wireless networking
- Thread starter nofx
- Start date
lePobz
Tank
- Joined
- Sep 18, 2003
- Messages
- 6,485
- Reaction score
- 0
Few measures: -
Firstly, 128bit WPA/WPA encryption (a code you enter into the router and then have to enter on each machine/device that connects) ... this isn't 100% secure on it's own as any determined person can snoop, and collect enough encrypted traffic to be able to crack the encryption.
Secondly, Mac Restriction... You only allow specific MAC addresses to connect to your router (each wireless device in existance has a unique MAC address). This alone isn't 100% secure either, as anyone can snoop wireless traffic, read existing MAC addresses and then clone them.
Thirdly, Disable your SSID broadcast. Once all your machines/devices are set up, they'll already be friendly with your router - so you don't need to advertise your wireless network to the rest of the world. Disabling your SSID broadcast from the router will stop it showing up for random passers-by / neighbours etc. Also insecure on its own, as you can still sniff wireless traffic regardless of the SSID broadcast - but still, definately worth doing.
Fourthly, change your home networks IP subnet - usually 192.168.0.1 ... This is the default, and changing this would just make things harder for anyone looking for a free ride.
No wireless network is 100% secure, as anyone determined enough, given long enough, could get on. Taking these steps would ensure nobody would want to take the time to (and 99.99999999% of people wouldnt know how to anyway).
Another step you can take is to move the router to the centre of your premises. Having it at the edge will just give neighbours a stronger signal, and put your network traffic in range of more houses / people.
And you won't see a speed decrease from your DSL over a wireless network. Even with a weak signal strength, wireless networks can push 4mbps+ - so a typical 802.11b (11mbps) or 802.11g (54mbps) is more than plenty.
Firstly, 128bit WPA/WPA encryption (a code you enter into the router and then have to enter on each machine/device that connects) ... this isn't 100% secure on it's own as any determined person can snoop, and collect enough encrypted traffic to be able to crack the encryption.
Secondly, Mac Restriction... You only allow specific MAC addresses to connect to your router (each wireless device in existance has a unique MAC address). This alone isn't 100% secure either, as anyone can snoop wireless traffic, read existing MAC addresses and then clone them.
Thirdly, Disable your SSID broadcast. Once all your machines/devices are set up, they'll already be friendly with your router - so you don't need to advertise your wireless network to the rest of the world. Disabling your SSID broadcast from the router will stop it showing up for random passers-by / neighbours etc. Also insecure on its own, as you can still sniff wireless traffic regardless of the SSID broadcast - but still, definately worth doing.
Fourthly, change your home networks IP subnet - usually 192.168.0.1 ... This is the default, and changing this would just make things harder for anyone looking for a free ride.
No wireless network is 100% secure, as anyone determined enough, given long enough, could get on. Taking these steps would ensure nobody would want to take the time to (and 99.99999999% of people wouldnt know how to anyway).
Another step you can take is to move the router to the centre of your premises. Having it at the edge will just give neighbours a stronger signal, and put your network traffic in range of more houses / people.
And you won't see a speed decrease from your DSL over a wireless network. Even with a weak signal strength, wireless networks can push 4mbps+ - so a typical 802.11b (11mbps) or 802.11g (54mbps) is more than plenty.
[RnL]Stefan
Newbie
- Joined
- Nov 5, 2005
- Messages
- 135
- Reaction score
- 0
ummm...i'd rather flip the points. the three last points are to neglect, any hacker who really wants to hack in a network can bypass mac filters, ip adresses and ssid broadcasts.
but WPA is not cracked yet and will probably take a while to be cracked still. so atm a network protected with wpa and a nice long password is pretty much bullet proof.
don't mix this up with WEP, this one has been cracked and is down within 10-20 minutes if anyone wants to.
so making your wireless net safe isn't that hard. and dsl...
wireless networks work a bit "different". a 54mbit network has about 26-27mbit down and upstream, so as long as your dsl is somewhere between 2mbit (and less) to 26mbit you're fine with it. don't get a 11mbit wlan router though, it's not fast enough for 2mbit, let along 3 or 6 mbit dsl.
but WPA is not cracked yet and will probably take a while to be cracked still. so atm a network protected with wpa and a nice long password is pretty much bullet proof.
don't mix this up with WEP, this one has been cracked and is down within 10-20 minutes if anyone wants to.
so making your wireless net safe isn't that hard. and dsl...
wireless networks work a bit "different". a 54mbit network has about 26-27mbit down and upstream, so as long as your dsl is somewhere between 2mbit (and less) to 26mbit you're fine with it. don't get a 11mbit wlan router though, it's not fast enough for 2mbit, let along 3 or 6 mbit dsl.
lePobz
Tank
- Joined
- Sep 18, 2003
- Messages
- 6,485
- Reaction score
- 0
Oops, I meant WEP/WPA ... Anyway, yeah.
WPA has been cracked, granted its so much harder to crack, but still... if you're not NASA or some Government network, you won't have to worry about anyone trying to crack it.
The last points can be dismissed yes, but I added them just because it helps to make the network invisible. Sure hackers can bypass them, but at least 99% of people won't see a network and try doing things with it. They only take 5 minutes to implement, so they're worth doing anyway.
When I listed the points, I meant that all points should be taken - Not just one of each. Do as many as possible, but ensure you have WPA (if available) or 128 bit WEP if it isn't.
WPA has been cracked, granted its so much harder to crack, but still... if you're not NASA or some Government network, you won't have to worry about anyone trying to crack it.
The last points can be dismissed yes, but I added them just because it helps to make the network invisible. Sure hackers can bypass them, but at least 99% of people won't see a network and try doing things with it. They only take 5 minutes to implement, so they're worth doing anyway.
When I listed the points, I meant that all points should be taken - Not just one of each. Do as many as possible, but ensure you have WPA (if available) or 128 bit WEP if it isn't.
Similar threads
