Wireless net secure? Anything else to do?

[agoodpop]

Have a linksys befw11s4 ver2 router and have done the following to secure it.
change default passwd
disable ssid broadcast
change default ip address
mandatory 128 bit WEP
enable MAC filter and place MAC for my wireless laptop in table

Anything i'm missing or am i secure?

Also, what is best way to restrict IM from my daughter. restrict port or IP. Would like her to be able access internet but not IM all day long especially during summer. How should i do this. Is there also a way to remote access router to turn on or off access for her while i might be at work?

Thanks

 

[saimike]

Originally posted by: agoodpop
Have a linksys befw11s4 ver2 router and have done the following to secure it.
change default passwd
disable ssid broadcast
change default ip address
mandatory 128 bit WEP
enable MAC filter and place MAC for my wireless laptop in table

Anything i'm missing or am i secure?

Also, what is best way to restrict IM from my daughter. restrict port or IP. Would like her to be able access internet but not IM all day long especially during summer. How should i do this. Is there also a way to remote access router to turn on or off access for her while i might be at work?

Thanks

cant help u on IM restrictions cos i dont restrict myself

one thing u forgot, is to change the default SSID. after that, the next step would be some RADIUS authentication etc. thats not cheap.

 

[skyking]

Is there also a way to remote access router to turn on or off access for her while i might be at work?

If it does not specify a remote management interface in the manual or user's guide, then I think not.
If you do not find those features in the linksys and really want them, I suggest a netgear mr814.
It has all those features, remote management from a single IP, range of ip's, or the whole world( I would never choose that one)
Many routers will only do the last one, and that would worry me.
you can set a schedule to turn off or on her connection, block applications, and block URLs.
it has a built in dyndns client, so you can find it anytime, even if the dynamic address has changed.

 

[Red Squirrel]

hmm, by dundns, is it an actual dns server? If yes, you can just make the IM server point to a different IP, like 127.0.0.1. I'm sure she'll get off when she's the only one on the "Server".

 

[SaigonK]

Radius is way more than anyone at home will ever need...dont bother you should be fine. It doesnt save you from someone cracking your WEP keys, only form getting onto the AP, which anyone looking for real data doesnt really care to get onto your AP they just want the packets in the air to be unencrypted.


You have to push a ton of data, and when I say a ton i mean a TON of data to have someone sniff your lan and then crack WEP. The everyday home user just isnt going to do that much traffic. Also, who the heck is going to sit outside your aprtment or house for 10 hours with an anntenae and laptop.

I would think you might notice that....

 

[saimike]

Originally posted by: SaigonK
Radius is way more than anyone at home will ever need...dont bother you should be fine. It doesnt save you from someone cracking your WEP keys, only form getting onto the AP, which anyone looking for real data doesnt really care to get onto your AP they just want the packets in the air to be unencrypted.


You have to push a ton of data, and when I say a ton i mean a TON of data to have someone sniff your lan and then crack WEP. The everyday home user just isnt going to do that much traffic. Also, who the heck is going to sit outside your aprtment or house for 10 hours with an anntenae and laptop.

I would think you might notice that....

agreed! i was merely bringing that up to highlight that the next step is a b.i.g. step ... and like u said, "one that is way more than anyone at home will ever need"

 

[MercenaryForHire]

Exactly. Switch your SSID even if it isn't broadcasting, and check up on things periodically. Also, cycle your WEP keys.

RADIUS is serious overkill for home security. While it does only take about three hours to crack the 24-bit IV (which is all you need, folks) that's three hours a 1337 h4x0r d00d would rather spend on a worthwhile target.

- M4H

 

[SaigonK]

saimike: Exactly! Way more.

3 hours of a constant 1mb stream, your average home user running at maybe 300k would be like another 10 hours.
Imagine the l33t hacker in your front yard for 10 hours in a black van with the windows painted flat black....hehehehe...I would tend to notice that.