Being the paranoid bugger I am, i've completely and utterly ignored/never bothered with wireless with the view that i'd never use it!!
Times change... /sigh and i've just received a brand spanking wireless router from my ISP, so before this gets enabled i'm looking for either some decent online guides, or a glowing report on a book.
Does anyone have recommendations?
Nox
Never bothered reading a book, just went and set mine up, so a few tips instead of a guide
When you set it up, if you are only going to have a set number of pcs (the same ones day in day out) using it, there should be a function to filter by MAC address which you can use. Otherwise WPA-PSK is probably the best way to secure the wireless with the minimum of fuss, just make sure you get the PreShared Key the same on all PCS (unlike moi the first time I set it up
)
As dave87 said, only allow computers with the MAC codes assigned to have access to the network (that's very good security right away).
For wireless encryption, don't use WEP (even if it does sound good with it's 64/128/256 bit encryption), because it can be cracked very easily. - And obviously, use a long, strong password. If you use a weak 3 letter password then no matter what encryption you use it could be brute forced easily.
WPA-PSK is the best to use really, most manufacturers have it as an option.. if not try updating the firmware.
ThanksSee above note about paranoia!
Nox
Just make sure that you know how to set it up on your particular router. Some, like my Dlink have Restart AP and Restart for instance and you must save your changes then do the appropriate restart.
WPA-PSK easy.
Of course - make a note of all your ISP settings and the new security settings, just in case you have to return to factory settings and also so when you need them you have the settings for permissioning other clients.
If you don't have a manual detailing the processes, get a PDF from your ISP/manufacturer before proceeding to go wireless.
Blackspeech
'From the abundance of the heart the mouth speaks'
Yep, just started using wireless myself and went for WPA encryption. Use MAC address of the WIRELESS adaptor and not the wired one (at run prompt type: ipconfig/all and note the wireless MAC address down). Use alphanumeric characters for the shared key and use 8 or more characters.
You should also configure on each client that the MAC of your new router is the only one they will connect to and also rename the Wireless connection from its default option to an ambiguous name.
You can never be too secure remember so your paranoia isn't all bad!
Anantech Benchmarking Tool for CPU, GPU and SSDs
Actually MAC address restriction is easier to break than WEP
WAP or WPA2 is the way to go.
You could also use static IP's so that clients dont automatically get handed an IP if they connect.
In an enterprise situation , you'd have the wireless segment seperate to the LAN and require users to connect back to the LAN via a VPN for example.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
http://www.winguides.com/security/password.php
Great for making WPA-PSK's
Mixed letters + numbers, max length, works great
Just make sure you have a copy somwhere
Hiding the SSID once setup would be a bonus too.
Originally Posted by Noni
As long as people have no reason to get into your network - apart from stealing the internet connection, then as long as your network is the most secure out of the available ones, 'hackers' will go for the easier target. A combination of static IPs, mac address filtering, hidden SSID and WPA should deter most from trying, though if you have got valuable data then as moby said, you would split the networkActually MAC address restriction is easier to break than WEP
WAP or WPA2 is the way to go.
You could also use static IP's so that clients dont automatically get handed an IP if they connect.
In an enterprise situation , you'd have the wireless segment seperate to the LAN and require users to connect back to the LAN via a VPN for example.
Don't agree with the MAC lack of security it surely can only help against people scanning. Yep, a combination of MAC, WPA, fixed IP would give most the best resonably straightforward to configure setup. I don't use wireless for anything such as online shopping or banking as no wireless connection is unbreakable by its nature and use a wired connection for that.
Anantech Benchmarking Tool for CPU, GPU and SSDs
I believe there is a way of changing your MAC code (or at least, making it appear as something else). But even if you did do something like that, you would still need to know the MAC address of what your trying to be... that's what an attacker would struggle with.Actually MAC address restriction is easier to break than WEP
WAP or WPA2 is the way to go.
You could also use static IP's so that clients dont automatically get handed an IP if they connect.
In an enterprise situation , you'd have the wireless segment seperate to the LAN and require users to connect back to the LAN via a VPN for example.
You can change it in Windows. Makes setting up NTL internet connections easy
Home cinema: Toshiba 42XV555DB Full HD LCD | Onkyo TX-SR705 | NAD C352 | Monitor Audio Bronze B2 | Monitor Audio Bronze C | Monitor Audio Bronze BFX | Yamaha NSC120 | BK Monolith sub | Toshiba HD-EP35 HD-DVD | Samsung BD-P1400 BluRay Player | Pioneer DV-575 | Squeezebox3 | Virgin Media V+ Box
PC: Asus P5B | Core2duo 2.13GHz | 2GB DDR2 PC6400 | Inno3d iChill 7900GS | Auzentech X-Plosion 7.1 | 250GB | 500GB | NEC DVDRW | Dual AG Neovo 19"
HTPC: | Core2Duo E6420 2.13GHz | 2GB DDR2 | 250GBx2 | Radeon X1300 | Terratec Aureon 7.1 | Windows MCE 2005
Laptop: 1.5GHz Centrino | 512MB | 60GB | 15" Wide TFT | Wifi | DVDRW
I wasn't aware ntl employed MAC restrictions any more?
MAC address restrictions will only deter a passer-by - anyone spending any time near your access point while you use it could pick up your MAC address from the millions of packets sent back & forth - the same with non-broadcast ("hidden") SSIDs - they can be seen too as your client has to associate itself with the WLAN.
You often don't need software to change your MAC, many network interface drivers have the option to enter a hardware address through the driver, overriding the built-in address.
WPA-PSK with a decent key is the way to go, and inhibiting SSID broadcasts can just cause you problems getting a connection from your own client instead of affording you extra security.
MAC address restrictions and disabling DHCP can just create administrative overhead - these are also "shutting the stable door after the horse has bolted", as anyone able to break the encryption would have zero problems sniffing the packets to get MACs & IP addresses to use the network.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
What information do you think is shown when you run a packet sniffer ?
thats right...the MAC addresses of nodes talking on the network
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote