WPA2-personal(psk) questions?

[Invasion]

I have a Wirless G+MIMO Modem Router and my security is currently on WEP 128bit. I would like to change this to WPA2-personal (PSK) and just wanted check a few things first as this is all new to me and a little confusing!

As said my Modem router is a Belkin G+MIMO Modem Router that is connected to one PC via Ethernet cable and then my PC downstairs is wirless enabled and I am using WEP128 bit security setting and all is running ok.

So if a change my setting to WPA2-Personal(PSK) I have to fdo the following?

Select WPA2-Personal(psk) for Authentication

Encryption Technique Select "AES"

Enter Pre-Shared Key anything from 8 to 63 charachters

Then go to START> CONTROL PANEL> NETWORK CONNECTIONS...wirless connection Properties and under wirless Network Tab

Click properties for my Belkin Modem Router

and under Network Authentication select WPA2-personal (psk)

Then select "AES" Data Encryption

Type in Encryption Key Under "Network Key" box

and click ok to apply settings

Does this sound correct ? and do I only need to apply the settings on my wirless PC?

and also will I need to download Update to allow support for WPA2(KB893357)
http://support.microsoft.com/default.aspx?scid=kb;en-us;893357

thanks for any help advice much appreciated

 

[Invasion]

well all done took a chance that I was right....now security is set to WPA2

dont think there is anything else I need to do security wise ??

 

[nst68]

You could setup MAC filtering or disable the SSID broadcast, but both of these are easy to get round and will cause you more hassle when adding new devices to the network.

I'm running WPA2 with a 20 char diceware key.
If someone goes to extreme lengths to break that, then I think they deserve to use my network

 

[Invasion]

The SSID broadcast is disabled on my modem router as default so I think I am pretty much done although could you explain about MAC Filtering ?

Regards

 

[csmager]

The SSID broadcast is disabled on my modem router as default so I think I am pretty much done although could you explain about MAC Filtering ?

Regards

As nellystew rightly pointed out, both SSID broadcast and MAC filtering aren't worth thinking about - an SSID can be discovered as if it was never turned off, and MAC addresses can be spoofed as quick as you can type them. All both will do is irritate you when you're trying to add a new client - find out MAC address, add it to access list. Type in SSID. Far easier to just double click and type the PSK.

WPA/WPA2 keys of enough complexity would take considerable time to brute force even by supercomputer (and we're talking years, not hours). There isn't really a need for anything else.

 

[Invasion]

ahhh ok then I guess I am all done then thanks for the info much appreciated!

Regards

 

[Cyber-Mav]

either way its good to disable ssid and enable mac filtering. sure they are not very effective, but it just adds that extra obsticle to jump over. also it prevents your network showing up on a general scan.

i use both mac filtering and disable the ssid. as for the wpa2 key, i use a 63 character one. got to make things as secure as possible if your wifi is left on on for long periods of time.

those who turn off their wireless routers/AP's overnight or when they are not in use don;t really need to go out of thier way to tighten up security and even wep encryption would be sufficient.

 

[csmager]

either way its good to disable ssid and enable mac filtering. sure they are not very effective, but it just adds that extra obsticle.

If you compared hacking into the network to a marathon, WPA is the 26 miles, and MAC filtering is the 1mm at the end. It really is about as much use as a chocolate fireguard.

As I've said, there is no method of breaking WPA/WPA2 without bruteforce - there is no known major flaw in the encryption algorithms. Brute force on a long PSK would take years and years. You'll have binned the router or changed the password before it was cracked.