Security Basics mailing list archives
Re: home wireless router good practices for security
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Wed, 31 Dec 2003 12:47:30 -0800 (PST)
hi ya
Disable DHCP on the WAP and go static RFC1918's
that is the most basic things to do .. and yet ... geez... - just need to wait for the cracker to pick up their credit card and charge something on it i guess
Harden your OS (numerous whitepapers on the net, google them)
http://www.Linux-Sec.net/Harden/
Virus Software IDS/Firewall software (BlackICE, ZoneAlarm..etc) ACL's on shares/permissions
ditto .. and more tightening.. and more importantly.. securely backup everything at least 3 times to 3 different servers use ipsec instead of wep ... wep - is broken and insecure if you use off-the-shelf products, consider all your data including ssh'd/vpn'd data to be sniffed and cracked(decrypted) - - people tend to use weak passwd and passphrases so ssh/vpn wont help wireless security stuff http://www.Linux-Sec.net/Wireless/ c ya alvin
-----Original Message----- From: Steve [mailto:securityfocus () delahunty com] Sent: Tuesday, December 30, 2003 1:33 PM To: security-basics () securityfocus com Subject: home wireless router good practices for security So I went out and purchased a wireless router (Linksys 802.11b) for home since it was so inexpensive and actually less cost than the wireless access points I was trying to get via eBay. Got it home, installed my wireless network card (SMC), powered on the router, attached it to a port on my other wired linksys router, and boom it worked great. Then about 5 minutes after I sent an instant message to my neighbor (fellow IT friend) he was on my network. So I took the steps that Linksys recommends below, seems good (to me). Change the default SSID Disable SSID Broadcasts Change the default password for the Administrator account Enable WEP 128-bit Encryption Linksys also recommends these other measures, I have not implemented: Enable MAC Address Filtering Change the SSID periodically Change the WEP encryption keys periodically. My Questions: 1) Anyone know how much enabling 128-bit encryption will hurt my wireless performance? 2) Does setting the SSID for my wireless NIC then keep me from getting onto other wireless networks like when traveling? I ask since that setting was set to ANY before I changed it to the SSID that I set for my wireless router. 3) What else should I really do to protect my home network? ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: home wireless router good practices for security Aditya [ Aditya Lalit Deshmukh ] (Jan 02)
- <Possible follow-ups>
- Re: home wireless router good practices for security Greg Tracy (Jan 02)
- RE: home wireless router good practices for security jburzenski (Jan 02)
- Re: home wireless router good practices for security Jamie Pratt (Jan 02)
- RE: home wireless router good practices for security nate (Jan 02)
- Re: home wireless router good practices for security Alvin Oga (Jan 02)
- RE: home wireless router good practices for security Jacob McMaster (Jan 02)
- RE: home wireless router good practices for security Preston, Tony (Jan 02)
- RE: home wireless router good practices for security Alex Pimperton (Jan 05)
- Re: home wireless router good practices for security Greg Tracy (Jan 05)
- RE: home wireless router good practices for security JM (Jan 06)
- Re: home wireless router good practices for security Jack (Jan 05)
- Re: home wireless router good practices for security Greg Tracy (Jan 05)
- Re: home wireless router good practices for security Jimi Thompson (Jan 05)