Security Basics mailing list archives
RE: home wireless router good practices for security
From: "Ed Whitesell" <edwlist () airpathwireless com>
Date: Wed, 31 Dec 2003 08:54:02 -0500
1) 128-bit encryption should not hurt your performance. If by some odd chance it does and is noticeable, you need new hardware because the stuff you're using is garbage. 2) Changing the SSID only means that people who are only looking for the standard Linksys SSID won't find it. It's trivial now with all of the wireless scanning software that exists and the fact that Windows XP will seek out any SSID it can see. Think of the SSID as configuring the port on a switch. If you don't know which port to connect to, you can't connect to the network; but if you can check all of the ports on a switch, you'll find it 3) 128-bit WEP is a decent start. WEP can be cracked if someone is given enough data or time, but it's still pretty good. MAC filtering is better as it would require an "unauthorized user" to know your MAC address to associate to the AP. Using MAC filtering on top of WEP is pretty good in my opinion. You'll also want to see if you can disable the SSID broadcast and any beacons within the AP. Some APs will only allow you to change the time between beacons, so turn it up all the way. The only other options you could do would be to also use a VPN from your machine to something on the wired side of the router; or use some proprietary software/hardware to do encryption. But I think WEP, MAC filtering, disabling the SSID broadcast and beacons should be more than enough for home use. -Ed -----Original Message----- From: Steve [mailto:securityfocus () delahunty com] Sent: Tuesday, December 30, 2003 1:33 PM To: security-basics () securityfocus com Subject: home wireless router good practices for security So I went out and purchased a wireless router (Linksys 802.11b) for home since it was so inexpensive and actually less cost than the wireless access points I was trying to get via eBay. Got it home, installed my wireless network card (SMC), powered on the router, attached it to a port on my other wired linksys router, and boom it worked great. Then about 5 minutes after I sent an instant message to my neighbor (fellow IT friend) he was on my network. So I took the steps that Linksys recommends below, seems good (to me). Change the default SSID Disable SSID Broadcasts Change the default password for the Administrator account Enable WEP 128-bit Encryption Linksys also recommends these other measures, I have not implemented: Enable MAC Address Filtering Change the SSID periodically Change the WEP encryption keys periodically. My Questions: 1) Anyone know how much enabling 128-bit encryption will hurt my wireless performance? 2) Does setting the SSID for my wireless NIC then keep me from getting onto other wireless networks like when traveling? I ask since that setting was set to ANY before I changed it to the SSID that I set for my wireless router. 3) What else should I really do to protect my home network? ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: home wireless router good practices for security shankarnarayan . d (Dec 31)
- <Possible follow-ups>
- RE: home wireless router good practices for security Nick Duda (Dec 31)
- RE: home wireless router good practices for security Ed Whitesell (Dec 31)
- RE: home wireless router good practices for security Preston, Tony (Dec 31)
- RE: home wireless router good practices for security Francisco Mário Ferreira Custódio (Dec 31)