WRT54G questions

Is it sufficient to use the option "Permit only PCs listed to access the
wireless network"* to restrict access to my wireless router, or should I
be turning the wireless interface off when not in use?

*in the web-based management client.

This option appears to use a positive file of MAC addresses, and
only those will get a link.

I've also turned off SSID broadcast, am using WPA2 Personal/AES .
"Personal" looks like it means "don't rely on a RADIUS
server." Yes?

Application is a very simple home network.

Not trying to be paranoid, just cautious.

--
Les Cargill

Les Cargill wrote:

>
> Is it sufficient to use the option "Permit only PCs listed to access the
> wireless network"* to restrict access to my wireless router, or should I
> be turning the wireless interface off when not in use?
>
> *in the web-based management client.
>
> This option appears to use a positive file of MAC addresses, and
> only those will get a link.
>
> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
> "Personal" looks like it means "don't rely on a RADIUS
> server." Yes?
>
> Application is a very simple home network.
>
> Not trying to be paranoid, just cautious.
>
> --
> Les Cargill

The most important thing you can do to "secure" a wireless LAN is to
enable WPA (not WEP) on the router and on the clients; and, to use
a long, non-obvious, shared key. If you are particularly sensitive,
you may want to change the key monthly (or daily or hourly or ...);
changing the key is a PITA, proportional to the number of stations
(router & wireless PCs) you have.

Permit only PC listed helps a bit, but since a perp can easily
duplicate the MAC of one of your allowed PCs, that doen't do much.

Turning off SSID broadcasts doesn't add much security, and will cause
some problems when your clients go up&down. The SSID can be captured
even if not broadcast.

Turning off the wireless side of your router is, IMHO, extreme. I don't
have much faith in PC software to recover properly from being turned
off&on, or from having its link-partner coming&going.
--
Cheers, Bob

Bob Willard wrote:
> Les Cargill wrote:
>
>>
>> Is it sufficient to use the option "Permit only PCs listed to access
>> the wireless network"* to restrict access to my wireless router, or
>> should I be turning the wireless interface off when not in use?
>>
>> *in the web-based management client.
>>
>> This option appears to use a positive file of MAC addresses, and
>> only those will get a link.
>>
>> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
>> "Personal" looks like it means "don't rely on a RADIUS
>> server." Yes?
>>
>> Application is a very simple home network.
>>
>> Not trying to be paranoid, just cautious.
>>
>> --
>> Les Cargill
>
> The most important thing you can do to "secure" a wireless LAN is to
> enable WPA (not WEP) on the router and on the clients; and, to use
> a long, non-obvious, shared key. If you are particularly sensitive,

Nah Just a bit new to 802.11 and trying to research best
practices.... a foreign node showed up while I was initially
configuring the wireless router.

> you may want to change the key monthly (or daily or hourly or ...);

The present key reminds me a CHAP challenge string. Is there a reference
for this?

The WRT54G supports having a new node "learn" by plugging in wired, so
it's not too much of a hardship.

> changing the key is a PITA, proportional to the number of stations
> (router & wireless PCs) you have.
>
> Permit only PC listed helps a bit, but since a perp can easily
> duplicate the MAC of one of your allowed PCs, that doen't do much.
>
> Turning off SSID broadcasts doesn't add much security, and will cause
> some problems when your clients go up&down. The SSID can be captured
> even if not broadcast.
>

Fair enough.

> Turning off the wireless side of your router is, IMHO, extreme. I don't
> have much faith in PC software to recover properly from being turned
> off&on, or from having its link-partner coming&going.

Good to know. Thanks, Bob.

--
Les Cargill

HAHALOL I guess no one told you how to flip the internet switch?
I guess not.. sucks for you.. maybe one day you will be kind enough to ASK
your neighbor if you can use his internet OR buy your own.]

Adair

"Les Cargill" <(E-Mail Removed)> wrote in message
news:474875a1$0$16511$(E-Mail Removed)...
>
> Is it sufficient to use the option "Permit only PCs listed to access the
> wireless network"* to restrict access to my wireless router, or should I
> be turning the wireless interface off when not in use?
>
> *in the web-based management client.
>
> This option appears to use a positive file of MAC addresses, and
> only those will get a link.
>
> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
> "Personal" looks like it means "don't rely on a RADIUS
> server." Yes?
>
> Application is a very simple home network.
>
> Not trying to be paranoid, just cautious.
>
> --
> Les Cargill

Adair Winter wrote:
> HAHALOL I guess no one told you how to flip the internet switch?

??? I'm posting this message thru the WRT54G.

> I guess not.. sucks for you.. maybe one day you will be kind enough to ASK
> your neighbor if you can use his internet OR buy your own.]
>

I have a cable modem connection that I pay for hooked to the WRT54G.
Check the path and From: on any of my messages - they all match.

> Adair
>
> "Les Cargill" <(E-Mail Removed)> wrote in message
> news:474875a1$0$16511$(E-Mail Removed)...
>> Is it sufficient to use the option "Permit only PCs listed to access the
>> wireless network"* to restrict access to my wireless router, or should I
>> be turning the wireless interface off when not in use?
>>
>> *in the web-based management client.
>>
>> This option appears to use a positive file of MAC addresses, and
>> only those will get a link.
>>
>> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
>> "Personal" looks like it means "don't rely on a RADIUS
>> server." Yes?
>>
>> Application is a very simple home network.
>>
>> Not trying to be paranoid, just cautious.
>>
>> --
>> Les Cargill
>
>

--
Les Cargill

How foolish of me. That post was meant for the thread above this one with
the subject "wireless help".
Sorry.

Adair

"Les Cargill" <(E-Mail Removed)> wrote in message
news:4748dadc$0$2357$(E-Mail Removed)...
> Adair Winter wrote:
>> HAHALOL I guess no one told you how to flip the internet switch?
>
> ??? I'm posting this message thru the WRT54G.
>
>> I guess not.. sucks for you.. maybe one day you will be kind enough to
>> ASK your neighbor if you can use his internet OR buy your own.]
>>
>
> I have a cable modem connection that I pay for hooked to the WRT54G. Check
> the path and From: on any of my messages - they all match.
>
>> Adair
>>
>> "Les Cargill" <(E-Mail Removed)> wrote in message
>> news:474875a1$0$16511$(E-Mail Removed)...
>>> Is it sufficient to use the option "Permit only PCs listed to access the
>>> wireless network"* to restrict access to my wireless router, or should I
>>> be turning the wireless interface off when not in use?
>>>
>>> *in the web-based management client.
>>>
>>> This option appears to use a positive file of MAC addresses, and
>>> only those will get a link.
>>>
>>> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
>>> "Personal" looks like it means "don't rely on a RADIUS
>>> server." Yes?
>>>
>>> Application is a very simple home network.
>>>
>>> Not trying to be paranoid, just cautious.
>>>
>>> --
>>> Les Cargill
>>
>>
>
> --
> Les Cargill

Adair Winter wrote:
> How foolish of me. That post was meant for the thread above this one with
> the subject "wireless help".
> Sorry.
>
> Adair
>

ROFL! No problem. I had actually wondered if that had happened.


> "Les Cargill" <(E-Mail Removed)> wrote in message
> news:4748dadc$0$2357$(E-Mail Removed)...
>> Adair Winter wrote:
>>> HAHALOL I guess no one told you how to flip the internet switch?
>> ??? I'm posting this message thru the WRT54G.
>>
>>> I guess not.. sucks for you.. maybe one day you will be kind enough to
>>> ASK your neighbor if you can use his internet OR buy your own.]
>>>
>> I have a cable modem connection that I pay for hooked to the WRT54G. Check
>> the path and From: on any of my messages - they all match.
>>
>>> Adair
>>>
>>> "Les Cargill" <(E-Mail Removed)> wrote in message
>>> news:474875a1$0$16511$(E-Mail Removed)...
>>>> Is it sufficient to use the option "Permit only PCs listed to access the
>>>> wireless network"* to restrict access to my wireless router, or should I
>>>> be turning the wireless interface off when not in use?
>>>>
>>>> *in the web-based management client.
>>>>
>>>> This option appears to use a positive file of MAC addresses, and
>>>> only those will get a link.
>>>>
>>>> I've also turned off SSID broadcast, am using WPA2 Personal/AES .
>>>> "Personal" looks like it means "don't rely on a RADIUS
>>>> server." Yes?
>>>>
>>>> Application is a very simple home network.
>>>>
>>>> Not trying to be paranoid, just cautious.
>>>>
>>>> --
>>>> Les Cargill
>>>
>> --
>> Les Cargill
>
>

--
Les Cargill