Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Securing your wireless network

  • 08-04-2006 6:16pm
    #1
    Closed Accounts Posts: 64 ✭✭


    Securing your Wireless Network

    Questions on securing wireless networks come up all the time so here is just a short tutorial on how to secure your network with some basic tips.

    1.Encrypt it
    Good place to start is to put encryption on between your pc /laptop and wireless router.
    WEP ( wired equivalent privacy ) is the most common type however WEP has some serious security issues and if your laptop / wireless router supports WPA then that would be a much better choice.
    If you choose WEP remember to use the 128 bit encryption type which is the strongest.
    If you are using WPA remember not to use a dictionary word as your password.
    For details on putting encryption on your network you should refer to you wireless routers manual.

    2.Set the admin password on the router.
    This is probably left as admin or 1234 or something really hard to guess. Its a good idea to use a strong password, recommended 12 characters long, mixture of upper and lowercase with the odd symbol thrown in for good measure.

    3.Disable ESSID Broadcast
    This basically prevents your network from been picked up by others. This has been know to cause issues mainly with XP, which can result in connections been drooped.
    If this happens just enable it again.
    Also the instructions for doing this will be in the routers manual.

    4.MAC Address filtering
    This restricts the computers which can join your wireless network By default this is turned off.
    To enable this you must log into the router and enter the MAC address's which are allowed into your network.
    The MAC address will be probably wrote on your wireless nic or on the box that it came in.
    It should be noted that MAC filtering can be easily bypassed but still its no harm in using it.

    5.Disable DHCP
    A DHCP server is very handy to have but if an attacker was to get to your network he would then receive all your ip settings because of the DHCP server. It is recommended you turn this feature off. This will add to your configuring time but its also adding to the strength of your network security.

    6.Don't use common IP settings.
    If your going to add static IP settings it is recommended not to use common settings for example the most common been
    IP 192.168.1.2 Subnet Mask 255.255.255.0 Default Gateway 192.168.1.1

    I would recommend using something like
    IP 172.16.16.20 Subnet Mask 255.255.240.0 Default Gateway 172.16.16.1
    7.Updates
    Check for updates regularly on the manufacturers website. If you have just purchased the router its worth checking for updated firmware.

    8.Useful Links

    Insecurity of WEP
    Into to MAC filtering
    Wireless LAN security


Comments

  • Moderators, Education Moderators, Motoring & Transport Moderators Posts: 7,396 Mod ✭✭✭✭**Timbuk2**


    Nice post :)


  • Registered Users, Registered Users 2 Posts: 3,087 ✭✭✭Duiske


    If you decide to use mac address filtering, and for some reason are having trouble locating the mac address, heres a handy tip :

    Click Start, then Run, then type cmd in the text box. Press Enter.

    Type in ipconfig/all in the Command Prompt Windows. Press Enter.

    The 12-digit Physical Address is the same as MAC address.

    As wind00ze said above, mac address filtering should be used as an added security feature ALONG WITH wep/wpa , and NOT on its own.


  • Closed Accounts Posts: 794 ✭✭✭ChityWest


    MAC Filtering seems to be the safest bet.

    I read somewhere that for windows users McAffee internet security creates a new key every hour for you - not too sure how that would work with a setup where not all machines are connected all of the time - could be a handy feature I spose.


  • Closed Accounts Posts: 64 ✭✭wind00ze


    ya some of McAfee's new wireless software is prity decent, and that feauture your on about is ok, its a good idea but ive had a few problems with it and it only works with certain wireless routers.


  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    A lot of wireless routers will actually show the mac address of machines connected so an easy way is to make sure all your machines are connected and then authorise those cards.


  • Advertisement
  • Closed Accounts Posts: 884 ✭✭✭NutJob


    dub45 wrote:
    A lot of wireless routers will actually show the mac address of machines connected so an easy way is to make sure all your machines are connected and then authorise those cards.


    yes and no

    Its a trivial thing to change ur mac address. Any unix script kiddy can do it.

    The only way to properly secure a 802.11 wireless network is to use a strong wpa-psk key. (Forget WEP its a 15 min hack)

    This is without doing anything insanely secure like VPN or 802.11x authentication windows thingy

    The following just make life difficult for u and stop accidental access



    -Disableing ESSID is pointless
    Can be picked up using kismit (any script kiddy)

    -Mac Filtering pointless
    Sniffer and a quick deauthenticte packet and ur on

    -Disable DHCP
    Subnet and ips can be got using a packet sniffer(plus plenty of tools to do exactly this) quickly plus its a pain in the bum to setup manual ips all the time

    If i was lazy id just enter ur ip and use a subnet calculation tool (ur router does its a knowen piece of math)

    -Don't use common IP settings.
    Bah why same as above


    Ill gladly argue any of these points


    if u want a password that would take me 10 - 20 years to break use this tool
    https://www.grc.com/pass


  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    Great post, I agree, its a fairly common question in here.
    Will- be putting it on my sig....

    Granted these would not be the best ways of enforcing security on a corporate wireless network but for the standard home user implementing even two of those would make it a lot more difficult to get onto your home network......
    I would recommend the MAC address filter and the WEP encryption.
    That would deter most people unless you were of course a major multinational with plenty of confidential data.


  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    NutJob,
    Yes you are a genius....well above our advice......
    Thanks for pointing out the failings of each of these but as I said for a corporate network you would have to seriously consider far more security.
    However for the standard home user....there are enough tips here to help out and make sure the casual next door nieghbour is not hopping on your connection.
    Kippy.


  • Closed Accounts Posts: 884 ✭✭✭NutJob


    Your makeing me blush.

    If i can be of any help to anoyne i will so pm me


    oh one last thing dont leave ur wireless card in ad-hoc mode.


Advertisement