04-22-2009 11:48 AM
We have a network with the following components:
2-Netgear FVS338 VPN Router
3-Linksys WRT54G V6 serving as a wireless access point
4-Linksys WRT160N serving also as a wireless access point
5-Linksys RTP300 VOIP Vonage phone interface
Both the WAP's use WPA Personal-TKIP.
I have a Linksys Wireless Media Adapter that I can use to play
music, view pictures, etc on a TV. It currently is connected
via CAT5 into the Netgear VPN router and is only in 802.11B mode.
I would like to move this adapter upstairs to my wife's TV/theater
so she can listen to music and show off the grandchildrens' photos
to anyone who will watch. (The music and photos are stored on
one of the wirelessly connected computers). I don't want to
run a wire up to her TV area, so will use the wireless feature of
the media adapter. The problem is the `media adapter only can
connect wirelessly using WEP - which because of my wife's business
is not acceptable. She has client confidential data on this network, and
to change all wireless to WEP will pose an unnecessary security
I am proposing to her the following: I have a Linksys WRT54G V2 router
that is running TOMATO firmware. This is currently an experimental
unit that I work with to learn more about alternate firmware,
and is not connected to the network. I would set up this router to
be connected to the Netgear VPN router as a WAP and
use WEP access and MAC address verification so that only the media
adapter would be able to access the network and no one else could.
Does this sound reasonable and Will it work? What am I getting myself into here?
Your suggestions, criticisms are welcome.
04-23-2009 12:58 AM
Yes, it will work. But it will degrade your network's wireless security to the level of WEP ( = almost zero security). Adding MAC address filtering will only help slightly. MAC addresses are sent out unencrypted so they can easily be seen, and faked by an intruder.
Your network is only as secure as your weakest link (which would be WEP). If someone fakes a working MAC address, and logs on the the WRT54G v2 using WEP, they can potentially see all the data on your wired LAN, which is unencrypted even though the WAPs are using WPA.
Ideally you would run an ethernet cable to your wife's TV/theater. If you cannot do this, consider getting a pair of powerline adapters, such as the PLK300. Note that powerline adapters must be connected to circuits that are on the "same side" (right or left side) of your electrical box.
The best solution might be to get a new media adapter, one that is capable of WPA2, or at least WPA.
04-23-2009 04:00 PM - edited 04-23-2009 04:01 PM
Oh come on. If you think people are running around in cars breaking WEP security so they can jump on someones network... well it's just not happening. There has never been a documented case of anyone in a neighborhood having their "code" broken, and gaining access to their computers.
Sure WEP can be broken but nobody cares and nobody is doing it. Hackers broke WEP, hackers have broken WPA and WPA2 also. It just fun for them that's all.
WEP is fine for home use, period.
04-23-2009 04:54 PM
04-23-2009 10:58 PM
To Mr toomanydonuts:
Am I understanding you correctly in that all wireless routers will revert to WEP if only one is configured for WEP and trhe others remain WPA ?
If I did not state it clearly, the two routers/wap will retain WPA security, while the additional one will be added with WEP and MAC security.
AS for the area I live in, I am in a new development with only 4 other houses around me and at the end of a cul-de-sac. Anyone driving a vehicle would not be able to just pass by. The other side of me is farmland for nearly a mile to the nearest road.
Since I am running TOMATO firmware, there is a setting that will allow me to "tune" the power output of the device so that I could possibly turn down the power to a minimum so that the signal doesn't extend as far. (I am not sure about this, as I have done no extensoive testing of this feature of TOMATO.
04-24-2009 12:53 AM
When you run one WAP with WEP encryption, your other WAPs will continue to use WPA encryption. However, keep in mind that only the wireless portion of your LAN is encrypted. All wired signals on your LAN travel unencrypted. Once a hacker breaks into the WRT54G v2 using a fake MAC address and WEP, then the hacker has gained access to the wired portion of your LAN. The wired portion of your LAN, that is, the signal that passes through the LAN portion of your Netgear router, and through the ethernet wires to your WAPs, travels totally unencrypted.
In your first post you said about your wife "She has client confidential data on this network." When you work with confidential data, I believe that you should be using "business class" encryption, and to me, this excludes WEP. No business in their right mind would use WEP for protection of confidential data. You should be using WPA2, or at least WPA encryption.
Tools for cracking WEP are readily available on the Internet. It takes about 5 minutes.