Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Netgear N300 unique SSID and password
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Hardware
View previous topic :: View next topic  
Author Message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Tue Aug 13, 2013 5:46 pm    Post subject: Netgear N300 unique SSID and password Reply with quote

I’ve just bought and set up a new Netgear N300 (WNR2200) Wireless Router to replace a six-year-old malfunctioning Linksys BEFSR41. On the set-up sheet Netgear say:

"This product has a unique Wi-Fi network name (SSID) and network key (password). The default SSID and network key (password) are uniquely generated for every device (like a serial number), to protect and maximize your wireless security. This information is located on the label on the bottom of the product.

NETGEAR recommends that you do not change the preset Wi-Fi network name (SSID) and network key (password). If you do change the settings, the information on the bottom of the product does not apply."


What do you think about this? Bearing in mind they are stated to be unique, is it OK to leave the SSID and password as they are or would you change them?
Back to top
View user's profile Send private message
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7627
Location: Midlands, UK

PostPosted: Tue Aug 13, 2013 6:30 pm    Post subject: Reply with quote

Sounds like round objects to me. The SSID can be found out by scanning for it even, I am given to understand, if you keep your network hidden. The password might well be unique, but I'm sure you could think up a unique password as well, however it might well be more secure than one dreamt up by those who prefer their dog's name or their children's birthdays.

Actually, you might say their idea is less secure, as anyone who has access to your house can, if they know where to look, find out your SSID and password.
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Tue Aug 13, 2013 8:39 pm    Post subject: Reply with quote

I have never bothered to hide my SSID for the precise reason you mention - that anyone who knows how can easily discover it by scanning - so there's not much point doing so. Rolling Eyes

However, I must say I find it slightly bizarre that a password for a device should be displayed on the bottom of that device. In actual fact, in the Netgear's case, once you have attached it to the supplied stand it is then in a vertical position and the password is no longer on the bottom any more but on the side and thus even more visible! Confused
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3444
Location: Birmingham, UK

PostPosted: Tue Aug 13, 2013 9:24 pm    Post subject: Reply with quote

I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.
Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.
(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).
If you do change them, they can probably be reset.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
GregS



Joined: Thu Aug 03, 2006 4:54 am
Posts: 97
Location: Oz

PostPosted: Wed Aug 14, 2013 12:07 am    Post subject: Reply with quote

wyliecoyoteuk wrote:
I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.
Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.
(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).
If you do change them, they can probably be reset.

Indeed. Had recent experience with this, using any browser (you need to find the address of your router, this may be default or unique to your ISP, as in our case) it is a reasonably simple matter to access and change these details.

One possible reason to change SSID is that, at least in our part of Oz, there are a number of other users with a "Bigpond" ISP-assigned SSID which can be somewhat confusing, particularly when the kids are wanting to use their school laptops on the home network.

Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...
Back to top
View user's profile Send private message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1070
Location: Worcestershire

PostPosted: Wed Aug 14, 2013 10:41 am    Post subject: Reply with quote

"If you change the SSID and/or password then we will not be able to monitor your device under our support guarantee and fix any problems we detect (e.g. firewall configuration), to ensure that it remains functional and secure."

Not happened yet AFAIK but I see that one coming.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
roseway
LXF regular


Joined: Thu Jan 18, 2007 2:27 pm
Posts: 446

PostPosted: Wed Aug 14, 2013 12:45 pm    Post subject: Reply with quote

That sounds like an excellent reason to change the SSID and password. I certainly wouldn't want Netgear (or anyone else) being able to monitor my setup.
_________________
Eric
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Wed Aug 14, 2013 12:52 pm    Post subject: Reply with quote

GregS wrote:
Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...


Couldn't agree more!

My previous router, the Linksys, was not wireless enabled but about four years ago I decided to add a wireless access point. Knowing virtually nothing about wireless I read up on it and discovered that it was best to have a fairly long password, not using any dictionary words but a mixture of numbers and letters, upper and lower case. So I followed that advice and created a 15 character password, which (again I had read this was a good idea) I changed from time to time.

On my new Netgear router, I am not convinced myself that their “uniquely generated” password is particularly well chosen and I do really wonder whether it is in fact “unique” or whether, say, it might be found on another Netgear router or, if not the exact same password, something very similar. I am undecided at the moment whether to change it or not.

I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

Paranoia or what. Sad
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Wed Aug 14, 2013 12:54 pm    Post subject: Reply with quote

roseway wrote:
That sounds like an excellent reason to change the SSID and password. I certainly wouldn't want Netgear (or anyone else) being able to monitor my setup.


Yes, I must say I find that somewhat disturbing.
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4257
Location: wild West Wales

PostPosted: Wed Aug 14, 2013 2:02 pm    Post subject: Reply with quote

all BT home homehub3s have the router id and the ssid on an easily removable little tab so that you don't have to worry about such things and they also supply two stickers with the same info in case you want to pass that around too Rolling Eyes
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
paulm
LXF regular


Joined: Mon Apr 03, 2006 5:53 am
Posts: 242
Location: Oxfordshire, UK

PostPosted: Wed Aug 14, 2013 7:01 pm    Post subject: Reply with quote

Marrea wrote:

I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

Paranoia or what. Sad


So far as I can see, justified paranoia. There have been a number of reports of serious security problems with WPS. For instance, see the below:

http://www.netstumbler.com/2013/01/18/wi-fi-security-the-rise-and-fall-of-wps/

http://www.it-sp.eu/index.php?option=com_content&view=article&id=701&Itemid=74

Those are only a few of the reports. Enough to make me disable WPS on my current (horrible, awful) Technicolor 582n router. And enough for the author of the replacement firmware for my soon to be deployed Ausus RT-N56U router to remove WPS completely.

I'd be looking hard for ways to disable it in the Netgear....

Paul.
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Wed Aug 14, 2013 9:22 pm    Post subject: Reply with quote

paulm wrote:
I'd be looking hard for ways to disable it in the Netgear....


Thanks for the links. I have now found this on the Netgear site

http://kb.netgear.com/app/answers/detail/a_id/19824/~/how-do-netgear-home-routers-defend-wifi-protected-setup-pin-against-brute-force

and have accordingly disabled the PIN in the router's GUI as described in that article. However, the WPS button on the front of the router will still not turn off (ie the green light refuses to disappear) so I shall just have to keep my fingers crossed that what Netgear say about only the router PIN method being vulnerable to brute force attack is correct.
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Fri Aug 16, 2013 3:39 pm    Post subject: Reply with quote

Update on above

I contacted Netgear via their support site to tell them that I had disabled the router’s PIN but should welcome clarification about how to turn off WPS completely, as I had found it impossible to do this by pressing the WPS button on the front of the unit although the User Guide implies I should able to do this. They have replied as follows:

"I have reviewed your case and I understand that you need assistance in disabling the WPS function of the router.

For your query about the WPS function:

The WPS will be enabled automatically if the security is set to WPA, thus disabled when using WEP (54 Mbps). The Push Button will still work even though you have disabled the PIN on the settings. Only the use of the PIN will be disabled."


So - assuming I have read this correctly - if I have security set to WPA (which I have) I am stuck with having WPS enabled; and the only way I can turn WPS off completely is by setting the security to WEP, which will allow any determined hacker to break in within 60 seconds.

Hmmm Shocked
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1871
Location: Chilterns, West Hertfordshire

PostPosted: Sun Aug 18, 2013 5:10 pm    Post subject: Reply with quote

Latest update

I have been back to Netgear on this and they have replied as follows:

"I am aware that you would like to confirm if changing the security into WEP is the only way to completely disable the WPS function of your NETGEAR WNR2200.

In response to your inquiry - yes, as of now, the only way to completely disable WPS is by changing the security into WEP. We have taken note of your comments though and we will try to come up with a firmware that will enable users to completely disable WPS."


I am pleasantly surprised that they have taken my comments on board and offered to try and do something about the situation. I shall wait and see what happens.
Back to top
View user's profile Send private message
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7627
Location: Midlands, UK

PostPosted: Sun Aug 18, 2013 5:58 pm    Post subject: Reply with quote

Marrea wrote:
I shall wait and see what happens.


Netgear wrote:

Today we are proud to announce the Netgear N301 wireless router with enhanced security customisation options, including the ability to disable WPS! (RRP £59.99)


What? Do you think me too cynical? Rolling Eyes
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Hardware All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast