RE: wirless connection security issues

["Dunigan, Michael" <mdunigan () umich edu>]

        I can give you a couple of things to think about for part of
your setup, but not all of it.  My comments are going to assume that you
have decided on some solution to aggregate your incoming bandwidth.  It
appears that you have two incoming streams.  As far as I know, the
wrt54gl only has a single port for the incoming network.  So I will
start there.

        I would set up the router to use the Class C private IP range
for your machines (192.168.x.x).  This does mean that you can not
address them from the Public Internet, but it does not appear that you
are interested in that type of functionality.  (The Linksys can use
ports to route to specific machines, but if you have a dynamic address
on the router, that does not matter any way.)  Next I would set up WPA2
security on the wireless link with a pre-shared phrase.  (Make sure your
machines can do WPA2 and not just WPA) 

        I would allow the router to continue to broadcast the SSID
(network name) as that makes setting up the machines much easier.  Then
I would monitor the DHCP table as you have been doing.  If you are still
having problems, the next thing I would do is to turn off broadcasting
the SSID (by now, all of your machines have been setup, and it is of
less use to you).  

        The next step will probably help a lot more with securing your
network, but it adds a lot of manual work for you.  The next step I
would look at is to turn on MAC address filtering.  By that I mean, go
into the router and specify the MAC address of every machine that you
want to allow access to the wireless network.  This adds lots of record
keeping and makes it hard for your friends to come by with a machine and
get online on your network.  (Remember that this is not bulletproof as
it is possible in many ways to change the MAC address that a network
device is using.  For instance, that very router can change its MAC
address to the address of a machine, if your provider requires that you
use the address from your PC...)

        Have fun...
Michael J. Dunigan
Office of the Registrar, University of Michigan
(734) 647-3633
MDunigan at umich dot edu
*************************************
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.


> -----Original Message-----
> From: Cherian Thomas [mailto:cherian.in () gmail com]
> Sent: Friday, July 28, 2006 4:06 PM
> To: security-basics () securityfocus com
> Subject: wirless connection security issues
>
> Hi all,
>
>             Recently I bought a linksys wrt54gl router for my home
> networking use. I live in an environment where we have frequent wi-fi
> brute attacks with air crack and so on. This was very evident the
> first time I did a check on my router dhcp client table and found two
> unauthorized systems accessing my internet connection (I didn't
> implement any  authentication method then).
>              I am pretty much a newbie into this wireless arena and
> therefore ignorant of the best security practices. Can you suggest me
> methods to setup a "secure" wireless environment? Consider me paranoid
> :-)
>              I will post my proposed network topology which can give
> you an insight of my situation.
>              : I have two connections coming to an xp system. One a
> 128kbps and the other a 256 kbps one. I did a connection sharing of
> the 256 kbps one and a 3rd internal network card takes it to the
> router. The router then shares the net wirelessly to 4 laptops. The
> problem with the topology is that my first system (connection sharing
> system) is no longer in the LAN (any work around's for this prob).
> Also can I get access to any software which can help me with
> connection teaming the 128kbps and 256kbps one (I know of a software
> midpoint. But that company that makes it has bought it down) to
> effectively make it 384kbps (I need it to be in the windows platform)
>
> -
>  With regards
>
>  Cherian
------------------------------------------------------------------------
--
> -
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic
Excellence
> in Information Security. Our program offers unparalleled Infosec
> management
> education and the case study affords you unmatched consulting
experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
--
> -


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------