Have upgraded to wireless router

[rstove02]

Bought a WRT54GL wireless router.

So far I have done the following:
1) Updated to latest firmware.
2) Changed the login password to the router.
3) Disabled SSID broadcast.
4) Changed SSID.
5) Changed router name.
6) Enabled WPA2 encryption.
7) Reduced the number of connections from 100 to ~4 or so.

Was there anything I have missed in securing my router? TIA

 

[jlazzaro]

enable SSID broadcast...hiding it provides no real security and will just aid in giving you a headache.

 

[Kaervak]

Originally posted by: jlazzaro
enable SSID broadcast...hiding it provides no real security and will just aid in giving you a headache.

Pretty much. All you need to do now a days is turn on WPA/WPA2 and use a strong enough passphrase. SSID hiding, MAC address filtering ectera is pretty useless. For a really strong password, go here: https://www.grc.com/passwords.htm 63 character random ASCII phrase = overkill, but I like overkill.

 

[JackMDS]

The logic is simple. Thus far WPA2 was Not Broken.

A Genius that would brake WPA2 would be able to deal with SSID and MAC filter in 22seconds.

Switch Off SSID can result in destabilizing your connection.

 

[rstove02]

Okay, noob question here....but does length of the WPA2 passkey have any affect on the difficulty of breaking of attempting to break WPA2? (note I stated difficulty of attempting to break)

Since reading the thread so far, have done the following changes:
1) Re-enabled SSID broadcast.
2) Disabled wireless access to the router's configuration GUI http interface.

Also heard that is was a good idea to pick a channel other than the default channel? This true?

 

[Kaervak]

From a recent Security Now episode, the recommended minimum WPA/WPA2 key length is 24 characters. Here's a link to the transcript: http://www.grc.com/sn/SN-128.txt (search for WPA.) Changing the default channel is a good idea to cut down on interferrence from other wireless signals.

 

[bigpow]

-change subnet from the pedestrian 192.168.x.x to 172 or 10, spesifically change the router address
-MAC address filtering for wifi
-Static address (permanent lease) for permanent hosts (requires 3rd party firmware)
-slow down the wifi polling (anti netstumbler)

But the best security would be to run wire through out your house, just like some expert advised me a few weeks ago when I came up with wifi question.

 

[spidey07]

Originally posted by: bigpow
-change subnet from the pedestrian 192.168.x.x to 172 or 10, spesifically change the router address
-MAC address filtering for wifi
-Static address (permanent lease) for permanent hosts (requires 3rd party firmware)
-slow down the wifi polling (anti netstumbler)

But the best security would be to run wire through out your house, just like some expert advised me a few weeks ago when I came up with wifi question.

LOL!

these are not security measures and all could be easily gathered by a general arp sweep, or hell even just looking at the traffic you could figure out the addressing and router address in a couple frames. You would have to have the key for any of this to happen so it's just added "psuedo security".

Use wpa2-psk, broadacst the SSID, use a strong key and you're done. Beyond that you have to keep the RF outside of the building which isn't practical for home/enterprise use.

-edit-
What I mean to say is all those countermeasures are useless against strong key management and a strong pre-shared key used by WPA2/AES. You're assuming your frames can be understood - if so there is nothing you can do to protect it.

 

[Madwand1]

Originally posted by: rstove02
does length of the WPA2 passkey have any affect on the difficulty of breaking of attempting to break WPA2? (note I stated difficulty of attempting to break)

Yes, difficulty is related to the key length for some attacks. SmallNetBuilder for example has an article on cracking short/weak WPA/WPA2 keys. But why bother with short / simple keys? So that you can easily memorize them and type them in? That's not really important, and in itself prone to error/weakness. I suggest using maximum length keys, randomizing them, saving to a file, and using copy/paste thereafter.

E.g. using a key generated here and manually modified further:

https://www.grc.com/passwords.htm

 

[Modelworks]

Turn off wifi when you know its not going to be used.
Usually takes just a second.