Need some Security Assistance

I am brand new to wireless networking and want to make my small home
Wireless LAN as secure as I can from outside users.

I have one desktop PC directly connected via Ethernet to my Netgear
Wireless Router and 2 laptops connecting to my Wireless Router via
Wireless cards.

I have Changed the default SSID, enabled WEP with a strong password, and
enabled MAC Address filtering (although from what I have read that is
somewhat of a waste of time!.

What else should I do to prevent unauthorize access?

P.S. The router I have does NOT support WPA

"DW" <(E-Mail Removed)> wrote in message
newsOWdnXKJv_JUiSPeRVn-(E-Mail Removed)...
>I am brand new to wireless networking and want to make my small home
>Wireless LAN as secure as I can from outside users.
>
> I have one desktop PC directly connected via Ethernet to my Netgear
> Wireless Router and 2 laptops connecting to my Wireless Router via
> Wireless cards.
>
> I have Changed the default SSID, enabled WEP with a strong password, and
> enabled MAC Address filtering (although from what I have read that is
> somewhat of a waste of time!.
>
> What else should I do to prevent unauthorize access?

1) Get a router that supports WPA it's better than WEP..
2) Get an all wire router and start dragging cable.
3) Look at a PowerLine router solution and use that.

Duane

> I have Changed the default SSID, enabled WEP with a strong password, and
> enabled MAC Address filtering (although from what I have read that is

Just to point out that there's no such thing as a strong WEP password.
Doesn't matter what you drop in as the passphrase, the output is a key
which is inherently weak.

MAC filtering has no security value as MAC addresses are broadcast,
sniffable and spoofable in under a minute.

David.

"DW" <(E-Mail Removed)> wrote in message > I am brand new
to wireless networking and want to make my small home
> Wireless LAN as secure as I can from outside users.
>
> I have one desktop PC directly connected via Ethernet to my Netgear
> Wireless Router and 2 laptops connecting to my Wireless Router via
> Wireless cards.
>
> I have Changed the default SSID, enabled WEP with a strong password, and
> enabled MAC Address filtering (although from what I have read that is
> somewhat of a waste of time!.

Two schools of though on MAC filtering. Neither are "wrong". You've been
given one already, so I'll give the other. It is trivial to obtain a MAC
address and spoof it, but MAC filtering does still have value. Say, for
instance, if one of my LAN WAP's should lose settings after a power cycle
(storm). After it rebooted, everything is back to default (no WPA) and it
is more than willing to let anyone in (up to the router). The router would
still block by MAC. Yes, it is trivial to get around that, but seriously
the majority of people out there are clueless anyway. Your average
neighbor, who might be connecting at this point, probably doesn't even know
they are connecting to your WAP! We all see the "default" SSIDs out there,
they don't have about their own WAP so you really expect them to get around
your MAC filtering? Do a deja search on people asking how to obtain and
spoof a MAC address -- MAC filtering would block each and every one of them.
I'm not saying that MAC filtering should be considered a serious security
point, but it will prevent many from getting in regardless (especially those
that don't even know they are trying to get in).

Another reason I choose to use MAC filtering is because omy router will not
assign two of the same IP addresses. With all my WLAN PC's always
connected, should one of the WAPs default, someone one have to knock one of
PC's off before they could even attempt to MAC spoof.

Its a minor inconvience to punch in MACs everytime getting something new,
but I'll continue to use it.

> What else should I do to prevent unauthorize access?
>
> P.S. The router I have does NOT support WPA

Without WPA, if you are really paranoid: VPN

Cheers,
Eric

> instance, if one of my LAN WAP's should lose settings after a power cycle
> (storm). After it rebooted, everything is back to default (no WPA) and it
> is more than willing to let anyone in (up to the router). The router would

If the router lost settings after a power cycle then I'd suggest that it
was faulty!

> they don't have about their own WAP so you really expect them to get around
> your MAC filtering? Do a deja search on people asking how to obtain and
> spoof a MAC address -- MAC filtering would block each and every one of them.

But any router that maintains its settings, even WEP will stop them
connecting "accidentally".

> I'm not saying that MAC filtering should be considered a serious security
> point, but it will prevent many from getting in regardless (especially those
> that don't even know they are trying to get in).

As will WEP.

> > What else should I do to prevent unauthorize access?
> >
> > P.S. The router I have does NOT support WPA
>
> Without WPA, if you are really paranoid: VPN

VPN's aren't the magic bullet solution either but it depends on the
level of risk you want to be exposed to and yes I agree that for a home
LAN then they'll work fine. On the other hand, you then have to set up
an endpoint which isn't in the skillset of many home users.

David.

A part from what others have replied, you can check the Netgear website
for firmware upgrades that will "upgrade" your current hardware to
configure WPA. But if you do not set up a RADIUS server that means you
are going to use WPA-PSK which means that any educated wireless hacker
would be able to determine that key in minutes. To follow up with what
Eric said, most people are clueless about thier wireless environments
(neighbors and such surrounding you).
Finally, you can control how many IP's are using, so instead of using
the default 255.255.255.0 netmask, you should consider 255.255.255.248
and use static IPs instead of DHCP. Most of the current operating
systems out there allow for alternate configurations if you end up
traveling with your laptops. If you are really worried about
unauthorized access, then make sure you use the logging function native
to your NETGEAR.

"David Taylor" wrote in message ...
> > instance, if one of my LAN WAP's should lose settings after a power
cycle
> > (storm). After it rebooted, everything is back to default (no WPA) and
it
> > is more than willing to let anyone in (up to the router). The router
would
>
> If the router lost settings after a power cycle then I'd suggest that it
> was faulty!
>
> But any router that maintains its settings, even WEP will stop them
> connecting "accidentally".

My routers are seperate from my WAPs. *shrug* Its rare, but seen a couple
of them (WAPs) lose their settings after an abrupt power cycle "flicker".
Didn't attribute it to either of them being "faulty", but simply the nature
of cheap consumer junk.

Cheers,
Eric

> are going to use WPA-PSK which means that any educated wireless hacker
> would be able to determine that key in minutes. To follow up with what

Crap, unless you'd care to cite how?