Wifi hardening

A local Church has been running a wifi network for some time , and
again they have been raided over the wifi so being softhearted I am
going to sort things a little in the morning , atm there is no security
and being trustful naive souls they felt it was unnecessary (oops)

I don't want to make it to hard to maintain so will be applying
the following

Secure the router ( yes it's basic)

Stop broadcast of the SSID

Enable WPA encryption instead of WEP

Use MAC filtering for access control

Reduce your WLAN transmitter power

Disable remote administration


Turn off the router dhcp and specify ip ranges fixed ?


if it happens again I will take a look at maybe radius and wonder if
there are any other easy suggestions as I wont be admisitering this
network , I would prefer to run copper but it physically is not possible
Thanks
B

atec 77 <"atec77 "@hotmail.com> wrote:
> Stop broadcast of the SSID

Please don't do this.

It doesn't stop anyone with the tools to hack WEP (although I see you're
using WPA; good) and makes it harder for anyone else in range to *avoid*
the channel you're using.

Chris

Chris Davies wrote:
> atec 77 <"atec77 "@hotmail.com> wrote:
>> Stop broadcast of the SSID
>
> Please don't do this.
>
> It doesn't stop anyone with the tools to hack WEP (although I see you're
> using WPA; good) and makes it harder for anyone else in range to *avoid*
> the channel you're using.
>
> Chris

Disabling SSID broadcasting also makes it difficult for the user to
access the user's network, and can make it difficult to retain the
connection.

Q

Quaoar wrote:
> Chris Davies wrote:
>> atec 77 <"atec77 "@hotmail.com> wrote:
>>> Stop broadcast of the SSID
>>
>> Please don't do this.
>>
>> It doesn't stop anyone with the tools to hack WEP (although I see you're
>> using WPA; good) and makes it harder for anyone else in range to *avoid*
>> the channel you're using.
>>
>> Chris
>
> Disabling SSID broadcasting also makes it difficult for the user to
> access the user's network, and can make it difficult to retain the
> connection.
>
> Q
No problems so far >see my other post

On Wed, 20 Dec 2006 14:44:33 +1000, atec 77 wrote:

> Stop broadcast of the SSID

This be stop nobody who want enter god people network.

> Enable WPA encryption instead of WEP

This be the important step, but must be used long phrase like "Jesus jump
on red rooster".

> Use MAC filtering for access control

Easy spoof MAC address.

> Reduce your WLAN transmitter power

Good hacker person will be having directional gain antenna. Low power make
god people lose connection when pig lady walk near router, be unreliable.

> Disable remote administration

This be good.

> Turn off the router dhcp and specify ip ranges fixed ?
>
>
Good hacker have sniff passive. Look at IP and guess IP next in block
unused.

atec 77 <"atec77 "@hotmail.com> wrote:
> No problems so far >see my other post

What post? Message ID would be good; otherwise a subject line could
help.

If you're saying that you've got no problems after having turned off your
ESSID, well at the moment that's fine. But go back at read the underlying
reasons why I and others have suggested you don't disable ESSID broadcast.

Chris

Chris Davies wrote:
> atec 77 <"atec77 "@hotmail.com> wrote:
>> No problems so far >see my other post
>
> What post? Message ID would be good; otherwise a subject line could
> help.
>
> If you're saying that you've got no problems after having turned off your
> ESSID, well at the moment that's fine. But go back at read the underlying
> reasons why I and others have suggested you don't disable ESSID broadcast.
>
> Chris
It has not caused a problem , all machines on an 16 number subset fixed
ip , Sunday morning early it will be copper . Thanks anyway