July 9th, 2003, 02:54 PM
How to secure a wireless network.
As far as I know, this has not been done in the past. PM me if it has.
It does complement the tutorial that thehorse13 linked off of M$'s site.
How to secure your wireless set up. As always, anyone with anything to add, especially about an area that I did not cover, is surely welcome. This will not cover anything, but will get those who are just getting started into wireless a little head start. Some security is better than no security.
1) Your network name (SSID)
Your wireless network equipment will come with a default SSID (Service Set Identifier) from the manufacturer, usually the manufacturer’s name. (Linksys, DLink, whatever) Change this. Make it something that most people will not be able to easily guess. Using something complicated like “MyL1ttl351573r153V1l” may not be necessary for this part. Just pick something at least eight letters in length that your average farm animal couldn’t guess.
<Need some examples: if it’s a home network, and your name is steve, name it stevenet. It’ll make you feel powerful “I have my own network, welcome to stevenet” as well as get rid of the silly default SSID>
2) Change your router’s default password.
Duh. Most routers will announce themselves if you type in their IP addresses. “Hi! I’m a linksys BEFSR11 WAP. Want to play?” You need to change your default password, because otherwise 31337 hackerboy down the street with a list of default manufacturer’s passwords (which are all conveniently available from the manufacturer’s website) can easily change your AP settings to something that he likes so he can get up on your network.
3) Use Encryption
4) When using said encryption, use the highest bit WEP available. You may have to use the utility that came with your wireless card instead of the default windows props box. 128 bit or more is pretty darn secure, but if you have to go with 64 for whatever reason (mismatched equipment, etc.) then 64 bit is better than nothing.
5) When determining the passphrase for your encryption, do something complicated. The more complicated the better, (in this case, the “mylittlesisterisevil” phrase from above may be nice. If you have high encryption and a weak passphrase, you have weak encryption.
Even better, make up your own encryption key. Enter in the numbers and letters yourself, to make sure that you don’t do something easy. Yes it’s tedious. But it’s better for you. Also, be sure not to dispose of the notepad you use in the process in a careless way. If someone gets your notes on your wireless network, all of your work is in vain.
6) Pick a non-default channel.
7) If possible, use a static set of local IP addresses, and configure your router to allow only those IP addresses. This will cut down the room other people will have to hop in on your network, unless one of your machines is not on.
8) Research your Wireless Access Point, and see if google or anything else shows up with known problems/exploits for it. Consider a firmware upgrade if you find a bunch of problems with your current set.
9) <<Disputed Topic>> Use a separate firewall/router to connect to the outside world. Keeping your AP behind a firewall means that it won’t announce itself to anyone who knows your IP address. Yes, this gets a little redundant, but it means that you are less likely to get hacked (easily) Using a linksys, dlink, or belkin wireless AP behind a Watchguard SOHO firewall, or something similar, works quite nicely.
10) Authentication (I need help on this one) I’m not the most familiar with authentication, but I know that proper manipulation adds yet some more security to your wireless network. TheHorse13’s linked tut (at top of this thread) has some more info on it.
Once again, additions are welcome. I hope this helps out those entirely unfamiliar with the 802.11 group.
One more (obvious) thing. Make sure all your hardware is compatible. I’ve seen people buy incompatible hardware, and then make their security weak just so they can get it to work. If you are going to go wireless, at least do it correctly.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.