I’ve been listening to Steve Gibson’s podcast called Security Now! since it began a few months ago. It is a great podcast for everyone who wants to learn about how to keep both home and corporate computers safe from threats. They’ve had a great series on wireless (WiFi) security that boils down to this: if you’re not using WPA (or derivative, such as Radius), you’re simply not secure. Disabling SSID broadcast and MAC filtering don’t help squat. Anyone using KisMAC or NetStumbler can be on your WEP "protected" in less than an hour just by listening (or, sniffing, if you like that term better).
So all this has had me very worried since our network is far less secure than I thought it was. We’ve been hacked once, although I’m pretty sure it was a neighbor just trying out NetStumbler for fun. I didn’t want anyone getting on our network and using our broadband for free or worse, getting onto our systems and snooping. I don’t need somebody getting my old tax files or anything1 Why did we have a WEP network in the first place, you ask? TiVo can’t use WPA encryption methods. Okay, the solution there is to use a USB ethernet adapter (as opposed to the USB WiFi adapter we have now) and then bridge it onto the wireless network with something that can use WPA. Simple enough, right? No, not really.
First of all, TiVo has very limited drivers for network adapters. I finally went with the Netgear FA120, and it works great. For the wireless bridge, I first thought I’d use a wireless access point by Linksys. I’ve had great luck with their routers and other network gear, this seemed promising. Well no amount of tinkering seemed to get the access point to act in repeater mode (think of a wireless bridge that also acts as a signal booster), despite all the firmware upgrades that claimed to fix that exact same problem.
Next, I tried to use two of the same wireless routers with third party software by Sveasoft which allows the second router to act as a repeater and access point. This seemed ideal since routers are cheaper than access points and have rebates to help the cost even more. I was able to upgrade the firmware on my old router without problem, but sadly things didn’t go so well for the new router (both have to have the third party firmware).
You ever wonder what you’re router looked like on the inside? Hard to believe that’s a 125Mhz Linux computer, huh?
The firmware upgrade froze up and the power light just started flashing. If you own a Linksys WRT54G, let me tell you that the blinking power LED is sort of like seeing a human bleeding from the ears: a small sign that something terrible has happened. I tried hard resets as well as trying flashing the router with older Linksys firmware. I even tried a warranty voiding, last ditch effort to get it into failsafe mode. Around midnight, while typing
ping -t 192.168.1.11 with one hand while the other held a tiny flathead screwdriver point across two Flash ROM pins, I thought to myself "Self, what the hell do you think you’re doing?" I fancy myself as power user, but this was way above and beyond what I should be attempting for a piece of hardware I could simply return as being defective.
The next day, I returned the "bricked" WRT54G to CompUSA and tried to look for a replacement. The problem is, they didn’t have any of the older, Linux OS versions; they only had the new V5.0 models, which can’t use any of the fancy third party firmware. Same thing at OfficeMax, Circuit City, and Best Buy: only the new, improved easy setup models. Finally, at Best Buy (as I was about to drive over to check Staples), I though that maybe I was going about this all wrong. Wouldn’t power-line adapters do the same trick, and negate the need for dumbing-down my wireless network just for TiVo? So that’s where I stand now. I may still have issues with the older wiring in our home, but could it be worse than finding every way conceivable to break our wireless network? I hope not.
- My ideal solution is to eventually have a network storage that will only allow machines I assign to it access, and then via password. This way I can even just remove it from the network, or isolate it, all together. [↩]