• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

**OT: posting from new home WIRELESS network

Engineer

Engineer

Elite Member
Sorry, but had to post in my favorite forum from my new "cheap"home network. 😀

Just got a Netgear MR814 Wireless router with 4 port switch and a US Robotics 2410 wireless PCMCIA card. The net price after throwing in a HP MX50 monitor is....drum roll....They paid me 4 dollars to take it all (after MIR's of course)! 🙂

I love the Hot Deals forum too! 🙂

Woooooooooooooo!

Sorry, had to brag a little...first wireless network I've played with.....much less owned! 🙂

more...more...more! :Q
 
Enjoy your wireless network, Engineer, but be sure to secure it. We wouldn't want some hacker getting inside and messing up your SETI crunchers. 🙂
 
Originally posted by: jliechty
Enjoy your wireless network, Engineer, but be sure to secure it. We wouldn't want some hacker getting inside and messing up your SETI crunchers. 🙂
Click to expand...

So far, the first and only thing I've done is enable "passphrase" 64 bit enabled WEP. Should I go to 128? I'm very "newbie" to wireless stuff...but it's very cool! 😀

 
Engineer, can you set it to only permit MAC addresses you enter? That would make it pretty darn tricky to crack. I'm setting up such a setup on our (wired) LAN at work, where each "known" machine has an IP reserved for it, and all excess ones are disabled, effectively "guest-proofing" the LAN from a DHCP standpoint (or so my naive mind hopes).
 
Originally posted by: mechBgon
Engineer, can you set it to only permit MAC addresses you enter? That would make it pretty darn tricky to crack. I'm setting up such a setup on our (wired) LAN at work, where each "known" machine has an IP reserved for it, and all excess ones are disabled, effectively "guest-proofing" the LAN from a DHCP standpoint (or so my naive mind hopes).
Click to expand...
Hmm, limiting by IPs won't keep out the determined hacker, but limiting by MAC addresses should be more secure. Maybe you meant MAC address when you said IP address, but there is a difference (as I'm sure you know). 🙂
 
I have had a wireless router for a while now (an older D-Link).
I didn't have good connectivity when I turned on WEP, so right now I just use a very long, unguessable SSID and have it set to discard any PINGS from the internet. Firewall logs don't show much activity except occasionally, and it has been pretty flawless. I've had to reboot it only twice in 18 months (to restore the DSL connection).

My only interesting problem was enabling the Discard PING from WAN feature, which was disabled on my router, but enabled on newer models. I looked in the programming file for the Flash Upgrade and found that the programmers had merely commented out the applicable check box, so I edited the file to add NULLS instead of commenting marks, and flashed. Now I can discard PINGS, which I highly recommend.

Good luck with yours. I hope it is a trouble free as mine is.
 
A few tips...

1. use 128-bit wep.. its crackable though (takes longer than 64-bit)
2. disable broadcast of SSID, so drive-by haxx0rs don't even know you have a network.
3. make your SSID long and unguessable... dont use your last name or anything, that would make it more guessable...



gotta go, will add more later

EDIT:
4. If you were to need even better security (which I can't imagine since it's not a company network), you could setup a firewall between the wireless network and the other machines on your network
 
I am sitting here on the PC in my living room on a wirelesss network myself (only dial up though🙁) I would like to hear some more tips on making this thing a bit more secure. Or is do the above about cover it? Thanks.
 
Originally posted by: jliechty
Originally posted by: mechBgon
Engineer, can you set it to only permit MAC addresses you enter? That would make it pretty darn tricky to crack. I'm setting up such a setup on our (wired) LAN at work, where each "known" machine has an IP reserved for it, and all excess ones are disabled, effectively "guest-proofing" the LAN from a DHCP standpoint (or so my naive mind hopes).
Click to expand...
Hmm, limiting by IPs won't keep out the determined hacker, but limiting by MAC addresses should be more secure. Maybe you meant MAC address when you said IP address, but there is a difference (as I'm sure you know). 🙂
Click to expand...

The DHCP server has a range of IPs it can hand out. By making one IP reservation for each authorized MAC address, and disabling all excess IPs, the server essentially tells an "outside" machine, 'Hey, sorry, I see your DHCP request but all my IP's are already on hold for other machines with other MAC addresses, and I don't have any spares. Sorry! 🙁' And without an IP, I don't think the user can authenticate, even if they had a username and password in their possesion. Kind of like trying to park your car in a parking lot where all the spots have placards saying "Reserved for so-&-so". 🙂
 
Originally posted by: mechBgon
Originally posted by: jliechty
Originally posted by: mechBgon
Engineer, can you set it to only permit MAC addresses you enter? That would make it pretty darn tricky to crack. I'm setting up such a setup on our (wired) LAN at work, where each "known" machine has an IP reserved for it, and all excess ones are disabled, effectively "guest-proofing" the LAN from a DHCP standpoint (or so my naive mind hopes).
Click to expand...
Hmm, limiting by IPs won't keep out the determined hacker, but limiting by MAC addresses should be more secure. Maybe you meant MAC address when you said IP address, but there is a difference (as I'm sure you know). 🙂
Click to expand...
The DHCP server has a range of IPs it can hand out. By making one IP reservation for each authorized MAC address, and disabling all excess IPs, the server essentially tells an "outside" machine, 'Hey, sorry, I see your DHCP request but all my IP's are already on hold for other machines with other MAC addresses, and I don't have any spares. Sorry! 🙁' And without an IP, I don't think the user can authenticate, even if they had a username and password in their possesion. Kind of like trying to park your car in a parking lot where all the spots have placards saying "Reserved for so-&-so". 🙂
Click to expand...
Mea culpa. I didn't understand. 😱
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top