Jump to content

wi-fi and WPS advice needed please...


Recommended Posts

Hi.

 

Just looking for a small bit of advice regarding my wi-fi network security.

We all know by now how insecure it is to use WPS and by default it is turned off on my router.

 

Recently I decided to strengthen the security of my wi-fi by changing my password from the routers default (which was a very weak 8 characters, only numbers and lower case letters) to a more robust 63 character one - a random string of upper and lower case letters, numbers and special characters.  

 

That's good right !

 

All went well updating my devices until it came to my printer - an Epson XP-322.

To my horror I found that you cannot input a wireless password with special characters (@#$% and so on) on this printer - it will only accept numbers and letters !!

 

The only way I could reconnect my printer to my router was to temporarily turn on WPS enter a PIN and then turn it off again.

 

Even though WPS is disabled again the router can still recognise the printer as an allowed device which is good because it is essential that I can print documents wirelessly (I have a chromebook and use google cloud print).

 

I only ever turn the printer on when I actually need to print a document. I don’t leave it continuously connected to the wireless network like a lot of people seem to do these days and because WPS is turned off again does this mean I am still safe from this method of hacking or have I opened up a new security vulnerability on my network ?

Link to post
Share on other sites

Save yourself a headache.  Connect the Epson to Wired Ethernet.  Once it is on the LAN you can print to it when your mobile devices are on the LAN. Even when wired, depending on the model, Epson printers have "Cloud" printing capabilities.

 

Just load the IP address of the Epson into your Browser.  It should give you a menu including Cloud Printing setup. 

Example: IP address of the Epson is 192.168.1.44  use;  http://192.168.1.44

 

Just note that Cloud Printing is not on all Epson printers  For example it is not available on an Artisan 835 but it is available on a XP-810.

 

Any devices that are on the same LAN ( example 192.168.1.x ) should be able to print to a printer on that LAN.  You should not have to go out to use Google to go to the Internet to print to a local printer.  When a device is on the LAN it doesn't matter if it is Ethernet or WiFi.  Once it is on the same network, the devices can "see each other".

 

Also you can setup the printer on Wired Ethernet and then use EpsonNet Config v4.4.5 and configure WiFi.  You may find the configuration utility will have a better interface to apply special characters to a WiFi password while the LCD display on the printer may not.

 

Link to post
Share on other sites

Thanks very much for the information David.

 

I knew I was missing something. I had completely forgotten about the online config utility for Epson cloud print.

The advanced settings allowed me to enter my new complex password which that little lcd screen wouldn't allow, so I can use Google cloud print and get my google docs printed off without any bother now.

 

Now that has been cleared up could I please ask you if you think the following is a sufficiently secure set-up for an 'average home user' like myself...

 

* Router has strong complex password.

* Passphrase is strongest possible (complex 63 characters - maximum allowable on this device). 

* Encryption is WPA2-PSK [AES]

* Router firewall is on.

* Remote access (from the internet side) is disabled.

* WPS (both PIN and push button) is disabled.

 

The only other thing is I'm not sure whether to hide my SSID or not. My ISP actually recommends it...

http://help.virginmedia.com/system/selfservice.controller?CMD=VIEW_ARTICLE&ARTICLE_ID=3673&CURRENT_CMD=SEARCH&CONFIGURATION=1001&PARTITION_ID=1&USERTYPE=1&LANGUAGE=en&COUNTY=us&VM_CUSTOMER_TYPE=National

...but no-one else seems to bother doing it and there are lots of people online that argue that it may make you less secure somehow ?

 

 

Link to post
Share on other sites

Sounds good except 63 chars. is excessive.  Just make sure you include Upper, Lower, Numbers & Special Characters greater than 10 chars.
 

You don't need to hide the SSID.  If someone wanted to get in, they can get it w/o it being announced.  Just make sure the SSID is "whimsical" and does not point to you and/or your home.  I do not think that hiding the SSID diminishes your security and hiding only adds a very slight increase to your security.  I personally announce my SSID.

Link to post
Share on other sites

Sounds good except 63 chars. is excessive.  Just make sure you include Upper, Lower, Numbers & Special Characters greater than 10 chars.

 

Yeah I wasn't exactly the most popular member of the family when I handed out the new passphrase, especially when my nephew came to visit at the weekend.

Took him about 15 mins to enter it on his ipad. But I figured if I was going to do this I may as well go all the way with it !!

 

As for the characters I used 15 of each group (to make 60) plus threw in three extra special ones, then made sure they were completely randomised. 

 

 

 

You don't need to hide the SSID.  If someone wanted to get in, they can get it w/o it being announced.  Just make sure the SSID is "whimsical" and does not point to you and/or your home.  I do not think that hiding the SSID diminishes your security and hiding only adds a very slight increase to your security.  I personally announce my SSID.

 

I figured hiding the SSID might just be over doing it a little.

I've always kept it as it's default which is the ISP's name followed by seven random numbers. So that doesn't identify me or my home address and I suppose knowing which ISP I'm with (which is the UK's second largest provider) isn't some great secret. In fact most of the street is with Virgin Media !

 

Thank you once more David for your time and expertise. I'm much obliged to you sir.  ;)

Link to post
Share on other sites
  • Root Admin

Using WPA2 with AES encryption and your Wi-Fi Protected Setup (WPS) disabled there are no known successful attacks that I'm aware of. There are some attacks on other protocols but even that entails a lot of work that unless you're a target from some Government State (at which point there are other ways to get your data) you're more than safe at home. Using a much shorter password (that is not easily guessed) is also not going to be easily attacked or discovered. A 12 character password that cannot be found in a dictionary is more than enough to protect your wireless system.

Link to post
Share on other sites

Using WPA2 with AES encryption and your Wi-Fi Protected Setup (WPS) disabled there are no known successful attacks that I'm aware of. There are some attacks on other protocols but even that entails a lot of work that unless you're a target from some Government State (at which point there are other ways to get your data) you're more than safe at home. Using a much shorter password (that is not easily guessed) is also not going to be easily attacked or discovered. A 12 character password that cannot be found in a dictionary is more than enough to protect your wireless system.

 

So in other words if I were in range of any 'aspirational' hackers in my local neighbourhood they wouldn't stand much of a chance against a 63 character password with WPA2-PSK [AES] encryption. And trying to crack my network would be more trouble than it's worth to any cyber criminals out there trying to break into someone's wireless network. 

 

My router does have an even stronger WPA/WPA2 enterprise level encryption available but I read that this limits wireless speeds to 54 MB. That wouldn't be much good for me on a 154 MB connection.

Link to post
Share on other sites

"You should not have to go out to use Google to go to the Internet to print to a local printer."

 

i agree ...

and i feel that "cloud printing" or any method other than directly wired printers , accessing them directly (as it were) via LAN or a dongle transfer is the most secure way .

anytime one uploads *something* from their system to *somewhere* else the risk of data compromise increases .

anytime one "broadcasts" information the risk of system/data compromise increases .

 

yeah ...

63 characters is a bit over the top .

anyone that really wants to get into or "hack" your system/network is going to have the equipment and wherewithal to do so ... these chaps are far and few between .

referencing AS ; 12 characters is enough .

Link to post
Share on other sites

"You should not have to go out to use Google to go to the Internet to print to a local printer."

 

i agree ...

and i feel that "cloud printing" or any method other than directly wired printers , accessing them directly (as it were) via LAN or a dongle transfer is the most secure way .

anytime one uploads *something* from their system to *somewhere* else the risk of data compromise increases .

 

True. But I think the risks are acceptable if you have your network properly secured. Plus it makes sense for someone like me to use Google cloud print to print Google docs from a Google Chromebook (after all the docs are already "in the cloud").

 

Wow! Listen to me now! This is coming from someone who little over a year ago was adamant that I wouldn't allow myself to become a 'slave to Google' Now I am a complete chromebook convert. I just love the ease and simplicity of it all.

 

All that said though, for more sensitive documents (financial stuff and so on) I use a Windows laptop with an older printer which are not on any network and strictly for offline use only. For everything else though I'm perfectly comfortable using Google docs and cloud printing. 

Link to post
Share on other sites
  • Root Admin

Yes and that "it's just so easy" is how many give up their freedom and privacy but that's another story.

 

Your question on wfi-fi has been answered. Is there anything else we can assist  you with in regards to the router?

 

Thank you

Link to post
Share on other sites

"Wow! Listen to me now! This is coming from someone who little over a year ago was adamant that I wouldn't allow myself to become a 'slave to Google"

 

heh ... and they say that heroin is addictive .

:lol::P

Link to post
Share on other sites

"Wow! Listen to me now! This is coming from someone who little over a year ago was adamant that I wouldn't allow myself to become a 'slave to Google"

 

heh ... and they say that heroin is addictive .

:lol::P

 

I bow down before the great and mighty Google, my corporate overlords  :lol:

Link to post
Share on other sites

Yes and that "it's just so easy" is how many give up their freedom and privacy but that's another story.

 

Agreed, a different discussion for another time.

 

With regards to my original issue: yes that has been resolved and I am happy that my router / wireless is secure enough.

 

Thanks again to everyone for their input. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.