Need some Security Assistance

I am brand new to wireless networking and want to make my small home Wireless LAN as secure as I can from outside users.

I have one desktop PC directly connected via Ethernet to my Netgear Wireless Router and 2 laptops connecting to my Wireless Router via Wireless cards.

I have Changed the default SSID, enabled WEP with a strong password, and enabled MAC Address filtering (although from what I have read that is somewhat of a waste of time!.

What else should I do to prevent unauthorize access?

P.S. The router I have does NOT support WPA

Reply to
DW
Loading thread data ...

1) Get a router that supports WPA it's better than WEP.. 2) Get an all wire router and start dragging cable. 3) Look at a PowerLine router solution and use that.

Duane :)

Reply to
Duane Arnold

Just to point out that there's no such thing as a strong WEP password. Doesn't matter what you drop in as the passphrase, the output is a key which is inherently weak.

MAC filtering has no security value as MAC addresses are broadcast, sniffable and spoofable in under a minute.

David.

Reply to
David Taylor

Two schools of though on MAC filtering. Neither are "wrong". You've been given one already, so I'll give the other. It is trivial to obtain a MAC address and spoof it, but MAC filtering does still have value. Say, for instance, if one of my LAN WAP's should lose settings after a power cycle (storm). After it rebooted, everything is back to default (no WPA) and it is more than willing to let anyone in (up to the router). The router would still block by MAC. Yes, it is trivial to get around that, but seriously the majority of people out there are clueless anyway. Your average neighbor, who might be connecting at this point, probably doesn't even know they are connecting to your WAP! We all see the "default" SSIDs out there, they don't have about their own WAP so you really expect them to get around your MAC filtering? Do a deja search on people asking how to obtain and spoof a MAC address -- MAC filtering would block each and every one of them. I'm not saying that MAC filtering should be considered a serious security point, but it will prevent many from getting in regardless (especially those that don't even know they are trying to get in).

Another reason I choose to use MAC filtering is because omy router will not assign two of the same IP addresses. With all my WLAN PC's always connected, should one of the WAPs default, someone one have to knock one of PC's off before they could even attempt to MAC spoof.

Its a minor inconvience to punch in MACs everytime getting something new, but I'll continue to use it.

Without WPA, if you are really paranoid: VPN

Cheers, Eric

Reply to
Eric

A part from what others have replied, you can check the Netgear website for firmware upgrades that will "upgrade" your current hardware to configure WPA. But if you do not set up a RADIUS server that means you are going to use WPA-PSK which means that any educated wireless hacker would be able to determine that key in minutes. To follow up with what Eric said, most people are clueless about thier wireless environments (neighbors and such surrounding you). Finally, you can control how many IP's are using, so instead of using the default 255.255.255.0 netmask, you should consider 255.255.255.248 and use static IPs instead of DHCP. Most of the current operating systems out there allow for alternate configurations if you end up traveling with your laptops. If you are really worried about unauthorized access, then make sure you use the logging function native to your NETGEAR.

Reply to
Wraith

If the router lost settings after a power cycle then I'd suggest that it was faulty!

But any router that maintains its settings, even WEP will stop them connecting "accidentally".

As will WEP.

VPN's aren't the magic bullet solution either but it depends on the level of risk you want to be exposed to and yes I agree that for a home LAN then they'll work fine. On the other hand, you then have to set up an endpoint which isn't in the skillset of many home users.

David.

Reply to
David Taylor

My routers are seperate from my WAPs. *shrug* Its rare, but seen a couple of them (WAPs) lose their settings after an abrupt power cycle "flicker". Didn't attribute it to either of them being "faulty", but simply the nature of cheap consumer junk.

Cheers, Eric

Reply to
Eric

Crap, unless you'd care to cite how?

Reply to
David Taylor

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.