong passphrase? digits and alphabets (lower and
upper case ) mixed?
>
> >The wired desktop and wireless laptop have no connection issues at all.
> > Despite the SSID being hidden, the laptop has had no problems
> >continually accessing the network over the past 3 weeks. This morning
> >I switched the Sony from wired to wireless and have had nothing but
> >problems with it. ...
>
> >Any suggestions would be appreciated. ...
>
> 1. Unhide the SSID.
> 2. Remove any MAC filtering.
> 3. Use DHCP instead of manual IP.
> 4. Troubleshoot with all security turned off
> 5. Then switch to WPA or WPA2 with a strong passphrase.
Good learning for me.
>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
> 5. Then switch to WPA or WPA2 with a strong passphrase.
What's the different between WPA Pre-Shared Key and WPA RADIUS? Which
one should I choose?
>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
> >I have a wireless network set up with the above computers on a cable
> >connection through Cox Communications. DHCP from the router is
> >disabled and all three computers have static IPs.
>
> Why? DHCP isn't a security issue, and manual IP is error-prone hassle.
>
I used static IP addresses because of the web server I'm running.
> >The SSID broadcast
> >is also disabled.
>
> Won't help security -- a waste of time that just makes life harder.
>
Good to know. I'll just leave it enabled.
> 1. Unhide the SSID.
> 2. Remove any MAC filtering.
> 3. Use DHCP instead of manual IP.
> 4. Troubleshoot with all security turned off
> 5. Then switch to WPA or WPA2 with a strong passphrase.
I made sure I didn't have any MAC filtering set up. I disabled all
security and instantly accessed the internet from all applications. I
enabled WPA security with a strong passphrase and still had access from
all applications. Odd...but sweet.
On 5 Aug 2006 18:30:20 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154827820.763233.309220@m79g2000cwm.googlegroups .com>:
>John Navas wrote:
>> Correction: WEP insecurity. WEP is so easily broken that it's
>> essentially useless, just like SSID hiding, MAC filtering, and turning
>> off DHCP..All you need is WPA or WPA2 with a strong passphrase.
>Does that mean "select WAP rather than WEP for security mode"?
Absolutely.
>What would be a strong passphrase? digits and alphabets (lower and
>upper case ) mixed?
I recommend diceware words (link in wikis below):
* For security that will stop most current attackers now, 20+ characters
are enough.
* For security good for our lifetimes, 34+ characters.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On 5 Aug 2006 18:34:33 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154828073.424906.181930@i42g2000cwa.googlegroups .com>:
>> 5. Then switch to WPA or WPA2 with a strong passphrase.
>
>What's the different between WPA Pre-Shared Key and WPA RADIUS? Which
>one should I choose?
Definitely use RADIUS if you have a RADIUS server. You probably don't,
so use PSK (pre-shared key) instead.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On 5 Aug 2006 21:57:18 -0700, spacemonkey485@yahoo.com wrote in
<1154840238.251651.294180@m79g2000cwm.googlegroups .com>:
>John,
>> Why? DHCP isn't a security issue, and manual IP is error-prone hassle.
>
>I used static IP addresses because of the web server I'm running.
Better DHCP servers can fix addresses for particular clients.
>> 1. Unhide the SSID.
>> 2. Remove any MAC filtering.
>> 3. Use DHCP instead of manual IP.
>> 4. Troubleshoot with all security turned off
>> 5. Then switch to WPA or WPA2 with a strong passphrase.
>
>I made sure I didn't have any MAC filtering set up. I disabled all
>security and instantly accessed the internet from all applications. I
>enabled WPA security with a strong passphrase and still had access from
>all applications. Odd...but sweet.
>
>Thanks for your help!
Glad it worked.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
>> 5. Then switch to WPA or WPA2 with a strong passphrase.
>
>What's the different between WPA Pre-Shared Key and WPA RADIUS? Which
>one should I choose?
WPA-PSK is "pre shared key". This is where you type in a >20
character encryption key into the router and all connecting devices.
A "strong passphrase" is one that you can't remember.
WPA-RADIUS is where you have a RADIUS server somewhere, that has a
database of user logins, passwords, MAC addresses, certificates, etc,
that are used to authorize user and authenticate the client using
802.1x authentication.
You probably want WPA-PSK or what Linksys calls "WPA Personal".
Jeff Liebermann wrote:
> "Amanda" <amanda772008@yahoo.com> hath wroth:
>
> >> 5. Then switch to WPA or WPA2 with a strong passphrase.
> >
> >What's the different between WPA Pre-Shared Key and WPA RADIUS? Which
> >one should I choose?
>
> WPA-PSK is "pre shared key". This is where you type in a >20
> character encryption key into the router and all connecting devices.
>
> A "strong passphrase" is one that you can't remember.
>
> WPA-RADIUS is where you have a RADIUS server somewhere, that has a
> database of user logins, passwords, MAC addresses, certificates, etc,
> that are used to authorize user and authenticate the client using
> 802.1x authentication.
>
> You probably want WPA-PSK or what Linksys calls "WPA Personal".
My linksys wireless router uses "WPA Pre-Shared Key". If I choose
that, I will have to create a key for "WPA Shared Key:" field, right?
On 6 Aug 2006 06:59:38 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154872778.289819.127200@h48g2000cwc.googlegroups .com>:
>Jeff Liebermann wrote:
>> You probably want WPA-PSK or what Linksys calls "WPA Personal".
That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is
"WPA Enterprise".
>My linksys wireless router uses "WPA Pre-Shared Key". If I choose
>that, I will have to create a key for "WPA Shared Key:" field, right?
Right. And diceware words are a good way to do that.
<http://world.std.com/~reinhold/diceware.html>
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas <spamfilter0@navasgroup.com> hath wroth:
>>> You probably want WPA-PSK or what Linksys calls "WPA Personal".
>
>That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is
>"WPA Enterprise".
That's because the Wi-Fi Alliance trademarked the terms WPA Personal,
WPA Enterprise, and such. IEEE802.11i-2004 calls it PSK but doesn't
even mention WPA. Even the acronym list doesn't mention WPA. The
Wi-Fi Alliance apparently licenses the use of the various trademarked
WPA and WPA2 terms: http://www.wi-fi.org/termsofuse.php (see trademarks section) http://www.wi-fi.org/brand_usage.php
On Sun, 06 Aug 2006 11:30:07 -0700, Jeff Liebermann
<jeffl@comix.santa-cruz.ca.us> wrote:
: John Navas <spamfilter0@navasgroup.com> hath wroth:
:
: >>> You probably want WPA-PSK or what Linksys calls "WPA Personal".
: >
: >That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is
: >"WPA Enterprise".
:
: That's because the Wi-Fi Alliance trademarked the terms WPA Personal,
: WPA Enterprise, and such. IEEE802.11i-2004 calls it PSK but doesn't
: even mention WPA. Even the acronym list doesn't mention WPA. The
: Wi-Fi Alliance apparently licenses the use of the various trademarked
: WPA and WPA2 terms:
: http://www.wi-fi.org/termsofuse.php (see trademarks section)
: http://www.wi-fi.org/brand_usage.php
To those of us of a certain age, "WPA" stands for "Works Progress
Administration", the makework program set up by Franklin Roosevelt to combat
the effects of the Great Herbert Clark Hoover Republican Depression of the
1930s. Unemployed laborers fixed roads, planted trees, spruced up national
parks, etc. Unemployed mathematicians were put to work calculating logarithms
by hand. Until the late 1950s, when computers started taking over such
calculations, the "WPA tables" were considered the most accurate and reliable
tables of logarithms ever published.
Robert Coe wrote:
> On Sun, 06 Aug 2006 11:30:07 -0700, Jeff Liebermann
> <jeffl@comix.santa-cruz.ca.us> wrote:
> : John Navas <spamfilter0@navasgroup.com> hath wroth:
> :
> : >>> You probably want WPA-PSK or what Linksys calls "WPA Personal".
> : >
> : >That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is
> : >"WPA Enterprise".
> :
> : That's because the Wi-Fi Alliance trademarked the terms WPA Personal,
> : WPA Enterprise, and such. IEEE802.11i-2004 calls it PSK but doesn't
> : even mention WPA. Even the acronym list doesn't mention WPA. The
> : Wi-Fi Alliance apparently licenses the use of the various trademarked
> : WPA and WPA2 terms:
> : http://www.wi-fi.org/termsofuse.php (see trademarks section)
> : http://www.wi-fi.org/brand_usage.php
>
> To those of us of a certain age, "WPA" stands for "Works Progress
> Administration", the makework program set up by Franklin Roosevelt
You shouldn't put the word *us* in there. You may be the only one.
>To those of us of a certain age, "WPA" stands for "Works Progress
>Administration", the makework program set up by Franklin Roosevelt to combat
>the effects of the Great Herbert Clark Hoover Republican Depression of the
>1930s.
I'm not that old. Herbert Hoover was elected President in Nov 1928
and took office in January 1929. The initial market crash was on Oct
24, 1929. Hoover must have really been busy during his first 10
months in office to do all that damage. There was much more happening
than the prez could possibly have caused: http://economist.com/displaystory.cfm?story_id=165701
However, I will admit that the Republicans controlled both houses
during the 1920's, until 1931, where the Democrats controlled just the
House, and 1933 where the Democrats controlled both.
>Unemployed laborers fixed roads, planted trees, spruced up national
>parks, etc. Unemployed mathematicians were put to work calculating logarithms
>by hand.
The old story is that the union representative was complaining to the
owner about the huge steam shovel that just put 100 men out of work.
The owner retorted with "why not 1000 men with teaspoons"? Progress
is a difficult genie to shove back into the bottle.
>Until the late 1950s, when computers started taking over such
>calculations, the "WPA tables" were considered the most accurate and reliable
>tables of logarithms ever published.
That's when a computer was someone that did computation. The trend
continued through WWII where rooms full of "computers" were employed
calculating artillery ballistics and bombsight tables. I've repaired
a few old mechanical calculators (Marchant, Monroe, Friden, Burroughs,
etc) that I first used to grind numbers in the early 1960's for a long
departed aircraft factory. Electronic computer? Whazzat?
John Navas wrote:
> On 6 Aug 2006 06:59:38 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
> <1154872778.289819.127200@h48g2000cwc.googlegroups .com>:
>
> >Jeff Liebermann wrote:
>
> >> You probably want WPA-PSK or what Linksys calls "WPA Personal".
>
> That's what the Wi-Fi Alliance calls it too. ;) The RADIUS version is
> "WPA Enterprise".
>
> >My linksys wireless router uses "WPA Pre-Shared Key". If I choose
> >that, I will have to create a key for "WPA Shared Key:" field, right?
>
> Right. And diceware words are a good way to do that.
> <http://world.std.com/~reinhold/diceware.html>
The site also has a link " If all you need right now is a login
password, click here".
It says, after the instruction,
"Such passwords are suitable for systems that limit the number of bad
login attempts an attacker can make and protect the file containing the
encrypted passwords (this is called password shadowing on Unix-based
systems). Unless you are sure this is the case pick a stronger password
following the advice below"
What it said "below" as referred to was
" We are not experts on Windows, but at least one source we found says
password hashes are not fully protected in Windows systems. If an
attacker obtains the password hash, they can test millions of trial
passwords in a matter of minutes. As a result, you should use a strong
passphrase or string random characters."
So, is a passphrase pr passphrase(s) the solution to every online log
in then?
If I have a strong passpharse for my wirelwess network, would it still
be necessary to create passphrase(s) for my online activities or are
the ones I created - different ones depending on the impoirtant of the
account which I didn't write down in English - enough?
Btw, if I want a guest to get onto my wireless network to use internet
via the guest's laptop, what is the procedure I need to do on that
laptop? Just enter "WPA Shared Key:" to give the guest access. I will
have to do it only once, right?
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On 7 Aug 2006 06:33:05 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154957585.144523.178440@h48g2000cwc.googlegroups .com>:
>John Navas wrote:
>> Right. And diceware words are a good way to do that.
>> <http://world.std.com/~reinhold/diceware.html>
>
>
>The site also has a link " If all you need right now is a login
>password, click here".
>It says, after the instruction,
>
>"Such passwords are suitable for systems that limit the number of bad
>login attempts an attacker can make and protect the file containing the
>encrypted passwords (this is called password shadowing on Unix-based
>systems). Unless you are sure this is the case pick a stronger password
>following the advice below"
That refers to a password of only 8 characters.
>What it said "below" as referred to was
>
>" We are not experts on Windows, but at least one source we found says
>password hashes are not fully protected in Windows systems. If an
>attacker obtains the password hash, they can test millions of trial
>passwords in a matter of minutes. As a result, you should use a strong
>passphrase or string random characters."
That refers to having Windows save entered passwords (e.g., for external
websites). To avoid any problem, don't have Windows save passwords.
I use and recommend Password Safe <http://passwordsafe.sourceforge.net/>
instead, both for generating and for saving. Originally created by
noted cryptographer Bruce Schneier of Counterpane Labs, Password Safe is
open source and free, and has been subjected to extensive peer review.
I use 14 random characters when I can, otherwise as many as possible,
and a different password for each different purpose.
>So, is a passphrase pr passphrase(s) the solution to every online log
>in then?
Strong passwords and passphrases are only as good as the rest of your
security. Again, that's why I use and recommend Password Safe.
>If I have a strong passpharse for my wirelwess network, would it still
>be necessary to create passphrase(s) for my online activities or are
>the ones I created - different ones depending on the impoirtant of the
>account which I didn't write down in English - enough?
If you're like most people, your current passwords and passphrases
aren't terribly good.
>Btw, if I want a guest to get onto my wireless network to use internet
>via the guest's laptop, what is the procedure I need to do on that
>laptop? Just enter "WPA Shared Key:" to give the guest access. I will
>have to do it only once, right?
Right. But that compromises your security. Ideally you want a
hotspot-type router that can give them controlled access to the Internet
without needing your wireless key and isolating them from your own
wireless and wired clients. The least expensive way to do that is with
third-party firmware in supported hardware like the Linksys WRT-54GL.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On 5 Aug 2006 18:34:33 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154828073.424906.181930@i42g2000cwa.googlegroups .com>:
>> 5. Then switch to WPA or WPA2 with a strong passphrase.
>
>What's the different between WPA Pre-Shared Key and WPA RADIUS? Which
>one should I choose?
Radiuz <http://radiuz.net/> is a free external RADIUS service.
I haven't used it myself, but I hear it works well.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
[..]
>
> >My linksys wireless router uses "WPA Pre-Shared Key". If I choose
> >that, I will have to create a key for "WPA Shared Key:" field, right?
>
> Right. And diceware words are a good way to do that.
> <http://world.std.com/~reinhold/diceware.html>
I'd like to get confirmation about something. If I have the DHCP from
the router enabled, the outside world sees only one static IP address
while each PC on the network would have different dynamic IP addresses,
right?
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 7 Aug 2006 06:33:05 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
> <1154957585.144523.178440@h48g2000cwc.googlegroups .com>:
>
> >John Navas wrote:
>
> >> Right. And diceware words are a good way to do that.
> >> <http://world.std.com/~reinhold/diceware.html>
> >
> >
> >The site also has a link " If all you need right now is a login
> >password, click here".
> >It says, after the instruction,
> >
> >"Such passwords are suitable for systems that limit the number of bad
> >login attempts an attacker can make and protect the file containing the
> >encrypted passwords (this is called password shadowing on Unix-based
> >systems). Unless you are sure this is the case pick a stronger password
> >following the advice below"
>
> That refers to a password of only 8 characters.
Which refers to a password of only 8 characters? You means the
passwords for systems that limit the number of bad login attempts?
>
> >What it said "below" as referred to was
> >
> >" We are not experts on Windows, but at least one source we found says
> >password hashes are not fully protected in Windows systems. If an
> >attacker obtains the password hash, they can test millions of trial
> >passwords in a matter of minutes. As a result, you should use a strong
> >passphrase or string random characters."
>
> That refers to having Windows save entered passwords (e.g., for external
> websites). To avoid any problem, don't have Windows save passwords.
> I use and recommend Password Safe <http://passwordsafe.sourceforge.net/>
> instead, both for generating and for saving. Originally created by
> noted cryptographer Bruce Schneier of Counterpane Labs, Password Safe is
> open source and free, and has been subjected to extensive peer review.
> I use 14 random characters when I can, otherwise as many as possible,
> and a different password for each different purpose.
>
> >So, is a passphrase pr passphrase(s) the solution to every online log
> >in then?
>
> Strong passwords and passphrases are only as good as the rest of your
> security. Again, that's why I use and recommend Password Safe.
I never let wondows save my passwords.
>
> >If I have a strong passpharse for my wirelwess network, would it still
> >be necessary to create passphrase(s) for my online activities or are
> >the ones I created - different ones depending on the impoirtant of the
> >account which I didn't write down in English - enough?
>
> If you're like most people, your current passwords and passphrases
> aren't terribly good.
I am not like most people:)- But I'll improve mine.
>
> >Btw, if I want a guest to get onto my wireless network to use internet
> >via the guest's laptop, what is the procedure I need to do on that
> >laptop? Just enter "WPA Shared Key:" to give the guest access. I will
> >have to do it only once, right?
>
> Right. But that compromises your security. Ideally you want a
> hotspot-type router that can give them controlled access to the Internet
> without needing your wireless key and isolating them from your own
> wireless and wired clients.
What of the guest is using his laptop given by his employer "Intel"? Am
a I safer assuming that his laptop has high security? The guest is
staying at my place temporarily.
> The least expensive way to do that is with third-party firmware in supported
> hardware like the Linksys WRT-54GL.
That third-party firmware is not supported in WRT 54G, right? What "L"
stands for in WRT-54GL.
>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On 7 Aug 2006 09:57:24 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154969844.540890.56550@i42g2000cwa.googlegroups. com>:
>I'd like to get confirmation about something. If I have the DHCP from
>the router enabled, the outside world sees only one static IP address
>while each PC on the network would have different dynamic IP addresses,
>right?
The outside world sees only one _public_ ("WAN" or "Internet") IP
address. The inside machines all have different _private_ IP ("LAN") IP
addresses. The router translates traffic between the one public IP
address and the private IP addresses so that all inside machines can
share that one public IP address, which may be either _static_
(unchanging) or (more often) _dynamic_ (changing).
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
On Sun, 06 Aug 2006 08:28:30 GMT John Navas <spamfilter0@navasgroup.com> wrote:
| I recommend diceware words (link in wikis below):
Which link?
Oh wait, you're one of those people that likes to send people on wild
goose chases.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-07-1237@ipal.net |
|------------------------------------/-------------------------------------|
On Sun, 06 Aug 2006 02:05:59 -0700 Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
| A "strong passphrase" is one that you can't remember.
I have a 27 character mixed case passphrase memorized. Does this mean
it is not strong?
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-07-1239@ipal.net |
|------------------------------------/-------------------------------------|
On Sun, 06 Aug 2006 16:35:04 -0400 Robert Coe <bob@1776.com> wrote:
| To those of us of a certain age, "WPA" stands for "Works Progress
| Administration", the makework program set up by Franklin Roosevelt to combat
| the effects of the Great Herbert Clark Hoover Republican Depression of the
| 1930s. Unemployed laborers fixed roads, planted trees, spruced up national
| parks, etc. Unemployed mathematicians were put to work calculating logarithms
| by hand. Until the late 1950s, when computers started taking over such
| calculations, the "WPA tables" were considered the most accurate and reliable
| tables of logarithms ever published.
Sounds like something we need today. But I guess we will have to wait
until there's a change in the White House, again.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-07-1242@ipal.net |
|------------------------------------/-------------------------------------|
On Sun, 06 Aug 2006 20:49:49 GMT Duane Arnold <"Do forget about it"@pleaedo.bet> wrote:
| Robert Coe wrote:
|> To those of us of a certain age, "WPA" stands for "Works Progress
|> Administration", the makework program set up by Franklin Roosevelt
|
| You shouldn't put the word *us* in there. You may be the only one.
Some of *us* were actually awake and paying attention in history class.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-08-07-1243@ipal.net |
|------------------------------------/-------------------------------------|
On 7 Aug 2006 10:04:25 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154970265.127366.90240@75g2000cwc.googlegroups.c om>:
>> >"Such passwords are suitable for systems that limit the number of bad
>> >login attempts an attacker can make and protect the file containing the
>> >encrypted passwords (this is called password shadowing on Unix-based
>> >systems). Unless you are sure this is the case pick a stronger password
>> >following the advice below"
>>
>> That refers to a password of only 8 characters.
>
>Which refers to a password of only 8 characters? You means the
>passwords for systems that limit the number of bad login attempts?
I misspoke -- that actually refers to a password made up of two (and
only two) diceware words joined by a special character, which could even
be as short as only 3 characters, on average about 9 characters, and
might have to be truncated to 8 characters, since that's a not uncommon
limit. Such short passwords are vulnerable to brute force attack, and
should only be used if the system limits the number of bad
authentication attempts. Otherwise the password should be longer and/or
more random.
>> If you're like most people, ...
>
>I am not like most people:)- ...
OK, OK. :)
>> >Btw, if I want a guest to get onto my wireless network to use internet
>> >via the guest's laptop, what is the procedure I need to do on that
>> >laptop? Just enter "WPA Shared Key:" to give the guest access. I will
>> >have to do it only once, right?
>>
>> Right. But that compromises your security. Ideally you want a
>> hotspot-type router that can give them controlled access to the Internet
>> without needing your wireless key and isolating them from your own
>> wireless and wired clients.
>
>What of the guest is using his laptop given by his employer "Intel"? Am
>a I safer assuming that his laptop has high security? The guest is
>staying at my place temporarily.
There are two different security issues:
1. Wireless security. His laptop might well have high security, but
when you give him your key, there's a risk that he might inadvertently
give it to someone else. There are a number of ways to deal with this:
(a) Change your passphrase after he leaves. This is the least you
should do.
(b) Use a hotspot-type router with different security zones, putting
him in a guest zone. Unfortunately, commercial hotspot routers are
typically much more expensive than commodity routers, which is why
I recommended the alternative of running third-party firmware in a
Linksys WRT54GL.
(c) Use external RADIUS authentication on your WLAN. Radiuz
<http://radiuz.net> is a free service that I haven't used myself but
reportedly works well. You can give create a special account for your
guest, and delete it when he leaves. This also works well with 1(b)
above.
2. LAN security. Even if he's a good fellow that won't misuse access to
computers on your LAN/WLAN, his computer might be unknowingly infected
with malware (virus, trojan, spyware) that could. Again, there are a
number of ways to deal with this:
(a) Secure your LAN. What to do is covered in the How To wiki below.
This is the least you should do.
(b) Use a hotspot-type router with different security zones, putting
him in a guest zone that can only access the Internet. See 1(b) above.
The solution I most often recommend to those on a tight budget is
third-party firmware in a Linksys WRT54GL, with either tinyPEAP
<http://www.tinypeap.com> or Radiuz (1(c)).
>> The least expensive way to do that is with third-party firmware in supported
>> hardware like the Linksys WRT-54GL.
>
>That third-party firmware is not supported in WRT 54G, right?
It is supported in some models, but poorly or not at all in other
models.
>What "L"
>stands for in WRT-54GL.
"L" is presumed to stand for Linux, the free open source operating
system used in some models of the WRT54G.
See <http://en.wikipedia.org/wiki/WRT54G> for more info.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 7 Aug 2006 10:04:25 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
> <1154970265.127366.90240@75g2000cwc.googlegroups.c om>:
>
> >> >"Such passwords are suitable for systems that limit the number of bad
> >> >login attempts an attacker can make and protect the file containing the
> >> >encrypted passwords (this is called password shadowing on Unix-based
> >> >systems). Unless you are sure this is the case pick a stronger password
> >> >following the advice below"
> >>
> >> That refers to a password of only 8 characters.
> >
> >Which refers to a password of only 8 characters? You means the
> >passwords for systems that limit the number of bad login attempts?
>
> I misspoke -- that actually refers to a password made up of two (and
> only two) diceware words joined by a special character, which could even
> be as short as only 3 characters, on average about 9 characters, and
> might have to be truncated to 8 characters, since that's a not uncommon
> limit. Such short passwords are vulnerable to brute force attack, and
> should only be used if the system limits the number of bad
> authentication attempts. Otherwise the password should be longer and/or
> more random.
I kind of though oyu emant for the psw made up of two dice words joined
by a special character. If I put a speical character in my own psw,
would it be the same as using 2 dice words? Of cousre, I will get the
other type ..in time.
>
> >> If you're like most people, ...
> >
> >I am not like most people:)- ...
>
> OK, OK. :)
:)-
>
> >> >Btw, if I want a guest to get onto my wireless network to use internet
> >> >via the guest's laptop, what is the procedure I need to do on that
> >> >laptop? Just enter "WPA Shared Key:" to give the guest access. I will
> >> >have to do it only once, right?
> >>
> >> Right. But that compromises your security. Ideally you want a
> >> hotspot-type router that can give them controlled access to the Internet
> >> without needing your wireless key and isolating them from your own
> >> wireless and wired clients.
> >
> >What of the guest is using his laptop given by his employer "Intel"? Am
> >a I safer assuming that his laptop has high security? The guest is
> >staying at my place temporarily.
>
> There are two different security issues:
>
> 1. Wireless security. His laptop might well have high security, but
> when you give him your key, there's a risk that he might inadvertently
> give it to someone else. There are a number of ways to deal with this:
>
> (a) Change your passphrase after he leaves. This is the least you
> should do.
Okay.
>
> (b) Use a hotspot-type router with different security zones, putting
> him in a guest zone. Unfortunately, commercial hotspot routers are
> typically much more expensive than commodity routers, which is why
> I recommended the alternative of running third-party firmware in a
> Linksys WRT54GL.
So I'll need a new router?
>
> (c) Use external RADIUS authentication on your WLAN. Radiuz
> <http://radiuz.net> is a free service that I haven't used myself but
> reportedly works well. You can give create a special account for your
> guest, and delete it when he leaves. This also works well with 1(b)
> above.
He is causing me more work. He needs to leave:)-
>
> 2. LAN security. Even if he's a good fellow that won't misuse access to
> computers on your LAN/WLAN, his computer might be unknowingly infected
> with malware (virus, trojan, spyware) that could. Again, there are a
> number of ways to deal with this:
>
> (a) Secure your LAN. What to do is covered in the How To wiki below.
> This is the least you should do.
god, lots of work. Thanks though. I will do it in time. For now, I'll
tell him to access the neighbor's weirless network. I have so many
other things to be doing:)-
>
> (b) Use a hotspot-type router with different security zones, putting
> him in a guest zone that can only access the Internet. See 1(b) above.
This seems the easiest or fastest or least amount of work, right? Btw,
if I give access key or no security on my wireless router, he can see
my hard drive, right? That's what I understood but when I asked him a
while back, he said "No". Did he lie?
>
> The solution I most often recommend to those on a tight budget is
> third-party firmware in a Linksys WRT54GL, with either tinyPEAP
> <http://www.tinypeap.com> or Radiuz (1(c)).
>
> >> The least expensive way to do that is with third-party firmware in supported
> >> hardware like the Linksys WRT-54GL.
> >
> >That third-party firmware is not supported in WRT 54G, right?
>
> It is supported in some models, but poorly or not at all in other
> models.
How do I find out whether mine is supported or not? Only by downloadign
ther sw and putting it?
>
> >What "L"
> >stands for in WRT-54GL.
>
> "L" is presumed to stand for Linux, the free open source operating
> system used in some models of the WRT54G.
I see. So without "L" in the model, if I have a PC with Linux, I won't
be a able to go online via the Linux box, do I? If so, I am "p***ed"
because the guy who suggested me to buy this router 2 years ago knew
that I was planning toput linux on the PC I was building - with minmum
stuff - but I put XP instead and gave it to my sister's to keep as a
spare visiting family members.
>
> See <http://en.wikipedia.org/wiki/WRT54G> for more info.
>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
John Navas wrote:
> On 7 Aug 2006 09:57:24 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
> <1154969844.540890.56550@i42g2000cwa.googlegroups. com>:
>
> >I'd like to get confirmation about something. If I have the DHCP from
> >the router enabled, the outside world sees only one static IP address
> >while each PC on the network would have different dynamic IP addresses,
> >right?
>
> The outside world sees only one _public_ ("WAN" or "Internet") IP
> address. The inside machines all have different _private_ IP ("LAN") IP
> addresses. The router translates traffic between the one public IP
> address and the private IP addresses so that all inside machines can
> share that one public IP address, which may be either _static_
> (unchanging) or (more often) _dynamic_ (changing).
Since I didn't buy a static IP address from ISP, I guess it would be
dynamic.
>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
> There are two different security issues:
>
> 1. Wireless security. His laptop might well have high security, but
> when you give him your key, there's a risk that he might inadvertently
> give it to someone else. There are a number of ways to deal with this:
>
> (a) Change your passphrase after he leaves. This is the least you
> should do.
BTW, what I'll type it in for him instead of giving it to him. I'll
definitely change after he leaves.
Linksys home network problems 