-
August 15th, 2006, 03:17 AM
#1
Junior Member
Wireless security checklist?
Hello, Im new to wireless and I want some expert advise. I read through some tutorials and searched the net a bit for what to do once I get my wireless router. Can you please tell me if I have left anything out of this list:
* Change default usernames and passwords for network devices.
* Enable WPA.
* Change default SSID for each WAP device.
* Disable SSID broadcast.
* Turn of DHCP.
* Change the default IP subnet.
* Enable Mac filtering.
* Adjust signal strength if possible.
* Disable or change Simple Network Management Protocol (SNMP) settings to prevent outsiders from obtaining personal information. (have to read more about that one)
* Install firewall for each computer.
Thanksyou.
-
August 15th, 2006, 03:30 AM
#2
Turn off DHCP? Why? You have another DHCP server running on your network besides the router?
All I'd do is:
* Change default usernames and passwords for network devices.
* Enable WPA
* Enable Mac filtering.
* Install firewall for each computer (XP's default is fine).
Stick to basics if you're not particularly knowledgeable, then move onto the other stuff. Getting wireless up and running is not as easy as a hardwired network.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
August 15th, 2006, 03:35 AM
#3
well....turning off the dhcp....stops outside computers from getting an address\gateway settings automatically......hence slowing down the process of getting on the wireless network...
kinda like auto login....a deterent
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 15th, 2006, 04:20 AM
#4
haha...."auto login..."
Well petereno, it looks like you've got it down brother, I did't even consider disabling the DHCP but I see how that can be effective. I agree with brokencrow though, wireless can be a real bi...bear to setup sometimes, so just go with those basic security measures, make sure everything is fine, and then go from there.
"Do you know why the system is slow?" they ask
"It's probably something to do with..." I look up today's excuse ".. clock speed"
-BOFH
-
August 15th, 2006, 05:30 AM
#5
1) Change default usernames and passwords for network devices - I agree
2) Enable WPA - I agree somewhat, see below
3) Change default SSID for each WAP device - I agree
4) Disable SSID broadcast - I disagree
5) Turn of DHCP - Your choice
** rather than turn it off, just limit your DHCP's IP range to a couple IP's**
6) Change the default IP subnet - Also Your choice
7) Enable Mac filtering - I agree
8) Adjust signal strength if possible - I disagree
9) Disable or change Simple Network Management Protocol (SNMP) settings to prevent outsiders from obtaining personal information. (have to read more about that one) - Your choice
10) Install firewall for each computer - I agree
They left out something very important about WPA. I'm assuming they meant WPA-PSK. If that's the case, WPA is only as strong as the passphrase used. Make sure when you select your passphrase that you use complexity. I reccomend at least 20 characters, mixed between upper case/lower case/numbers and symbols.
The other two options I disagreed with are security through obscurity. Disabling your SSID isn't really going to protect you much, nor is adjusting your signal strength. I suppose, if you weakend your signal to the point where it didn't permeate outside your walls, that may offer some security, but, if you enable a WPA-PSK and choose a good passphrase, limit your DHCP range, enable your MAC filter (not the best security, but it adds another layer), and use common sense. I suspect you'll be fine.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
August 15th, 2006, 08:29 AM
#6
Oh, no...everywhere I go...it's the "evil auto login"...it's deja vu all over again...
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
August 15th, 2006, 12:45 PM
#7
Originally posted here by morganlefay
well....turning off the dhcp....stops outside computers from getting an address\gateway settings automatically......hence slowing down the process of getting on the wireless network...
kinda like auto login....a deterent
MLF
I'm starting to laugh as I read this site... Especially since this time I agree with brokencrow... (as well as ShagDevil)
With MacFiltering and WPA you've got all the "deterent" you need... These are the deterent... (sort of like say... a bios password with the hard drive as your only bootable device)... They force some effort to be exerted... If someone is going to beat MacFiltering... in the process they will have determined your SSID and learned your DHCP range... if not.. shortly after cracking your WPA they will have the DHCP range... if someone's going to go after MacFiltering and WPA.. Disabling DHCP is not an additional deterent. It just makes the users life more inconvenient.. not the malicious persons life.
-
August 15th, 2006, 01:13 PM
#8
I've always used George Ou's Wireless LAN security guide as a guideline. While you're at it, you might want to check out his The Six dumbest ways to secure a wireless LAN - turning on MAC filtering, for example, is in that list, as are disabling DHCP and "hiding" SSID
-
August 15th, 2006, 02:04 PM
#9
Well HT......
I may not be the IT expert you are......
But I see security as a layered approach........make them jump through as many hoops as they can.
hopefully the skiddie will get bored an move on.........
If they really want in ...they will get in.
But I may just notice a rogue IP address that wasnt assigned....tracks
MHO...as always
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 15th, 2006, 02:28 PM
#10
Originally posted here by morganlefay
Well HT......
I may not be the IT expert you are......
But I see security as a layered approach........make them jump through as many hoops as they can.
hopefully the skiddie will get bored an move on.........
If they really want in ...they will get in.
But I may just notice a rogue IP address that wasnt assigned....tracks
MHO...as always
MLF
You're actually more likely to notice that with DHCP enabled.. you'll have leases... you look at your leases and you're like oh.... I only have two clients.. why 3 leases.... Without DHCP (which they could go with or without you having a DHCP server) you'd have to scan the network/sniff traffic and hope they're doing something you'll see/pick up..
I love that you still only addressed me... 4 people have now posted the same sentiment...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|