|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8575
Location: Deep in the Heart of Texas
|
 Posted: Fri Jul 16, 2004 4:44 pm Post subject: We're not in Kansas anymore, Toto |
|
|
Like a lot of people my home network wasn't really planned, it just happened. Two PC's, a hub, a network. Then came connections for a couple of laptops and an old X-Window work station and the hub was full. All of this was in one room, internet connectivity came from ICS on the main PC, and security was not a significant issue. When I decided to implement a wireless network that all changed and a lot about the net had to change too. The following outlines the steps that I took to ensure that the new network was secure.
Changes to the Basic Net
1) Network name: Yeah, when I started out I just left the default 'Mshome' as the net name. This was the first change. What you change it to doesn't matter a great deal as long as you are NOT using the same one as 99% of the other home networks in the world.
2) IP Addresses: I am also guessing that 99% of the home networks in the world start their addressing with 192.168.0.1 with subnet 255.255.255.0. I decided on an address field of 32 ID's so selected a subnet mask of 255.255.255.224 (I specifically wanted a mask that was not comprised of full and empty octets). I also did not want a network address that ended in 0 so selected 192.168.1.64 as the network ID. I set aside the addresses in the .65 to .69 range for network hardware, .70 to .79 for static IP's on wired systems, and .80 to .89 for wireless DHCP.
Once the wired network was reconfigured, working, and tested I proceeded to the wireless implementation.
Wireless Configuration:
1) Password: Every Linksys router made is shipped with a default password of "admin" and every hacker in the world knows it. I have been lax about using strong passwords for stuff around the house that no one else has access to but wireless is a whole new game and I highly recommend them in this situation.
2) SSID: Every wireless router comes with a default SSID or network name. Every hacker in the world knows all the default names. Changing it is a no-brainer, it has to be done. I made mine the same as the name of my wired net but you can use whatever you like as long as it is not the default.
3) SSID Broadcasting: Now that I had a new name I didn't want to tell anybody what it was. My router came with broadcasting enabled. What this does is advertises your wireless net to anyone who might be in the area. It's a simple matter to turn it off.
4) MAC Address Filtering: This feature allows you to control which particular wireless NIC's are allowed to join the network. I use it. Every time that I buy a wireless device I register the MAC with the access point. I don't find it a great bother. This ensures that only those devices can actually connect to my net.
5) Encryption: At this point I had a network with a hidden name, a strong administrative password, and a list of authorized systems. That still doesn't stop someone from detecting the presence of the network and sniffing the packets that flow back forth as RF signals. My router supports four different encryption methods and I chose WEP with 128 bit key as the most secure.
After doing all of that I did go back to the individual systems and review the files and folders that were being shared and added password protection to a number of them individually. So far, so good.
|
|
| Back to top |
|
 |
whatsupdeano
Warnings : 1
Cadet
Joined: Mar 15, 2005
Posts: 4
Location: UK
|
| Posted: Sun Apr 03, 2005 10:11 am Post subject: Toto do they have WPA in Kansas? |
|
|
Just wanted to say that this was a great article and thought that I might add my two pence worth as well!
I'm not sure if the Linksys router supports it but the best Wireless Security that you could use at the current time would be WPA in a home environment!
It may be possible on your Linksys router to enable it but if there is no option for it, you may be able to get this security feature by updating the firmware on your Wireless router.
WPA provides better security then WEP because it uses a pre shared key which changes on a regular basis, thus preventing the password from being hacked! The WEP key's do not change and so it is much easier for a determined hacker to gain access to your password and your network!
It's also worth noting that using MAC Access Control lists only prevents users from physically getting onto the Wireless Network it does not prevent your data travelling accross your wireless network from being sniffed. For this reason it is best to use a combination of both MAC filtering and one of the Wireless encryption protocols.
_________________
Dean Bantleman
Author of Wireless Networks Exposed
http://www.wirelessxposed.com
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1033
Location: USA
|
|
| Back to top |
|
|
Meman5150
Guest
IP: 75.0.*.*
|
| Posted: Sat Nov 17, 2007 12:10 am Post subject: |
|
|
In regards to what ahoier said. It is true, you can sniff the packets to find the MAC addresses of the devices and clone them. Wireless is not secure at all. 
|
|
| Back to top |
|
|
Bill_Bright
General
Premium Member
Joined: Jan 16, 2004
Posts: 8929
Location: Nebraska, USA
|
| Posted: Thu Jan 03, 2008 4:50 pm Post subject: |
|
|
| Meman5150 wrote: | | It is true, you can sniff the packets to find the MAC addresses of the devices and clone them. Wireless is not secure at all. |
A bad guy can break into your house, tap into your Ethernet and have fun on your wired network too.
I happen to agree with you BTW, wireless out-of-the-box is not secure. But it can be made very secure using OF's suggestions as a guideline - they are easy steps users can take now to minimize risks.
Will they eliminate all risks? Of course not. But locks are to keep honest people honest. If a bad guy wants in, he's coming in - depending on his tools and skills - and demeanor. But like all bad guys (except for the pure pros) they seek opportunities for easy pickings. Keep your garage door open at night with no lights, and someone is going to see that as easy pickings. Keep the door closed, locked and well lit, 99.9% of the badguys are going to move on. They certainly are not going to park in a strange car out front and point an antenna at you or your neighbor's house without attracting unwanted attention.
Also, it is important to note that other factors besides settings affect WiFi security and capabilities. If you live in an apartment complex where you have the potential for dozens of WiFi networks within antenna reach, that's a problem - you could have a badguy 6ft away through a single wall or floor. Microwaves and wireless phone systems don't always play well with WiFi networks either - though not really a security issue. So I do not recommend wireless for apartments - for both security and network reliability/interference issues. Sadly, most apartment owners don't like tenants running Ethernet wires through the walls, so WiFi becomes the only alternative. 
For folks that live in a house, with surrounding yards (distance) between the neighbors, however, a WiFi network may be the best bet. The irony is the suburban home dweller IS probably in a better position to wire the house through walls, floors, and ceilings with good Cat5e or Cat6 and have a 10/100/1000 Mb network.
And, for anyone who is too relaxed about taking a disciplined approach with security, I don't recommend wireless for them either, no matter where they live.
_________________
 Bill (AFE7Ret)
Freedom is NOT Free!
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
