Security Basics mailing list archives
RE: home wireless router good practices for security
From: Francisco Mário Ferreira Custódio <fcustodio () eda pt>
Date: Wed, 31 Dec 2003 10:27:25 -0100
Hi there Steve! -----Original Message----- From: Steve [mailto:securityfocus () delahunty com] Sent: terça-feira, 30 de Dezembro de 2003 17:33 To: security-basics () securityfocus com Subject: home wireless router good practices for security So I went out and purchased a wireless router (Linksys 802.11b) for home since it was so inexpensive and actually less cost than the wireless access points I was trying to get via eBay. Got it home, installed my wireless network card (SMC), powered on the router, attached it to a port on my other wired linksys router, and boom it worked great. Then about 5 minutes after I sent an instant message to my neighbor (fellow IT friend) he was on my network. So I took the steps that Linksys recommends below, seems good (to me). Change the default SSID Disable SSID Broadcasts Change the default password for the Administrator account Enable WEP 128-bit Encryption Linksys also recommends these other measures, I have not implemented: Enable MAC Address Filtering Change the SSID periodically Change the WEP encryption keys periodically. My Questions: 1) Anyone know how much enabling 128-bit encryption will hurt my wireless performance?
In your case, you will not have any dramatic change in the performance.
The changes in the wireless performance are only noticed when you have a really big and busy wlan. (the more packets you have...more crypto calculations have to be done per second). 2) Does setting the SSID for my wireless NIC then keep me from getting onto other wireless networks like when traveling? I ask since that setting was set to ANY before I changed it to the SSID that I set for my wireless router.
When you enter the SSID on your nic, you are forcing the NIC to work with
a particular network only. When the SSID is set to "any", your NIC will scan for SSID broadcasts and gives you the chance to select the network you want to associate. 3) What else should I really do to protect my home network?
It depends on what options the Linksys gives to you. Using the same WEP
key, is unsecure. Changing WEP keys from time to time, gives you more security. It's easy to sniff (tools like AirSnort) your WLAN and within a day or 2 the bad guys have your WEP keys. Normally the most secure way is the use of IEEE 802.1X. 802.1x offers you authentication and traffic user controll to a protect network and the dynamic WEP keys. 802.1X uses EAP (extensible authentication protocol). EAP gives you multiple authentication methods (token cards, Kerberos, one-time passwords, certificates ...). Sounds crazy to be paranoid at this level with a home wlan, but you have to be paranoid if you want to secure your stuff. Check your Linksys to see if it supports IEEE 802.1x. If not, I advise you to use MAC filtering and to change WEP keys periodically. When setting your SSID, you should keep in mind that the SSID does not have to be an easy string. Like the SNMP communities, people always use easy to find diccionary words. I apply to the SSID's the same principle I use when choosing a strong password (be paranoid!). Always use a strong SSID (special chars, numbers, upper and lower case chars). For example, instead of using "homelan" for SSID, you should use "#h0M3 L4n#". (The space between is to be used also, in some lab test i've done...when a space is used on the SSID, the NIC's seem to have difficulty finding it...even with SSID broadcast enabled). Besides the WLAN, you should also take care of any resources on your network. Access control and authentication. What is the purpose of using a super secured wlan, when you have "Everyone" FULL CONTROL on your private folders? Well...I hope I helped you! Cheers and good luck, Francisco. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: home wireless router good practices for security shankarnarayan . d (Dec 31)
- <Possible follow-ups>
- RE: home wireless router good practices for security Nick Duda (Dec 31)
- RE: home wireless router good practices for security Ed Whitesell (Dec 31)
- RE: home wireless router good practices for security Preston, Tony (Dec 31)
- RE: home wireless router good practices for security Francisco Mário Ferreira Custódio (Dec 31)