Re: Maximum Security (WPA2-802.1x) for DG834PN Router - How to configure?

Thelps · ‎2013-01-14

Hi all,
I was wondering if someone could provide a step-by-step guide for a layman on how to configure WPA2-802.1x security on a Netgear DG834PN wireless router? I'd appreciate it if you include all meanings of terms and abbreviations as well as the step-by-step guide. This is important as I have found my internet traffic to be monitored (although I am not certain it is the result of a geographically local hacker - this would at least help rule out that possibility).

If this isn't the case then who else could be aware of what websites this router accesses and how? Apart from hardware installed at the local exchange (mischievous telecoms tech snooping?) my ISP could be the only other point of espionage.

I'd be grateful for your replies and support.

jmizoguchi · ‎2013-01-14

I didn't think it supported

Under encryption for wireless , if you don't see WPA2-enterprise the. It does not support 802.x

Thelps · ‎2013-01-14

It has options for WPA-802.1x and WPA2-802.1x listed under Wireless Settings - Security Options.

jmizoguchi · ‎2013-01-14

http://interface.netgear-forum.com/DG834PN/wire_sel.htm

I guess it does..

you will need Radius server to use 802.1x so if you don't have any RADIUS server you will not abel to use this.

Use standard WPA2 encryption

Reference

for Windows pc side
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/8021x_client_configur...

http://www.jadota.com/2010/11/setting-up-wireless-802-1x-with-windows-server-2008-and-nps/

Thelps · ‎2014-03-06

My router's LEDs have started indicating an attached device when I have ensured all devices in the premises are switched off.

It may be someone in the local area gaining access to the router via a security flaw in the device's firmware.

This has become extremely important to solve due to the breach of privacy.

Any and all assistance would be appreciated.

jmizoguchi · ‎2014-03-06

If you have good wpa2 pass phrase then should be okay

Thelps · ‎2014-03-06

Pass phrase is fine and is changed regularly.

This is not a user issue. I am reasonably experienced in the use of wireless hardware and know how to configure the router's built-in settings.

I know how to upgrade and change the firmware.

I'm dealing with a focused hacker who has a great deal of knowledge about me as an individual.

If possible I require advanced-level technical assistance.

jmizoguchi · ‎2014-03-06

There is nothing you can do wap2 unless you do 802.11.x and deploy your ow radius server

Joe_ · ‎2014-03-06

Thelps wrote:
My router's LEDs have started indicating an attached device when I have ensured all devices in the premises are switched off...

Could you say exactly which LEDs these are and how they are indicating this (e.g. blinking intermittently then stopping then blinking again).

Thelps wrote:
I'm dealing with a focused hacker who has a great deal of knowledge about me as an individual.

Again, you need to describe more precisely why you think so.

sabretooth · ‎2014-03-07

Turn on your MAC filter.

jmizoguchi · ‎2014-03-07

Remember some wifi devices will fail to connect that you at own so if that fail on some of the wifi then you may not able to use that add extra security

Just a extra tips

Retired_Member · ‎2014-03-07

Thelps wrote:
If this isn't the case then who else could be aware of what websites this router accesses and how? Apart from hardware installed at the local exchange (mischievous telecoms tech snooping?) my ISP could be the only other point of espionage. I'd be grateful for your replies and support.

Sounds like your x or someone may have installed a key stroke logger or some other spyware on your pc. Consider using a VYPR VPN or some similar service.

Devor · ‎2014-03-07

Other than seeing if the traffic temporarily stops, if you are dealing with a "focused hacker", turning on MAC Filtering will do little good in the long run.

sabretooth · ‎2014-03-08

Devor wrote:
Other than seeing if the traffic temporarily stops, if you are dealing with a "focused hacker", turning on MAC Filtering will do little good in the long run.

Enough to prove he has one or not.

Thelps · ‎2014-03-20

Responses:
For those who have suggested the 'basic' or 'standard' WiFi security advice, I'd refer you to this article:

http://www.pcworld.com/article/2052158/5-wi-fi-security-myths-you-must-abandon-now.html

(Hope that helps bring you up to speed, please don't derail the thread by critiquing the validity of the article here though... feel free to start a different thread about it in the appropriate forum and I'll be sure to discuss it with you there.).

Joe_ wrote:
Could you say exactly which LEDs these are and how they are indicating this (e.g. blinking intermittently then stopping then blinking again).

Again, you need to describe more precisely why you think so.

In response to you Joe - The DG834PN has the nifty feature of featuring a 'Dome' of LEDs (A blue circle on the top of the router with 6 LEDs arranged in a circular pattern) each of which represents one of the router's antennas. When no wireless devices are connected to the router the LEDs light up and switch off rapidly in a circle pattern. When a device IS connected at least one, and up to three of the LEDs, remain constantly lit, effectively indicating which antennas are active in the maintenance of the wireless connection.

To get back to the main point: My router's dome of LEDs indicate connections when none are listed on the router's configuration page. Furthermore, although I have restricted the MAC addresses authorised by the router I have twice witnessed the same MAC address (of a device I authorised) listed as being connected to the router three times simultaneously (That's to say I can see it listed under 'Connected Devices' on the router's control panel 3 times simultaneously). This indicates the common hacking technique of 'Mac address spoofing' whereby someone within WiFi range of the router manually reassigns their network card's MAC address to one that is authorised by the router's security.

I will consider the VPN option kindly suggested by Searay. However, the main thrust of this thread is to enquire if anyone can give me some leads on what to do with this specific piece of Netgear hardware (DG834PN) to further protect against any snooping of wireless traffic.

Any and all suggestions very useful.

Mars Mug · ‎2014-03-21

A wireless router or access point which has its radio enabled is required to process wireless activity on the same (or overlapping) wireless channels. The router at least needs to be ready to process the initial wireless connection messages from your client devices, and will apply the same process to unauthorised devices (which it will reject). It will also respond to some WiFi traffic that it ‘hears’ on other nearby WiFi networks where there is no attempt to connect to your WiFi. The router also has to respond to the activities of other nearby access points and clients since other WiFi networks have to interact with yours in maintaining local interoperability. Basically the dome LEDs indicate activity on the WiFi channels of a number of different types, not just your own connected active devices, and not necessarily attempts to access your WiFi. They are not a positive indication of someone attempting to access your network.

The WPA2 encryption that you are using should be more than adequate if your passphrase is strong, it will not be compromised by someone packet sniffing your data in short time (or very long time if the password truly is strong). If someone is really trying to crack your WPA2 passphrase actively, then at the rate needed to do this in any practical time they would need to use aggressive techniques which will normally be observable to you as WiFi clients keep losing their network connection.

If you truly suspect that someone is packet sniffing data (you can’t detect that) and then attempting to gain access to your WiFi network (which you can detect), then follow the same process yourself. Get a WiFi card that will support the promiscuous mode that I believe packet sniffers need, and use this to monitor local WiFi traffic. You should then be able to see if anyone is repeatedly attempting to access your network, through MAC address and SSID details. If you were able to identify attempted access then it should be possible using a portable WiFi sniffer (e.g. a laptop) to triangulate the remote signal.

Devor · ‎2014-03-21

Enable WPA2-PSK [AES] on the radio and use a randomly generated password from here. That should put an end to worrying about someone being able to access your network. Basing your decisions on the attached devices list is not an indication of being hacked, as the attached devices list is notorious for being inaccurate on many routers.

If your router doesn't support WPA2, then I refer you back to the link you posted, section "No Myth". "If your equipment is old enough to be limited to WPA security, you should consider an upgrade."

jmizoguchi · ‎2014-03-21

This model will have WPA2
http://interface.netgear-forum.com/DG834PN/start.htm

Thelps · ‎2014-03-22

Mars Mug wrote:

The WPA2 encryption that you are using should be more than adequate if your passphrase is strong, it will not be compromised by someone packet sniffing your data in short time (or very long time if the password truly is strong). If someone is really trying to crack your WPA2 passphrase actively, then at the rate needed to do this in any practical time they would need to use aggressive techniques which will normally be observable to you as WiFi clients keep losing their network connection.

As mentioned earlier in the thread, one WiFi client in particular does repeatedly lose connection. Also, the other main WiFi client device in the house often has great difficulty establishing its initial connection to the network (despite password and configuration settings being correct) although once it has established its connection it does not drop it.

In the event I use a 'long, secure' WPA2-PSK passphrase and, as theorised, my hacker is local, surely it won't get me more than 24 hours or so? They can just run a library hack and gain entry within that time or shorter.

I'll consider reversing the hack to locate the individual(s) but wouldn't know where to begin. Furthermore they'll be able to watch me, step-by-step as I research it, acquire the necessary tools/software and then put it into action...

Shame the police don't take this stuff seriously at all.

Devor · ‎2014-03-22

See the link in this post here. Using the suggested passphrase in that post would likely take years to crack.

jmizoguchi · ‎2014-03-22

I'll consider reversing the hack to locate the individual(s) but wouldn't know where to begin. Furthermore they'll be able to watch me, step-by-step as I research it, acquire the necessary tools/software and then put it into action...

http://www.aircrack-ng.org/doku.php?id=cracking_wpa