Re: home wireless router good practices for security

From: Jack (Jack_at_JackNguy.com)
Date: 01/03/04

  • Next message: Jack: "Re: Simple Question ..."
    Date: Fri, 02 Jan 2004 18:59:14 -0500
    To: Nick Duda <nduda@VistaPrint.com>
    
    

    Forgive me for not reading all the replies, but this is all I do, mac
    filtering. I disable the broadcasting of SSID. The best thing to do is
    to look over logs every now and then, especially DHCP logs, if you leave
    it on. My linksys wired router allows me to send logs to a machine, so I
    set up a snmp trap. WEP, in my opinion is pointless and annoying. Anyone
    who knows anything, with a bit of time should be able to break wep. My 2
    cents.

    -Jack Nguy

    Nick Duda wrote:

    >Disable DHCP on the WAP and go static RFC1918's
    >Harden your OS (numerous whitepapers on the net, google them)
    >Virus Software
    >IDS/Firewall software (BlackICE, ZoneAlarm..etc)
    >ACL's on shares/permissions
    >
    >- Nick
    >
    >
    >-----Original Message-----
    >From: Steve [mailto:securityfocus@delahunty.com]
    >Sent: Tuesday, December 30, 2003 1:33 PM
    >To: security-basics@securityfocus.com
    >Subject: home wireless router good practices for security
    >
    >So I went out and purchased a wireless router (Linksys 802.11b) for home
    >since it was so inexpensive and actually less cost than the wireless
    >access points I was trying to get via eBay. Got it home, installed my
    >wireless network card (SMC), powered on the router, attached it to a
    >port on my other wired linksys router, and boom it worked great. Then
    >about 5 minutes after I sent an instant message to my neighbor (fellow
    >IT friend) he was on my network. So I took the steps that Linksys
    >recommends below, seems good (to me).
    > Change the default SSID
    > Disable SSID Broadcasts
    > Change the default password for the Administrator account
    > Enable WEP 128-bit Encryption
    >Linksys also recommends these other measures, I have not implemented:
    > Enable MAC Address Filtering
    > Change the SSID periodically
    > Change the WEP encryption keys periodically.
    >
    >My Questions:
    >
    >1) Anyone know how much enabling 128-bit encryption will hurt my
    >wireless performance?
    >
    >2) Does setting the SSID for my wireless NIC then keep me from getting
    >onto other wireless networks like when traveling? I ask since that
    >setting was set to ANY before I changed it to the SSID that I set for my
    >wireless router.
    >
    >3) What else should I really do to protect my home network?
    >
    >
    >
    >------------------------------------------------------------------------
    >---
    >------------------------------------------------------------------------
    >----
    >
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Jack: "Re: Simple Question ..."

    Relevant Pages

    • Re: Renaming a wireless connection
      ... Replaced a router with a Belkin that has wired and wireless in its ... Desktop is wired to this router. ... Laptop found the wireless and connected with the name ... ||| I'm assuming we're talking the default SSID Name here? ...
      (microsoft.public.windowsxp.network_web)
    • Re: Undetectable APs
      ... If you're seriously worried about attacks via wireless, ... that can be done to an encrypted access point or router, ... little to a wireless client adapter. ... Most modern AP's have a feature where they don't broadcast their SSID ...
      (alt.internet.wireless)
    • Re: Wireless Network - Access permission
      ... wireless network, but as you say someone that's determined to search for a ... wireless networks and have the right software will see the network anyway. ... Turning off SSID will cause Windoze Wireless Zero Config to not ... will be lost trying to establish a connection. ...
      (alt.internet.wireless)
    • iwi doesnt see a wireless network
      ... I'm trying to get my laptop to connect to the wireless access point at ... Starting AP scan (broadcast SSID) ... Selecting BSS from priority group 0 ... Setting scan request: 0 sec 0 usec ...
      (freebsd-net)
    • Re: Doesnt anyone Know anything about roaming?
      ... I assume you use WZC on the Windows XP clients (and not a third party WLAN ... Then the selection of the SSID is done by WZC, ... make sure everything you buy conforms to the dominant wireless ... >> you can mix brands, operating systems, even network a Mac to a Windows PC ...
      (microsoft.public.internet.radius)