Wireless security checklist?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Wireless security checklist?

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    2

    Wireless security checklist?

    Hello, Im new to wireless and I want some expert advise. I read through some tutorials and searched the net a bit for what to do once I get my wireless router. Can you please tell me if I have left anything out of this list:


    * Change default usernames and passwords for network devices.

    * Enable WPA.

    * Change default SSID for each WAP device.

    * Disable SSID broadcast.

    * Turn of DHCP.

    * Change the default IP subnet.

    * Enable Mac filtering.

    * Adjust signal strength if possible.

    * Disable or change Simple Network Management Protocol (SNMP) settings to prevent outsiders from obtaining personal information. (have to read more about that one)

    * Install firewall for each computer.

    Thanksyou.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Turn off DHCP? Why? You have another DHCP server running on your network besides the router?

    All I'd do is:

    * Change default usernames and passwords for network devices.

    * Enable WPA

    * Enable Mac filtering.

    * Install firewall for each computer (XP's default is fine).

    Stick to basics if you're not particularly knowledgeable, then move onto the other stuff. Getting wireless up and running is not as easy as a hardwired network.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    well....turning off the dhcp....stops outside computers from getting an address\gateway settings automatically......hence slowing down the process of getting on the wireless network...

    kinda like auto login....a deterent

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    110
    haha...."auto login..."


    Well petereno, it looks like you've got it down brother, I did't even consider disabling the DHCP but I see how that can be effective. I agree with brokencrow though, wireless can be a real bi...bear to setup sometimes, so just go with those basic security measures, make sure everything is fine, and then go from there.
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    1) Change default usernames and passwords for network devices - I agree
    2) Enable WPA - I agree somewhat, see below
    3) Change default SSID for each WAP device - I agree
    4) Disable SSID broadcast - I disagree
    5) Turn of DHCP - Your choice
    ** rather than turn it off, just limit your DHCP's IP range to a couple IP's**
    6) Change the default IP subnet - Also Your choice
    7) Enable Mac filtering - I agree
    8) Adjust signal strength if possible - I disagree
    9) Disable or change Simple Network Management Protocol (SNMP) settings to prevent outsiders from obtaining personal information. (have to read more about that one) - Your choice
    10) Install firewall for each computer - I agree

    They left out something very important about WPA. I'm assuming they meant WPA-PSK. If that's the case, WPA is only as strong as the passphrase used. Make sure when you select your passphrase that you use complexity. I reccomend at least 20 characters, mixed between upper case/lower case/numbers and symbols.
    The other two options I disagreed with are security through obscurity. Disabling your SSID isn't really going to protect you much, nor is adjusting your signal strength. I suppose, if you weakend your signal to the point where it didn't permeate outside your walls, that may offer some security, but, if you enable a WPA-PSK and choose a good passphrase, limit your DHCP range, enable your MAC filter (not the best security, but it adds another layer), and use common sense. I suspect you'll be fine.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    haha...."auto login..."
    Oh, no...everywhere I go...it's the "evil auto login"...it's deja vu all over again...

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    well....turning off the dhcp....stops outside computers from getting an address\gateway settings automatically......hence slowing down the process of getting on the wireless network...

    kinda like auto login....a deterent

    MLF
    I'm starting to laugh as I read this site... Especially since this time I agree with brokencrow... (as well as ShagDevil)

    With MacFiltering and WPA you've got all the "deterent" you need... These are the deterent... (sort of like say... a bios password with the hard drive as your only bootable device)... They force some effort to be exerted... If someone is going to beat MacFiltering... in the process they will have determined your SSID and learned your DHCP range... if not.. shortly after cracking your WPA they will have the DHCP range... if someone's going to go after MacFiltering and WPA.. Disabling DHCP is not an additional deterent. It just makes the users life more inconvenient.. not the malicious persons life.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I've always used George Ou's Wireless LAN security guide as a guideline. While you're at it, you might want to check out his The Six dumbest ways to secure a wireless LAN - turning on MAC filtering, for example, is in that list, as are disabling DHCP and "hiding" SSID

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well HT......

    I may not be the IT expert you are......

    But I see security as a layered approach........make them jump through as many hoops as they can.

    hopefully the skiddie will get bored an move on.........

    If they really want in ...they will get in.

    But I may just notice a rogue IP address that wasnt assigned....tracks

    MHO...as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    Well HT......

    I may not be the IT expert you are......

    But I see security as a layered approach........make them jump through as many hoops as they can.

    hopefully the skiddie will get bored an move on.........

    If they really want in ...they will get in.

    But I may just notice a rogue IP address that wasnt assigned....tracks

    MHO...as always

    MLF
    You're actually more likely to notice that with DHCP enabled.. you'll have leases... you look at your leases and you're like oh.... I only have two clients.. why 3 leases.... Without DHCP (which they could go with or without you having a DHCP server) you'd have to scan the network/sniff traffic and hope they're doing something you'll see/pick up..

    I love that you still only addressed me... 4 people have now posted the same sentiment...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides