NancyB <NancyB.2xk5w3@no-mx.wirelessforums.org> hath wroth:
>Hello, everyone. This is my first time in a forum. The reason I'm here
>is due to a rather heated discussion I had this evening with my teenage
>son.
With teenagers, it's either dead silence, or a heated discussion.
Nothing in between. He's normal.
>I just purchased a new Dell desktop and was configuring the
>Netgear router.
Model numbers? Operating system?
Check the Netgear site for firmware updates to the router.
>I have learned that WPA is more secure than WEP, so
>that's what I set it for.
Close. WEP is a giant gapeing security hole that is completely
useless for protecting a wireless network. WPA is still quite safe.
>My son informed me that the last time I did
>this, it ruined his gaming experience on his Alien gaming computer (both
>computers run XP Home, SP2). He says that even having it on WEP slows
>and even halts some of his games and causes "problems" with his
>computer.
WEP and WPA encryption will slow down a wireless connection about
10-15% as compared to unencrypted. Most users don't even notice it. I
get that much variation in test results when I run benchmarks. Point
him to Iperf:
<http://dast.nlanr.net/Projects/Iperf/>
and have him supply numbers for with and without encryption. If
there's a huge difference, something else might be happening. Out of
date firmware on the router could easily be a problem.
>He claims that no one can tap into our computers since they
>don't have the password to the router,
Wrong. That will only stop someone from reconfiguring the router. It
will not stop someone from using the wireless to connect to your
network, and eventually dive into his computer. If he has a personal
firewall running on his XP machine, then he's probably fairly safe.
However, my experience with gamers is that he's probably got a dozen
"holes" (IP ports that are forwarded) in his Windoze Firewall in order
to make this or that game work. If he's a speed freak, he probably
has the firewall disabled as that also eats a few CPU cycles.
>adding that they haven't been
>able to hack into our computers in the two years that we've had no
>secure encryption.
The issue is really why anyone would want to attack his computer or
your network. The reason he hasn't been broken into is that there's
nothing worth stealing on his machine. Also, most of the wireless
"tourists" aren't really interested in breaking into his machine. They
just want free internet access and want to use your wireless to get to
the internet. There's nothing wrong with that but it does carry a
risk. If they have a machine that's infected with a virus or worm,
you risk getting your machines infected, or the wrath of the ISP for
excessive traffic or becoming a source of spam. At the very least,
you should know who is borrowing your internet connection. In your
case, the security should not necessarily be to keep the evil bad guys
(like me) out of your system, but rather to make sure it doesn't get
abused.
>And even if they did, they couldn't get into his
>computer (he said my computer, which is directly connected to the
>internet, would be safe).
Not directly. Both your machines should be connected through the
router. Directly connected implies no router. Hopefully, that's not
the case.
>He showed me the routers in the area that we
>can tap into and noted that we can't get into their computers.
If they're running a personal firewall, that's true. However, simply
trying to test for open shares is not my idea of a proper security
test. There are exploits ranging from denial of service, crashing the
target computer, and sniffing traffic, that can be a problem without
getting access.
>Please
>help. If I truly need WPA, how can I configure it so that it won't
>cause problems on my son's computer?
Dunno. If WPA really does slow things down, there's something broken
or misconfigured. I can't tell from here or without lots of details.
Incidentally, most teenagers are into file sharing, which turns his
machine into a server. They tend to forget about this and wonder why
their machine is running slow. If he's going to complain about speed,
make sure he's got all his "servers" turned off when testing.
>Somehow, I think he's wrong about
>people not being able to hack into our computers.
No, he's close but for the wrong reason. Simple security measures
will stop most of the casual tourists and hackers. However, once
anyone can connect to your inside LAN (thus bypassing the firewall in
the router), there are quite a number of things that can be done. It's
best to keep unwanted users out of your network through proper
encryption, than to risk a suprise.
>I know a lot about
>computers, can take them apart, etc., but wireless issues are rather
>foreign to me.
Wireless is encapsulated ethernet. Anything you can do on an ethernet
switch or hub, you can do with wireless. You wouldn't want strangers
plugging into your ethernet switch. I see no reason to do the same
via wireless.
>Thanks for any help you can provide. I'll eat dirt if
>I'm wrong! I do tend to be overcautious. :confused:
Evaluate the risks. There are plenty of wide open home systems where
nothing overt ever happens. It really depends on the neighborhood,
neighbors, and how well you have the machines secured. I run a
neighborhood LAN with a mess of users borrowing the bandwidth. It's
not a problem because I monitor the traffic and limit access to those
users and machines that I know about. I tried it with a wide open
system for a few days and was blessed with a neighbor that just
couldn't keep the worms and viruses off his laptop.
--
Jeff Liebermann
jeffl@cruzio.com
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Re: WEP / WPA problems 
Linear Mode
