Wired or Wireless Router, which provides more security

I have a small home network with a Desktop PC and a Wireless Laptop. I have a Linksys Cable Modem and a Linksys WRT150N Wireless Router. My desktop is hard wired to the router and I had been connecting wirelessly with my laptop. I live in a large apartment complex and have been targeted by someone who is trying to hack into my router. I now hard wire my laptop connection.
My question: Since I'm now using a wired connection with both my desktop and laptop (via my wireless router) would a wired router give me more security. Or once I'm hard wired to a router, does it give me the same amount of security regardless if it's wired or wireless.
Thanks
HC

 

Wired VS Wifi? Wired hands down. The only way to hack a wired connection is to physically connect to the network. Either from a remote site or an insider. To hack a wireless, all you need a laptop, a wifi card and the right tool. The majority of routers are unprotected. A growing # of routers are encryption-protected. WEP can be hacked in minutes. WPA is ok. WPA2 is the best right now as it will delay the successful hack by a long time. So long that it may not be worth the effort, unless you're a valuable resource. You can go to wikipedia for the explanations of the terms.

http://en.wikipedia.org/wiki/Wpa2

WRT150N supports pretty much every protocol from WEP, WPA to WPA2. AES is an encryption algorithm used by the government. Desktop Windows support AES. WPA2-AES would be the strongest encryption for the home user. Keep in mind that the stronger the encryption, the higher the speed penalty. Mobile Windows is craptastic at best in terms of WPA/2 support. I have 2 such devices and neither will connect through WPA. Only WEP. Even though both are supported by the devices. Even PSP & PS3 do a good job at WPA2-AES. I'm impressed with PSP (playstation portable) & PS3.

So it boils down to what devices you're connecting to the wireless router. If it's just the laptop & desktop, you should try to use WPA2-AES. WPA2 is selected by Windows by default. AES can be set in Network Connections. Now let's not forget the importance of a strong password. Use any tool to generate a 63-character password.

http://www.yellowpipe.com/yis/tools/WPA_key/

Print the password out and tape it to the computers/router. Change the password once in a while.

On the laptop, use only secure connection for shopping/banking. i.e. HTTPS. Also, turn on Windows firewall if you haven't.

Finally, there's an open source project that brings more security & features to the router. It's free.

http://www.dd-wrt.com/dd-wrtv3/index.php

 

Thanks Guys ,that's lots of good info. A few follow up questions:
1 - Akhilles said that Mobile Windows has problems with WPA2. By mobile, you don't mean laptops but phones, pdas, etc. Correct?


2 - Akhilles also said to turn on XP firewall. I already have a ZoneAlarm firewall and my router's firewall. Would the XP firewall be redundant or cause conflicts?

3 - TxTaxdad said that wired routers can be hacked, but would you agree that they are still more difficult to hack than wireless routers? If so, I'm willing to for go the convenience of using a wireless connection, for the extra security of using a wired connection.

4 - Also, if I'm hard wiring both my PC and Laptop, does it matter if I use a wireless or wired router? If I turn off all of my wireless network connections on my laptop (intel wireless, bluetooth) and turn off the wireless option on my wireless router, will that be enough? Or should I buy a wired router. The extra expense is no issue, if buying a wired router is best?

thanks
hc

 

i would say it's safer to have it wired. have you disabled your wireless signal from your router, since you have it wired (or removed your wireless router)? you never mentioned what os you have? if you have xp, i'd make sure you have a good software firewall (ie - zone alarm, etc). if it's a vista comp, then the windows one will do ok.

i have a wired connection on 2 comps, and wireless on 2 others, sometimes more, and i've never had a problem (i live in a large complex as well). anyway, what makes you suspect someone is trying to log into your network? i only have mine wep enabled, but i disable the "ssid broadcast", which is what you would connect to. i feel it's more secure, but it's not totally secure, as any hacker would be able to figure it out (from stuff that i've read), but i think it would make it harder for them anyway, my .02 worth - sos

 

Sosa,
Thanks so much for the response but please read the whole thread carefully before you reply, so I don't have to repeat info. Otherwise, I'll write an answer to your questions and the questions I asked in my last thread will get lost in the shuffle and not get answered.

Again, as I've said, I'm hard wiring my connections to a wireless router, I'm using XP Pro and ZoneAlarm is my firewall.

My questions are:
1 - Akhilles said that Mobile Windows has problems with WPA2. By mobile, you don't mean laptops but phones, pdas, etc. Correct?


2 - Akhilles also said to turn on XP firewall. I already have a ZoneAlarm firewall and my router's firewall. Would the XP firewall be redundant or cause conflicts?

3 - TxTaxdad said that wired routers can be hacked, but would you agree that they are still more difficult to hack than wireless routers? If so, I'm willing to for go the convenience of using a wireless connection, for the extra security of using a wired connection.

4 - Also, if I'm hard wiring both my PC and Laptop, DOES IT MATTER IF I USE A WIRED OR WIRELESS ROUTER? If I turn off all of my wireless network connections on my laptop (intel wireless, bluetooth) which I've done, and turn off the wireless option on my wireless router, will that be enough? Or should I buy a wired router. The extra expense is no issue, if buying a wired router is best?

Thanks
HC

 

if you look at the time i posted and you posted i was already typing as well, so i didn't have all of the info that i asked. - sos

 

I'm still trying to resolve this issue, so if TxTaz, Akhilles or anyone else could answer the questions I asked above (or below-as the case may be), it would be greatly appreciated. Sosa, please don't respond to any of my posts. I'm dealing with a very serious issue right now and the last thing I need is angry sarcasm.
thanks
hc

 

n/p :wave

 

Thanks Tx. Much appreciated.
HC

 

I went to the link that Akhilles left me:

http://www.dd-wrt.com/dd-wrtv3/index.php

I wasn't sure what I was suppose to download there (dozens of downloads) and what I was suppose to do once I downloaded it. There was something about binaries but when I clicked on that link, there were quite a few downloads to choose from.

Any thoughts?
thanks
hc

 

1. Mobile Windows is for PDA's & cellphones. Laptops/notebooks run desktop Windows. However, there are some that may blur the line between them. You see, MS WROTE Windows & IE. Their software can't beat Sony's in terms of interoperability & stability. I have yet to see PS3 browser crash. I have IE crash so many times I lost count.

2. You need only one firewall on each device. Be it a router, pc, laptop, pda, cellphone. You can run 2, but it's your job to make sure they don't conflict. Personally, I'm way over pop-up-crazy firewalls. My SPI firewall does the job in the background. Never popped up anything. Downside is I may not know what's going through the traffic. I have to trust the computer I use. There's a way to make sure that.

http://en.wikipedia.org/wiki/Stateful_Packet_Inspection

SPI works more or less like a security receptionist at a secure gov/mil/edu/facility/office. You go in thru front door, they ask you for your ID and who you're seeing, they confirm it before they let you in the building. That's more or less like SPI.

3. Use WPA2-AES, the strongest encryption available for home users.

4. Yup, you can turn them off. I did that when I was paranoid thinking my neighbor was poking at my router. See, instead of living in fear, I educated myself about internet security. I can spend hours on end reading a good whitepaper, article, book on the topic. The more I learn, the less I fear. You don't have to buy another router. The one you're using most def. have 4 wired ports in the back. That's like a standard.

You have to assess your risk - how much you could lose if you were hacked. For example, you go to a library and check a forum. What do you got to lose other than your forum login info? That's a small risk. Now if you're working from home for a large corporation...

After assessing your risk, you can decide on how much security you need. For an average home, WPA2-AES is more than enough. To hack that, the password must be known. You can change it every once in a while. You delay the intrusion.

While I like WPA2-AES, only my PSP & PS3 can support them flawless. My PDAs will try to connect forever. Once I lower it to WEP, my PDAs connect in seconds.

P.S. Know that nothing is unhackable. It's just a matter of time. We try to delay the hack.

 

Thanks Akhilles for taking the time to write that response. I wish my threat was a bit of paranoia on my part, but unfortunately it's all too real.
That being the case, I set up WPA2 AES with a long PW. But after thinking about it, rereading the advice on this thread, I turned off the SSID being shown, then I turned off the wireless on the router. So now I'm completely wired.
From what everyone has said in this thread, I'm assuming that all agree that wired will give me more security, although it's not hack proof.

Given that, 2 follow up questions:
1 - Is there anything else that I can do to make my wired connection more secure.

2 - I setup an Administration Password on the router that is 20 digits (#'s, letters and symbols). I'm not sure how long the Admin PW can be. Can it be 63 digits? If so, perhaps I can use one of those generated Passwords for the Admin password.

Thanks again
HC

 

As far the Internet security goes there is No difference.

The issue with Wireless is Local invation through the Wireless to your LAN.
However with good Wireless security it is Not a problem.

From the weakest to the strongest, Wireless security capacity is.

No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).

Note 1: WPA-AES the the current entry level rendition of WPA2.

Note 2: If you use WinXP and did not updated it you would have to download the WPA2
patch from Microsoft. http://support.microsoft.com/kb/893357

The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.
All devices MUST be set to the same security level using the same pass phrase.
Therefore the security must be set according what ever is the best possible of one of the Wireless devices.

I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.

If you need more good security and one device (like a Wireless card that can do WEP only) is holding better security for the whole Network, replace the device with a better one.

Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html

The Core differences between WEP, WPA, and WPA2 - http://www.ezlan.net/wpa_wep.html

.

 

Thanks folks, I really appreciate all the time you took to help me. I'll stick with wired for right now but all of the info on wireless is helpful, especially Cats last entry. My laptop is 5 years old so probably only has WEP capability, which means even if I set my WRT150N to WPA2 it won't give me that level of security.

The one question you didn't answer which I'm still curious about is:
Since I'm hardwiring to my Linksys 150n wireless router, the only password protection I have is the Administration Password. Do you know how many characters I can make that? Can I do 63?
Thanks again
HC

 

My Linksys seems to only take a 23 digit/char password. I am running the Tomato IOS instead of the Linksys IOS. In all honestsy, with 23 numbers and letters, that would be hard to break into...

You should be nice and secure.

E

 

I should add that as added precaution, I set up my computers so that you have to hit Ctrl-Alt-Del in order to enter the XP password. I've been told that even if someone hacks into my router, they won't be able to get onto my desktop or get any info. They need physical access to my desktop in order to press Ctrl/Alt/Del.
I've also set up a Bios Password. That could be difficult to bypass even if someone had access to my computer. I've been told that it can be bypassed by pulling out the CMOS battery. That' possible on the desktop but very difficult on the laptop.

HC

 

I would say you are about as secure as you can get HC! If you are interested in wireless later on, look for a wireless router that will let you adjust the wireless signal strength.

And if you get wireless and need to broadcast a SSID, change the name or your router to another brand. Like a Linksys saying it is a Belkin.

E :major

 

No problem, HC.

The length of the admin password for the router varies from router to router. I think that's a non-issue as long as it is a non-default password, and you disable remote administration. BTW, to hack your router wirelessly, the intruder has to break your wireless encryption. That's the 1st line of defense. Then he has to break your router admin password. That's the 2nd line. Lastly, he has to break into your computer. You got Zonealarm. That's the 3rd line. This is layered security.

Personally, I don't leave personal info on my pc. Even if my pc is hacked, the intruder doesn't gain much of anything. Everything on my pc can be found elsewhere. My personal data is stored separately on DVDs and USB drives. Also, I have a plan B. My whole drive is backed up daily. Restore takes 10 mins. When I get home, I check for rootkits & malware. My Windows is scanned by multiple scanners daily. The drive is defragged daily. All this maintenance is done while I'm asleep.

 

Thanks folks. I think I'm set. With wireless shut off on the router and a 23 digit Administration code set up, I think I'm as secure as I can get.
One final question (I promise):
At this point, with the way I have everything wired and secured, how can someone hack into my computer/router remotely and if they do, can they bypass the Ctrl-Alt-Del feature?

Thanks again.
HC

 

Either from inside or outside:

1) You're tricked into downloading a legitimate-looking program that is actually a trojan that opens doors to hackers. i.e. free wallpapers with an installer. This is called social engineering. It works on most unsuspecting people.

2) From what I understand, the intruder tries to fingerprint your OS, determine the vulnerabilities, and attack them. The default Windows install isn't secure enough, IMO.

 

Wired is more secure.

 

I have been useing the Devolo system for about 5 weeks now and am well satisfied i can use my PC any place in the house where there is an electrical point.

the system uses the electrical wiring of the house to relay the signal to the PC without the need for a router.

http://www.devolo.com/co_EN_cs/spezial/dLANspezial1.html

 

That's interesting Bill. So, can anyone hack into that setup? Can someone hack into a modem?

Also, as someone suggested earler in this thread, I tried to change my IP Address but to no avail. I went to 'What's my IP Address' and saw my address. I was able to change my laptop's IP Address, but the one that showed on 'What's my IP', remained unchanged (I assume that's my router's IP address, the one that I need to change).
Does anyone know of any sure fired ways to change the IP Addres of the router?
What I already tried (suggested to me by my provider - Comcast):
I went to my Router's status area, clicked on IP Address Release, then turned off my computer, unplugged power to modem and router, unplugged
RJ45 cable from modem and router, then unplugged RJ45 cable from my laptop. Left it 12 hours and then reversed the above procedure, to no avail.

Any ideas?

Thanks
HC

 

As I said before, I'm being targeted. The reasons are personal and getting into details would be inappropriate.

That being said, any ideas about changing the ip address

Thanks
HC

 

Your IP is given to you by your ISP. Think of it this way, 192.168.1.1 is my routers address. It is also the IP of all Linksys routers. When you connect to your ISP, you get another IP, given by them. I don't think changing your IP is what you need.

If I felt targeted on the net, I would kill the wireless, change my router's password to a nice long random one, and install a firewall. All of which I think you have done. To get more secure, I would look into a hardware firewall, or a much better (MUCH MORE $$) router.

Also, if you are using Win XP, change your Admin password, and only log is as a user with limited rights. You can switch to Admin if you need to install or modify something you can't do in your limited account. Look at your User Accounts, and limit your 'normal use' account.

Good luck 007! :-D

E

 

Your ISP assigns an IP to you. It may be static or dynamic. Disconnecting in router's web setup usually does the trick of changing IPs. If not, you got a static one and you can talk to your ISP for a change. Maybe free or for a small fee.

 

Thanks Akhilles
My IP address is definately not static, it's dynamic. When you say "Disconnecting in router's web setup usually does the trick of changing IPs" what do you mean. I went to the Status section of my router and clicked on IP Address Release and that didn't work. Is that what you're talking about?
thanks
hc

 

There's a disconnect button in your router setup that's web-based. You use a web browser to set up the router. Click disconnect on one of the pages. For my dlink, it's status page with all the IP/DNS info. 9 out of 10 times, I'll get a different IP.

 

Thanks Akhilles,
On the Linksys it's also the status page with the DNS numbers and IP address but it says IP Address Release, not IP Address Disconnect. I've tried it to no avail.
As I said before, when I connect my laptop to just the modem, the IP Address I have is different than the one I have when I connect with my Router connected. Does that make sense. Is the router IP address different from the computer IP address?
HC

 

The IP on your laptop is the identify of your laptop. The one for you pc is the identify of your PC. And so on. There are more than 1 IP on your status page. The one under WAN is what others see you. The one under LAN is what you see the router. What you want to change is the identify of the connection. It's an IP. It's under WAN - WIDE AREA NETWORK/Internet.