Questions about security on my wireless router
pcnerd
Contributor - Level 3

I have a MI424WR router. I want to increase the security. I tried to change it from WEP to WPA2, but a tech told me that Verizon doesn't support WPA or WPA2.

First question-

I want to enable MAC filtering. I did "ipconfig /all" & found the MAC address of my laptop & my netbook. When I enter those MAC addresses & enable MAC filtering, I can't get on the internet. However, when I disable the MAC filtering, I have no problem getting on the internet. What's going on? Please give me the step-by-step instructions for successfully enabling MAC filtering.

Second question-

I want to manually enter the WEP key every time that I want to get on the internet. The way that it is set up now, the WEP key is automatically entered, so all I (or anybody within range of my router) have to do is click "OK". I don't like that. I've played around with settings & I can get it to show a blank text box, but the next time that I want to get on the internet, the WEP key is automatically entered. Please give me the step-by-step instructions to change it so that I have to manually enter the WEP key every time.

Third question-

I can choose Hex or ASCII for passwords. If I choose ASCII, can I use all of the printable characters? Are certain printable characters forbidden?

Thank you.

David

0 Likes
Reply
11 Replies
viafax999
Community Leader
Community Leader

I have a MI424WR router. I want to increase the security. I tried to change it from WEP to WPA2, but a tech told me that Verizon doesn't support WPA or WPA2.

So what.  Change it and it works.  They just won't support it if you have an issue, if you do just change it back to wep before you call them

First question-

I want to enable MAC filtering. I did "ipconfig /all" & found the MAC address of my laptop & my netbook. When I enter those MAC addresses & enable MAC filtering, I can't get on the internet. However, when I disable the MAC filtering, I have no problem getting on the internet. What's going on? Please give me the step-by-step instructions for successfully enabling MAC filtering.

It would appear that you have set the the mac filtering mode to Deny, you need to set the MAC filtering mode to Allow

Second question-

I want to manually enter the WEP key every time that I want to get on the internet. The way that it is set up now, the WEP key is automatically entered, so all I (or anybody within range of my router) have to do is click "OK". I don't like that. I've played around with settings & I can get it to show a blank text box, but the next time that I want to get on the internet, the WEP key is automatically entered. Please give me the step-by-step instructions to change it so that I have to manually enter the WEP key every time.

Not sure why anyone would always want to enter the wep, sure it would get very trying in a hurry.

The wep key is only stored on the machines that have connected.  The first time you try to connect from a new machine you have to enter the key and then it is held for that connection.  That means that anyone in range would have to know your wep key in order to connect.

That being said WEP takes about 2 minutes to hack which is why you should change to WPA2 and the use the longest pass phrase you can remember.

I'm afraid I don't know how to change the connection settings on your client machines to always request the key but maybe someone else can help you with that.

If you are going to carry on using WEP you should at least change the SSID and wep key and also set the router to not broadcast the ssid.

Third question-

I can choose Hex or ASCII for passwords. If I choose ASCII, can I use all of the printable characters? Are certain printable characters forbidden?

Try it, if it doesn't like it it will tell you else it will produce a key

.

0 Likes
Reply
pcnerd
Contributor - Level 3

The wep key is only stored on the machines that have connected.  The first time you try to connect from a new machine you have to enter the key and then it is held for that connection.  That means that anyone in range would have to know your wep key in order to connect.

Please elaborate. I don't want anybody surfing the internet on my wireless connection. By "connected" do you mean by LAN cable?

The way that it is set up now, the WEP key is automatically displayed(encrypted), so all I (or anybody within range of my router) have to do is click "OK".

I live in an apartment. When Windows displays all of the wireless connections, there are a bunch of them. So, all a neighbor has to do is choose my SSID & the WEP key is displayed(encrypted) & click "OK" & be surfing the internet on my wireless connection. I don't like that.

I'm afraid I don't know how to change the connection settings on your client machines to always request the key but maybe someone else can help you with that.

Do you know of someone who can help me?

I got the MAC filtering working. I tried the same thing last time & I couldn't get on the internet.

Thank you.

0 Likes
Reply
JKennedy
Enthusiast - Level 3

I think you're over thinking it.  A lot.

No one sees your WEP key unless they're entered it on their PC and they would have had to have gotten it from you or off your router.  I see several neighbors SSID but they're using WEP so while I can try to connect, I can't without the WEP key.

If you think someone has gotten it, change it and only enter it on your personal PC's.  They'll connect automatically but that has nothing to do with anyone else.

As was already suggested, you can tell it not to broadcast your SSID so yours won't be seen by others.  Look for something like "Radio Enabled" in association with your SSID.  Look in Advanced Security Settings.  If someone doesn't know your SSID and they can't see it, they can't connect to it.

It's simple and basic security that honestly, can be hacked if someone really knows how and wants to, but these days, why hack someones network when so many are available that are not protected.  However, 99.9999% of people won't have a clue how to get on your network.

BTW, I'm not sure in what context you're asking the other person about "connected" but the entire discussion applies to wireless connections, not wired.  If you have wired connections, obviously none of this is relevant to them.

0 Likes
Reply
pcnerd
Contributor - Level 3

I'm still confused. I turned off the SSID & when I clicked on "Connect to" (I have Vista on my laptop.) I saw "unnamed network". I clicked on that & it asked for a name & I put in a name that I had previously entered & it connected. I think the light is dawning! When I originally set up the network, I gave the SSID of "MINE NOT YOURS!". When I delete the SSID, the router complains & tells me that the SSID has to be 1 to 32 characters. When I click on "Connect to" I see "MINE NOT YOURS!" & "unnamed network". When I go to "manage networks", I see "MINE NOT YOURS!" & "unnamed network". I delete "MINE NOT YOURS!" but the next time I click on "Connect To", "MINE NOT YOURS!" is back! What is going on?

0 Likes
Reply
viafax999
Community Leader
Community Leader

@pcnerd wrote:

I'm still confused. I turned off the SSID & when I clicked on "Connect to" (I have Vista on my laptop.) I saw "unnamed network". I clicked on that & it asked for a name & I put in a name that I had previously entered & it connected. I think the light is dawning! When I originally set up the network, I gave the SSID of "MINE NOT YOURS!". When I delete the SSID, the router complains & tells me that the SSID has to be 1 to 32 characters. When I click on "Connect to" I see "MINE NOT YOURS!" & "unnamed network". When I go to "manage networks", I see "MINE NOT YOURS!" & "unnamed network". I delete "MINE NOT YOURS!" but the next time I click on "Connect To", "MINE NOT YOURS!" is back! What is going on?


When I delete the SSID, the router complains & tells me that the SSID has to be 1 to 32 characters.

You cannot DELETE the ssid on the router, it has to have some sort of name.  You can disable broadcast of the ssid, see below.

I delete "MINE NOT YOURS!" but the next time I click on "Connect To", "MINE NOT YOURS!" is back

You are deleting the network connection on your laptop, not the router.  it will reappear when you select connect to.

When SSID Broadcast is enabled, it means that any computer or wireless device using the SSID of "Any" can see your Router. To prevent this from happening, disable the SSID broadcast so that only those Wireless devices with your SSID can access your Router.

That means that to join your network "mine not yours" a user would specifically have to enter that ssid in a request to join another (unseen) network and would then have to enter the wep key for that network.

You state

I live in an apartment. When Windows displays all of the wireless connections, there are a bunch of them. So, all a neighbor has to do is choose my SSID & the WEP key is displayed(encrypted) & click "OK" & be surfing the internet on my wireless connection. I don't like that

Yes, Windows displays all the connections (at least all that have not DISABLED ssid broadcast) however it DOES NOT DISPLAY A WEP KEY.

If you are convinced that it does you should attempt to connect to one of the visible neighbour's connections and see what happens - NOTE if the neighbour's connection says unsecured ite means they are NOT using a key and YOU WILL BE ABLE  to connect

Personally the first thing I did was change the ssid, disabled broadcast and changed the security to wpa2.  I think you might want to do all that too and you'll find it meets all your needs except for having to enter the key every time.  You can make the wpa2 key up to 63 characters or 64 if using hex (a-f and 0-9 only) which would leave a lot of room for error if you had to enter it every time.

NOTE that you can only use WPA or WPA2 if your client station wireless nics support it.

0 Likes
Reply
jumpin68ny
Master - Level 2

MAC filtering is useless.  Anyone with any wireless sniffer can view your MAC address and spoof the MAC address.  Its easier to hack than WEP.  

Like someone suggested, even though VZ does NOT support WEP, change it to WPA-PSK.  The only time it will be an issue is if you call Verizon to assist with a wireless LAN issue.  

pcnerd
Contributor - Level 3

Like someone suggested, even though VZ does NOT support WEP, change it to WPA-PSK.  The only time it will be an issue is if you call Verizon to assist with a wireless LAN issue.

For encryption algorithm, I have a choice of TKIP and AES or AES. right now TKIP and AES is selected. What's the difference? Is TKIP & AES more secure than AES alone? Isn't AES a military encryption standard?

What's the maximum number of ASCII characters in the pre-shared key? Likewise, what is the maximum number of Hex characters?

What is a group key update interval? Right now it is set at 900 seconds. Is there any advantage to increasing or decreasing the interval period?

0 Likes
Reply
viafax999
Community Leader
Community Leader

@pcnerd wrote:

Like someone suggested, even though VZ does NOT support WEP, change it to WPA-PSK.  The only time it will be an issue is if you call Verizon to assist with a wireless LAN issue.

For encryption algorithm, I have a choice of TKIP and AES or AES. right now TKIP and AES is selected. What's the difference? Is TKIP & AES more secure than AES alone? Isn't AES a military encryption standard?

What's the maximum number of ASCII characters in the pre-shared key? Likewise, what is the maximum number of Hex characters?

What is a group key update interval? Right now it is set at 900 seconds. Is there any advantage to increasing or decreasing the interval period?


 

 

 

 

11.3.5.1.1 Authentication Method—Pre-Shared Key
If you select Pre-Shared key as the authentication method for WPA, the following screen will appear. Configuring
Pre-Shared Key in the Router allows devices that know the pre-shared key to connect to the Router.
NOTE: A WPA pre-shared key is treated as either a string of text (ASCII) characters or a set of
hexadecimal (Hex) characters. The key can be either 8 to 63 text (ASCII) characters or 64 hexadecimal
(Hex) characters. The only allowable hexadecimal characters are: 0-9 and A-F.
To configure the WPA Pre-Shared Key, do the following:
1. Select the string type (ASCII or HEX) in the Pre-Shared Key drop-down list.
2. Enter the desired pre-shared key values in the field provided.
3. Select the desired option from the Encryptoin Algorithm drop-down list.
• TKIP: Select this option to enable the Temporal Key Integrity Protocol for data encryption.
• AES: Select this option to enable the Advanced Encryption Standard for data encryption.
• TKIP and AES: Select this option to enable the Router to accept TKIP and AES encryption.

If you google TKIP an/or AES you can find a complete description of what are and what they do.

I have no idea what the group key update interval is as it's purpose is not documented in the user manual.

The router user manuals are available on the internet in PDF format and can be downloaded and saved on your local system

0 Likes
Reply
jumpin68ny
Master - Level 2
TKIP and AES provide the encryption. TKIP is first gen and will eventually phased out. AES is a stronger encryption method and I suggest you choose this option as long as your wireless device supports it. Most newer laptops/wireless LAN devices support AES. If you don't see AES in your wireless device then choose TKIP. I'm not sure of the max number of characters for the pre-shared key. As someone wrote I think its 8-64 for ASCII. Not sure why you would want to use HEX. Its quite cumbersome. Remember that once you enter the PSK into a wireless device you won't need to enter again. It stays in the wireless device configuration. Unless you want to do a lot of typing I suggest you use the ASCII vs. HEX. This way if you add a new device on your wireless network all you have to do is type in the key and not have to type in some long hex key. The group key interval which should be left at default is the amount of time a new key is generated between the wireless router and the wireless device. Every 900 seconds they exchange their key and if successful will maintain the wireless connection. If it doesn't match then it will drop the connection. I would leave it. Lowering it will add additional overhead to your wireless connection. I hope this helps.
0 Likes
Reply
pcnerd
Contributor - Level 3

Thanks for your help. This is my first experience with a wireless network. Couldn't you tell?

I want to change the user name & password on my router. Do you happen to know what the maximum number of characters are for the user name & password? Can I use Hex or ASCII?

0 Likes
Reply
jumpin68ny
Master - Level 2
All passwords must be in ascii. It looks like you can add at least 30 characters. Not sure why you would want to go that high. The only people that can access your router would be from your local network. If you enable remote administration then maybe you would want to make it longer. If that is the case my suggestion is to include some letters, numbers and special characters such as !@ or %.
0 Likes
Reply