I've avoided wifi until now because I'm pretty sure that I read somewhere of security problems with it; it's now probably time to bite the bullet, however . I've read the wifi-wiki, but would like to get hold of some more up-to-date info on security aspects before jumping in the deep end. Could anyone point me to a suitable source, please? Thanks.


[moved from Hardware by spinynorman]

WEP had security problems, WPA is much better. I've never had any problems and I've been using it for years now.

ditto.

There are two sides of WiFi security: security of your transmitted data, and security of your network against intruders. As Ian said, WPA encrypts your data quite reliably, and if you are not an international spy, you don't need to worry about this.

Having said that, it is wise to disable SSID broadcast (this will make your network invisible) and filter MAC access to your network, to avoid unauthorized access. Even WEP will do in most cases, unless of course your next door neighbor is a hacker. After all, if you walk along the street, you will always find an unprotected network, which is a much easier target.

Yep, agree with coverup it is better to disable broadcasting it and using mac filtering to make it more harder. I cannot disable broadcasting of the SSID because if I do this none of my machines will connect unfortunately. So I use the mac address filtering also to make it more difficult.

I use only WEP-encryption with MAC-filtering for over three years now and it works fine for me. Never a problem.
Therefore i had only MAC-filtering.

Agree.

Having worked in the computer security field for a short time (approx. 4 years, but as a Co-op/Intern - I know, it doesn't mean much!), I'm going to have to go ahead and disagree with you there. People like to call this "security through obscurity" - and it's really not that secure. Personally, if you are going to use anything use WPA. It doesn't take a hacker to break WEP, it just takes someone with the right hardware and a piece of software that's freely available. And yes, if we're talking about your little leecher who's just looking for free web, he'll bypass you and move on to an open network. But if, for some reason, someone is targeting you or looking to get some of your personal data (bank info, passwords, things like that), WEP will not do.

Thanks to you all for the info. Wifi is now on the critical path because the wife has just bought a new box and wants it like...yesterday . Just a couple more points, therefore:
WRT disabling SSID, I've just read a wiki @ http://en.wikipedia.org/wiki/SSID, which tends to disagree with this. Being a beginner in this field, I'm somewhat confused; could one of you give me some more details, please?
Also: is mac-filtering achieved in the wireless-adapter and, if so, is it a standard feature of all/most devices or do only certain ones have the facility?

MAC filtering is set up on the wifi access point/router. You allow what mac addresses you want to connect, and then deny all others. However, you still need WPA protection, because someone could clone and use your MAC address easily enough.

I leave my SSID enabled, as mentioned before, I cannot connect if it's disabled.

Disabling SSID broadcast does not make the network more secure. But it does stop a 12-year old neighbor who got a new laptop on Christmas ("Look, it is pink!") from attempting to connect to your router. If Windows does not see your network, they won't see it either!

Before you buy a WiFi router/access point, check its tech specs on the web. I have a good experience with Dlink, their firewalls are sufficiently rich in features for a basic home use.

I want to connect 3 machines to a DSL modem; 2 via cable and one via wifi. Could you comment on the suitability of either/both of these units?
D-Link DWL-922 Wireless router
D-Link DKT-110 Wireless router
Thanks

They are OK, although I bought a Netgear DG834-GT which is nice also and I know it works 100% in the UK - it is also a wireless router with 4 x ethernet ports. I did buy a Linksys one once and I bought the wrong one because it was for cable or PPPOE connections.

You have to be careful, because the router if it is going to provide your connection to the internet, will need to be PPPOA if you are using ADSL from a telephone line such as BT, etc. I don't know for sure about the DKT-110 because it mentions it is "cable" which means it's likely to be PPPOE which will not work for you on a BT phone line. I'm also unsure if the DKT-110 has 1 ethernet port or 4, because it's not clearly stated - at least on DABS website anyhow. The same for the DWL-922 on DLINK's website. It also mentions cable, which makes me think it is PPPOE. Just wanted to let you know so that you don't make the same mistake that I did with the Linksys!!!

The netgear will cost you about about 90 quid or under (from PC World) - at least when I bought it about a year ago. As I don't know your type of internet connection, I can't recommend a specific model as such, just be careful to check this.

The netgear DG-834GT does however support both PPPOA and PPPOE so if you buy this, it's gonna work with practically all connection types. More info here:

http://www.netgear.co.uk/wireless_broadban...ter_dg834gt.php

Thanks, Ian. Forgot to mention that I'm on Virgin-cable, which is why I picked those two. BTW, do you know anything about the Linksys WRT54G Wireless Cable/DSL Router (version 5.0)?

Never used the Linksys, but we have a Linksys wireless router in the office - and it's pretty damn good. Works for me on Fedora 8.

Use WPA if you can, unless you have hardware that requires WEP, which should keep you covered.

Disabling SSID broadcast does nothing to hide the network, and will prevent some computers from detecting the network.

Oh... and change the router's password. Surprising how many people fail to do this.

Linksys WRT54G's are good for most people. The GL is better, but it's a little more pricier.

I have DD-WRT on my router, you can change both username and password on that. If your router is one of the ones supported by DD-WRT I would highly suggest installing it (though, be warned, if you aren't careful you -might- brick the router).