Tips to increase wireless security

[ghidu]

I'm going wireless and I was wondeing what I can do to increase the security. I live on the first floor so my network would be easily find. Also my computers are in separate rooms. Is it a good idea to put the router in the hallway?

 

[bacillus]

your best bet is to simply use wpa or wpa2 encryption with a long key!

 

[ghidu]

So the position of the router is not that important.
The guys in here recommended me the Linksys WRT54GL. What do you think?
Thank you.

 

[Fullmetal Chocobo]

I've had good experiences with that router. You also have to consider, that for every protected network, there are literally ~10 unprotected wireless networks. So the odds are in your favor if you use WPA or WPA2.

 

[jonesthewine]

I would enable MAC filters as an additional layer of security...or as the only layer, which is what I use.

Router positioning can have an effect on leeches as well.. placing it away from windows and in the center of your living space will minimize the distance that your signal travels outside your apartment/condo/whatever. You may be able to decrease the signal strength in the router's setup interface to minimze signal leakage even further.

Also, in DHCP, limit the range of IP addresses that can be assigned....maybe you have three computers to network. Enable 192.168.0.100 through 192.168.0.102 as the range of addresses that may be assigned, and assign each IP address to a specific MAC address.

 

[0roo0roo]

mac filter, course spoofing is easy, but not for average folk.
wep key, change the key every couple weeks or whatever.
depends on your neighbors, how many hax kiddies live around u. wep is relatively easy to crack, not for normal people though. i wouldn't worry too much about the newer security stuff, its unlikely to be broken by mr neighbor.
and yea limit ips/connections. easier to keep track of usage.
and of course don't broadcast ssid

 

[kingtas]

Like every one said plus one more point.

1. WEP key would be good enough for residential, in my opinion.
2. Turn off SSID broadcast so you don't tell the world you're there.
3. Limit number of connections to the number of your internal IP addresses.
4. MAC Address filting would be OK.

 

[Madwand1]

There's no good reason for using WEP when WPA is available, as it should be with any reasonably modern wireless gear.

Also use a long randomized passkey. There are some online generators, and you could just type in your own. (Save it to a text file as well.)

 

[NuroMancer]

Originally posted by: 0roo0roo
mac filter, course spoofing is easy, but not for average folk.
wep key, change the key every couple weeks or whatever.
depends on your neighbors, how many hax kiddies live around u. wep is relatively easy to crack, not for normal people though. i wouldn't worry too much about the newer security stuff, its unlikely to be broken by mr neighbor.
and yea limit ips/connections. easier to keep track of usage.
and of course don't broadcast ssid

Agreed except for wep. Don't use wep, WPA is just as easy to use and provides alot more security.

If you are only going to have you computers on the network, MAC address filtering is just an added layer of security that is easily broken. If you have people over, it is a hassle, to constantly add them.

With a linux firm ware and the WRT54GL I believe you can change the signal strength broadcast. Turn it down so you don't really get a signal from the road outside.

Limiting Ips is again, just an addes layer, easily broken, and a pain if you have people over who you want to be able to use the network.

SSID broadcast removal is a good idea, but it can play havok with some wireless clients, so you may have to leave it on.

But don't use Mac address filtering as your only security, please. Also the position of the router is only important I think if it matters to you, place it in a area where it will have max coverage over all of the client computers, and remember, wired is still better .

 

[corkyg]

What a great bunch of replies. These would be very good to consolidate and put on a sticky. I have gone through the experiences of securing my wireless home network, and it would have been great to have had all of this on one sheet!

Much of it can be found in the literature that comes with a wireless router, but not all.

A pat on the back to all responders.

 

[ghidu]

I agree with corkyg; great advices. I've just bought the WRT54GL and I've only configured the internet connection. Will play some more tomorrow and will let you know.
Thank you all.

 

[Brainonska511]

Give each computer a fixed IP (if they are desktops) and then limit the number of IP address that can be handed out to 0 (if you have all comps on a fixed IP) or whatever number of IP addresses you want to be able to hand out to other machines.

 

[Skeeedunt]

ha... I never thought about turning off DHCP. that's probably enough to throw most people off. probably not the ones that hacked through your WPA and spoofed your MAC address though

 

[MercenaryForHire]

1) WPA with a good long passphrase with random characters - eg: Th1$P@ssW0rDiZl3eT3nUf2pR0t3kTjo0
2) Enjoy.

There you go, you're secure.

- M4H

 

[ghidu]

OK. I can't seem to configure the wireless. The thing is that ever since I bought the laptop I can't connect to any wireless network. Is there a "how to" guide? My laptop is centrino based.

 

[Oyeve]

Originally posted by: MercenaryForHire
1) WPA with a good long passphrase with random characters - eg: Th1$P@ssW0rDiZl3eT3nUf2pR0t3kTjo0
2) Enjoy.

There you go, you're secure.

- M4H

Thanks for giving us your passphrase.

 

[rudder]

Originally posted by: bacillus
your best bet is to simply use wpa or wpa2 encryption with a long key!

Password generator

Just copy the password to a CD to configure each wireless device and with WPA you will be good to go.

 

[FP]

If you have a Linux machine on your internal network install arpwatch and have it e-mail you when a new MAC address is found on your network.

That way you will be instantly notified whenever a new computer auths into your network.

 

[Rubycon]

Turning off SSID broadcast does *NOTHING* to enhance security. If anything it makes you MORE VULNERABLE because you THINK you are more secure and if anything is worse than a lack of security, it's a false sense of a security presence! :laugh:

If you're really concerned about security this is your best option.

 

[Jeff7]

Originally posted by: MercenaryForHire
1) WPA with a good long passphrase with random characters - eg: Th1$P@ssW0rDiZl3eT3nUf2pR0t3kTjo0
2) Enjoy.

There you go, you're secure.

- M4H

Maybe add some special characters in there too? 8-ïf?
Assuming it supports them.


Your other option: Replace your siding. While doing so, put a metal mesh over the entire house. Faraday cage.

 

[ghidu]

Originally posted by: binister
If you have a Linux machine on your internal network install arpwatch and have it e-mail you when a new MAC address is found on your network.

That way you will be instantly notified whenever a new computer auths into your network.

Good idea binister.

Originally posted by: MS Dawn
If you're really concerned about security this is your best option.

I knew that. I'm thinking about WLAN for a long time (when WEP and SSID were the only thing keepping the network secure)

Thank you all for your replies. My network is up and running, including wireless.
Any thoughts about router firewall? Does it need any changes?