On Sat, 17 Dec 2005 11:58:20 -0600, "Go Tyler"
<(E-Mail Removed)> wrote:
>I have changed my ssid, set it not to display in a wireless search result,
>enabled wpa. What else can I do to make my wireless network secure?
Don't bother hiding your SSID. It will show up anyway on all passive
sniffers and offers almost no security advantage. As a side effect,
it makes it difficult for others to select an unoccupied channel, and
confuses some wireless client software.
There are lots of suggestions around on how to properly secure a
wireless router. Advice varies. My personal list of basics do not
follow the orthodoxy. In order of importance:
1. Keep the wireless router firmware up to date. Security problems
are constantly being identified and fixed. You don't want to be a
victim of a known exploit.
2. Change your SSID, keys, SNMP, and passwords from the defaults.
Like all passwords, establish a set schedule for changeing them.
3. Use WPA with a decent key that's at least 20 chars long. Also
change this password per a set schedule.
4. Don't punch too many holes in your firewall (port redirection).
This has nothing to do with wireless security but will prevent
suprises that arrive via the internet.
5. Limit your RF exposure to only those areas you intend to cover. It
makes no sense to make it easy for the neighbors 13 year old brat to
see your traffic. Use directional antennas and reflectors to direct
the signal to the inside of your house and away from the windows.
6. Disable remote admin unless you need it.
7. Use MAC address filtering even though it offers almost no security
benifits. It's to keep my log files from filling with accidental
connect attempts and garbage.
8. Monitor the firewall with:
SNMP
http://home.comcast.net/~jay.deboer/airsnare/
http://www.sonic.net/wallwatcher/
or other intusion detection system. If you're really into it, monitor
connections with:
http://svs.sv.funpic.de/
Monitoring may be overkill but you don't have to leave these running
all the time. Just take a look at what's moving when something weird
happens, like unusual and unexpected traffic.
>All I have is one laptop and one desktop. The desktop is connected with cat
>5 cables, so I don't think I have to worry about it, but what about my
>laptop?
Laptop security is a different issue. Any wireless hacker that can
connect to your wireless router can "see" both your desktop and your
laptop. The router inside your wireless router box does nothing as it
only protects against attacks from the WAN (internet) side, and does
NOTHING on the LAN side. Therefore, if you're expecting visitors
bearing laptops on your network, you want to treat them as they are
hostile visitors until otherwise proven. Skool kids coming home for
the Xmas vacation bearing laptops full of file sharing software with
spyware and worms attached are the major risk.
Therefore, I suggest you defend both your desktop and laptop with a
suitable personal software firewall. The Windoze Firewall that comes
with XP SP2 is totally adequate for the job. The default setting are
usually just fine. I suggest you familiarize yourself with the
various pages and settings so you know how it works. Otherwise, a 3rd
part personal firewall, such as ZoneAlarm, Kerio, Norton Firewall,
McAfee Firewall, etc, will work.
--
Jeff Liebermann
(E-Mail Removed)
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Similar Threads
Linear Mode
