Re: Suggestions for a secure home network



As far as minimizing SSID broadcast, I'm concerned that you would say
it does 'not' have any security merit.

You are crorrect in that. Trying to hide behind your SSID is like
using WEP and saying its secure. Anybody with a wireless sniffer can
pull the SSID out EVEN IF ITS NOT BROADCASTED. If you have wireless
traffic sniffing software finding the SSID is like stealing candy from
a kid.

On 4/13/06, Alexander Bolante <alexander.bolante@xxxxxxxxx> wrote:
Thanks for the clarification. That was a typo on my part. My brain was
thinking WEP encryption, therefore I meant frequency of changing WEP
key, policies for establishing that WEP key, etc. In that regard, my
questions do have security merit, unless you wanna challenge that as
well :-)

As far as minimizing SSID broadcast, I'm concerned that you would say
it does 'not' have any security merit. You are correct in saying
'there are several wireless devices that will not work properly unless
you broadcast the SSID' however my statement was abstract for that
very reason. My purpose was to get Edmund to think about it as a
possibility if technically feasible, then he can determine whether or
not that's how we wants to setup his wireless devices.

Thanks!



On 4/13/06, Phunkodelic <phunkodelic@xxxxxxxxx> wrote:
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?

I don't think the above 3 items have any security merit, as trying to
"hide" your SSID is not a security measure at all. Anybody who can
sniff wireless traffic can grab the SSID very easily broadcast or
non-broadcast. There are seveal wireless devices that will not work
properly unless you broadcast the SSID.

On 4/12/06, Alexander Bolante <alexander.bolante@xxxxxxxxx> wrote:
From a design perspective, I think it would also be good for you to
have a security checklist:

WLAN Security:
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?
Access point location to reduce eavesdropping?
Locking management interfaces?
Use static IPs vs. DHCP?
MAC-based access restrictions?

Network Security:
Placement in a DMZ?
Use a firewall and setup ACLs/rules that enable access only for known
MAC/IP addresses?
Consider using an IDS if you plan on maintaining the solution?

That's a start. Hopefully then your solution's risk will really just
boil down to physical security.
Good luck, but have fun!

Thanks!
Alexander


On 4/9/06, Edmond Chow <echow@xxxxxxxxxxxx> wrote:

Hello List,

I am looking to put together a home network for a high-end client of mine
and would like your opinion on what type of equipment to use.

Here's an overview of his requirement:

- Two MACs (for his kids) on a wireless network
- Two PCs on a wired network - these two PCs have sensitive information on
them. These computers would not be used for remote access but only for
internet and email access. I am thinking of adding hard drive encryption to
these two computers.

I'm thinking of three approaches and would like your thoughts:

#1 - Use a cable modem with non-wireless router for his two PCs and use a
separate DSL modem with wireless router for his two MACs. Double the monthly
cost for internet access but there is no chance that hackers entering
through the MACs will be able to access his PCs.
#2 - Use a router (I was thinking of something like an Astaro router or
Cisco router) for the PCs and then connect a Linksys wireless router with
WPA security to the first router. The wireless router would be used for the
two MACs.
#3 - Use a wireless router with WPA security for the wireless MACs and then
hard wire the two PCs to the non wireless router ports on the back of the
wireless router.

Any thoughts you would have would be greatly appreciated. Any manufacturers
and or models you could suggest would also be much appreciated.

Thanks.

Regards,


Edmond




-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------





--
Alexander Bolante | Alexander.Bolante@xxxxxxxxx

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------





--
Alexander Bolante | Alexander.Bolante@xxxxxxxxx


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------



Relevant Pages

  • Re: Suggestions for a secure home network
    ... Policies for establishing that SSID? ... I don't think the above 3 items have any security merit, ... separate DSL modem with wireless router for his two MACs. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: Suggestions for a secure home network
    ... As far as minimizing SSID broadcast, I'm concerned that you would say ... it does 'not' have any security merit. ... separate DSL modem with wireless router for his two MACs. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: First foray into the wireless world, couple of questions...
    ... Perhaps a neighbor is using the same channel and hiding the ... SSID, so you haven't noticed. ... any wireless problems. ... include the Wireless Router in the path: ...
    (alt.internet.wireless)
  • Re: Suggestions for a secure home network
    ... I also wouldn't put too much belief that this will provide security ... Anybody with a wireless sniffer can ... pull the SSID out EVEN IF ITS NOT BROADCASTED. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: Wireless Disconnects
    ... When setting up wireless for clients and noticing ... an open network or other wireless configuration issue, if the SSID gives ... In a home security and personal privacy sense, though, keeping a little ... John Navas FAQ for Wi-Fi: ...
    (alt.internet.wireless)