Re: securing my new wireless router
From: Christopher Rector (crector@siumed.edu)Date: 10/09/02
- Previous message: Jayson Diaz: "Re: Somebody saw this trojan ? (nicely)"
- In reply to: Teodorski, Chris: "securing my new wireless router"
- Next in thread: Christian Freas: "RE: securing my new wireless router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 09 Oct 2002 13:49:20 -0500 From: Christopher Rector <crector@siumed.edu> To: "Teodorski, Chris" <cteodorski@ppg.com>
Question: How do I lock down my Access Point?
Answer:
Basics for secure wireless computing.
1. Disable SSID broadcasts.
2. Enable WEP encryption.
3. Use Mac filtering if possible.
4. Know your wireless footprint.
5. Limit IP's from AP DHCP.
Explanations:
1. By disabling SSID broadcasts, you effectively make your wireless
network disappear. Only authorized clients that have he correct SSID can
connect to your network. Even Netstumbler can't see the network,
although some linux versions of wireless sniffers still can.
2. Use WEP even though it can be cracked, it's better that no
encryption. Also cracking the WEP key would require a steady network
flow to capture enough packets the begin working on the key. Most
Wardrivers, aren't going to have access to your system long enough to
worry about it, they see WEP enabled and move on. There are too many
unencrypted networks out there already, why waste time working on one
that has encryption turned on.
3. By setting Mac filters on your AP's you can effectively control who's
able to connect to them for use. Granted, it's not going to be an easy
solution to implement if you had hundreds of users that could possibly
connect to a given AP. But if you maintained strict control of AP access
to those who really need it you limit the exposure for abuse to your
network.
4. Do a walk through with a wireless laptop to see where your hotspots
for your network are. It's always a good thing to know that if you have
a big hotspot with access available to video store parking lot next door
to your office. That's a good place for wardrivers to stop and park to
leech off your network. By knowing your footprint, you can reposition
your AP's to minimize the amount of bleed through that you have
available.
5. Enable AP DHCP to release only 1 or 2 IP addresses. This way if both
are taken up, it will not assign another IP.
Make sure you change the default admin password on the router as well,
there are lists available that provide almost every consumer level
default admin password.
More information can be found on www.netstumbler.com.
__________________
"Teodorski, Chris" wrote:
>
> So I've ordered a wireless router for home....I'm quite sure that it ships "wide open" with no security set....I was wondering if any of you could be kind enough to offer suggestions or point me towards any good articles on securing my new wireless environment. i'd like to find a mix of both theory and checklist stuff.....so I can secure it and understand the what's and whys.
>
> Thanks,
>
> chris
-- Christopher Rector, MCSE Computer Information Specialist Southern Illinois University School of Medicine Department of Ob/Gyn 217-545-9182
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Previous message: Jayson Diaz: "Re: Somebody saw this trojan ? (nicely)"
- In reply to: Teodorski, Chris: "securing my new wireless router"
- Next in thread: Christian Freas: "RE: securing my new wireless router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
