Securing Your Wireless Network

[Warren]

Ok, many of these steps seem straight forward but it is surprising how many people don't follow these steps.

First, create a password (probbably the simplest step but don't even get me started on how many people are stupid enough to do this.

Second, change your 192.168.1.1. login info. The defaults are:

Netgear: Username: Admin, Password: Password
Linksys: Username: Password, Password: Password

This is a step that you have to change! If someone, hacks into your router if you have the default login they can remotely access almost anything about your router. They can change your password, shut down the connection, change the router IP, change the SSID, block sites, etc.

These two simple steps are probabbly the easiest things to do, but as I said before not many people do them.

[Dngrsone]

I use the largest random number that the wireless router will accept for a password (128 bits or 32 hexedecimal digits in my current model), used WPA security and I also change the default page IP address.

[Chipeater]

I would recommend using WPA2 encryption, and although it may not be as convenient, turn off wireless SSID broadcasting. Also, be sure to use a unique SSID.

[Anderwolfe]

A list to only allow certain MAC addresses is a nice addition.

[~Darkseeker~]

Firstly -> Enable WPA2 encryption (128 bit)
Secondly -> Enable MAC filtering
Thirdly -> Allow Firewall to block by port number
lastly -> Assign private IP's to your computers.

now, if they can crack the AES-standard 128 bit WEP2 encryption, they wont be acle to access the web since Static IPs are in use and DHCP is disabled, and the router will disallow them network access because their physical address doesnt correspond to its list of allowed MAC addresses.

[nofear1999]

Firstly, their are programs to crack WPA encryption. *cough backtrack*
Secondly, MAC addresses could be spoofed.
Thirdly, adding the firewall block doesn't do crap.
Lastly, assigning private IP Addresses doesn't do jack either.

Go back to school.

[Dngrsone]

Quote:

Originally Posted by nofear1999

Go back to school.

Take your own advice; learn some grammar.

A lesson or two in manners wouldn't hurt, either.

[~Darkseeker~]

clearly, you dont know how to correctly configure a firewall, if they dont do anything for you.

mac addresses can be spoofed yes, but it would have to spoof the MAC of a device that is allowed onto the network, and most filtering switches can prevent access to a device using the same MAC as another

if you assign static IPs, and turn off DHCP, anyone who isnt allowed on your network wont be able to obtain an IP, and therefore cant use the network.


any encryption can be cracked buddy, but WEP is too easy, and WPA2 is strongest.

[nofear1999]

Configuring a firewall to block ports won't do anything if someone's cracking into your network. It would block your network from even changing information in the router thus messing up the whole configuration.

[Dngrsone]

Quote:

Originally Posted by nofear1999

Configuring a firewall to block ports won't do anything if someone's cracking into your network. It would block your network from even changing information in the router thus messing up the whole configuration.

So, what? You're saying that we should leave all ports open? That firewalls are useless?

I am sure the hundred Chinese IPs that have (unsuccessfully) tried penetrating my firewall today would be more than happy to agree with you; however, I would disagree with your assessments.