Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: home wireless router good practices for security

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Wed, 31 Dec 2003 12:47:30 -0800 (PST)

hi ya



Disable DHCP on the WAP and go static RFC1918's


that is the most basic things to do .. and yet ... geez...
        - just need to wait for the cracker to pick
        up their credit card and charge something on it i guess


Harden your OS (numerous whitepapers on the net, google them)


http://www.Linux-Sec.net/Harden/


Virus Software
IDS/Firewall software (BlackICE, ZoneAlarm..etc)
ACL's on shares/permissions


ditto .. and more  tightening..

and more importantly.. securely backup everything at least 3 times to 
3 different servers

use ipsec instead of wep ...
        wep - is broken and insecure

if you use off-the-shelf products, consider all your data
including ssh'd/vpn'd data to be sniffed and cracked(decrypted)
        - 
        - people tend to use weak passwd and passphrases so ssh/vpn wont help

wireless security stuff
        http://www.Linux-Sec.net/Wireless/

c ya
alvin


-----Original Message-----
From: Steve [mailto:securityfocus () delahunty com] 
Sent: Tuesday, December 30, 2003 1:33 PM
To: security-basics () securityfocus com
Subject: home wireless router good practices for security

So I went out and purchased a wireless router (Linksys 802.11b) for home
since it was so inexpensive and actually less cost than the wireless
access points I was trying to get via eBay.  Got it home, installed my
wireless network card (SMC), powered on the router, attached it to a
port on my other wired linksys router, and boom it worked great.  Then
about 5 minutes after I sent an instant message to my neighbor (fellow
IT friend) he was on my network.  So I took the steps that Linksys
recommends below, seems good (to me).
    Change the default SSID
    Disable SSID Broadcasts
    Change the default password for the Administrator account
    Enable WEP 128-bit Encryption
Linksys also recommends these other measures, I have not implemented:
    Enable MAC Address Filtering
    Change the SSID periodically
    Change the WEP encryption keys periodically.

My Questions:

1) Anyone know how much enabling 128-bit encryption will hurt my
wireless performance?

2) Does setting the SSID for my wireless NIC then keep me from getting
onto other wireless networks like when traveling?  I ask since that
setting was set to ANY before I changed it to the SSID that I set for my
wireless router.

3) What else should I really do to protect my home network?



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: