wpa ....

Ok i have a client, that has a network with about 5 clients...

None of the shares are open, you have to have an account on the server to
access the files....

Ok, I set up wpa, but the network drives and everything just wasnt very
stable.....They use software whereas all the data is shared via a network
drive, and sometimes they would open up the software, and get an error that
the data folders were unavailable....

So I switched back to WEP, and everything is fine...

but of course, not very secure...

Should I trust the fact that you cant access the files, without having
"permissions"...

or try wpa again with different settings?

On Sun, 09 Oct 2005 07:42:39 GMT, "paranoid" <none@noneya.com> wrote:

>Ok i have a client, that has a network with about 5 clients...
>
>None of the shares are open, you have to have an account on the server to
>access the files....
>
>Ok, I set up wpa, but the network drives and everything just wasnt very
>stable.....

I guess that means a bad connection. WPA is exactly the same as WEP
encryption except for the key exchange mechanism. If it's "stable"
with WEP, it should be exactly the same with WPA. Something else is
going on.

>They use software whereas all the data is shared via a network
>drive, and sometimes they would open up the software, and get an error that
>the data folders were unavailable....
>
>So I switched back to WEP, and everything is fine...

It should be like that. If WEP works, so should WPA. What *ELSE* are
you changing when you switch between WEP and WPA? Is it just one of
the five wireless clients or all of them?

>but of course, not very secure...
>
>Should I trust the fact that you cant access the files, without having
>"permissions"...

No. The risk is that someone will extract the WEP key and start
sniffing your network. Your unspecified Windoze security system may
be fairly secure as to keeping people from accessing the shares, but
they can still sniff the traffic and extract juicy morsels from the
captured traffic.

>or try wpa again with different settings?

I would try again with WPA. I would also verify that you have a
decent RF connection and are not losing packets. While you're at it,
could I trouble you for some clue as to your wireless hardware?

If you are stuck with WEP because of ancient client hardware and
drivers (as some of my customers are), then you might look into using
a VPN to secure the connection. At that point, you could run an open
system with no encryption, but require that the client connect and
authenticate with the VPN server before being able to do anything
useful. All the traffic would be encrypted inside the VPN tunnel.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:a2fik11v48aocmhg1s7kocld350seortbu@4ax.com...
> On Sun, 09 Oct 2005 07:42:39 GMT, "paranoid" <none@noneya.com> wrote:
>
>>Ok i have a client, that has a network with about 5 clients...
>>
>>None of the shares are open, you have to have an account on the server to
>>access the files....
>>
>>Ok, I set up wpa, but the network drives and everything just wasnt very
>>stable.....
>
> I guess that means a bad connection. WPA is exactly the same as WEP
> encryption except for the key exchange mechanism. If it's "stable"
> with WEP, it should be exactly the same with WPA. Something else is
> going on.
>
>>They use software whereas all the data is shared via a network
>>drive, and sometimes they would open up the software, and get an error
>>that
>>the data folders were unavailable....
>>
>>So I switched back to WEP, and everything is fine...


>
> It should be like that. If WEP works, so should WPA. What *ELSE* are
> you changing when you switch between WEP and WPA? Is it just one of
> the five wireless clients or all of them?

I changed all of them....



>
>>but of course, not very secure...
>>
>>Should I trust the fact that you cant access the files, without having
>>"permissions"...
>
> No. The risk is that someone will extract the WEP key and start
> sniffing your network. Your unspecified Windoze security system may
> be fairly secure as to keeping people from accessing the shares, but
> they can still sniff the traffic and extract juicy morsels from the
> captured traffic.
>
>>or try wpa again with different settings?
>
> I would try again with WPA. I would also verify that you have a
> decent RF connection and are not losing packets. While you're at it,
> could I trouble you for some clue as to your wireless hardware?

Netgear router, linksys cards...


>
> If you are stuck with WEP because of ancient client hardware and
> drivers (as some of my customers are), then you might look into using
> a VPN to secure the connection. At that point, you could run an open
> system with no encryption, but require that the client connect and
> authenticate with the VPN server before being able to do anything
> useful. All the traffic would be encrypted inside the VPN tunnel.
>
>
> --

I could do that....I think Ill try the WPA again...


831-336-2558

Related question, about security: I am about to try the WPA (have been
using WEP from the start), however, does anyone have an idea how bad
key extraction is WEP wise? I agree that there will be a few hackers
doing war driving and perhaps extracting packets from the air,
especially in or near college towns, but in suburbia and rural areas,
is this a rampant problem? I agree that in the future this problem
will get worse.... My own personal experience driving around my
neigborhood with my laptop on and Netstumbler running shows that there
are many people have "unsecured" wifi network with the SSID still
showing "default" !

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <1128969401.763068.248160@g44g2000cwa.googlegroups .com> on 10 Oct 2005
11:36:41 -0700, "cmdrdata" <cmdrdata@mail.com> wrote:

>Related question, about security: I am about to try the WPA (have been
>using WEP from the start), however, does anyone have an idea how bad
>key extraction is WEP wise? I agree that there will be a few hackers
>doing war driving and perhaps extracting packets from the air,
>especially in or near college towns, but in suburbia and rural areas,
>is this a rampant problem? ...

Unfortunately, many kids love this sort of thing.

--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>

On 10 Oct 2005 11:36:41 -0700, "cmdrdata" <cmdrdata@mail.com> wrote:

>My own personal experience driving around my
>neigborhood with my laptop on and Netstumbler running shows that there
>are many people have "unsecured" wifi network with the SSID still
>showing "default" !

This may be true for the average clueless home user that is unable or
unwilling to configure their own hardware. I don't blame them as the
buzzword learning curve for wireless security is rather steep. I
still don't know all the various modes and options for WPA-2
authentication. I do blame the manufacturers for shipping routers
that are insecure out of the box. These manufacturers also suggest on
their advertising that the routers are secure, but don't mention that
they are insecure on arrival. I would be much happier if Netgear,
Linksys, Belkin, and Dlink followed the example of 2Wire.com and
shipped their wireless devices pre-configured to be secure.

Also, don't assume that if Netstumbler declares the access point to be
unencrypted that it's not properly secured. See:
| http://groups.google.com/group/alt.i...d9aab9aaeab11f
for my recent rant on the subject.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <jf9mk1lao0aemjojgn5trgbdgijgsdke7l@4ax.com> on Mon, 10 Oct 2005 19:43:49
-0700, Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

>Also, don't assume that if Netstumbler declares the access point to be
>unencrypted that it's not properly secured. See:
>| http://groups.google.com/group/alt.i...d9aab9aaeab11f
>for my recent rant on the subject.

In which you write:

While I'm ranting on security, I have a really bad attitude about
security by group rather than by individual. Having a common WEP or
WPA key for a system is rediculous. The chances of social engineering
or simple theft causing the key to leak out is far to risky to even
consider WEP or WPA a useable security mechanism. Would you trust
your co-worker with *YOUR* system passwords? Encryption should be
individualized so that a leak or security breach by one person does
not compromise the rest of the users or the rest of the system.

I very strongly second that!

--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>