 |
 |
Securing my wireless network
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
Hello gang,
I just got a Netgear MR814 wireless router.
I currently have it authenticating by MAC address, but I know that this scheme is easily defeated by anyone looking to defeat it.
I'm using private IP addresses distributed by NAT/DHCP so I am somewhat insulated from the outside.
What about WEP? Does it work? I have heard that it is a chatty protocol that creates a lot of network overhead.
I want to restrict access to my network and prevent my email/system/etc passwords from
being stolen/seen.
Thanks,
Peter
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Mar 2002
Status:
Offline
|
|
Then you should be using WEP. It won't prevent the baddies from trying to crack your key, but it will stop the honest people. And the big bads will probably not have the time or patience to sit near your house trying to break the encryption anyway. Just change the key regularly.
(WEP will probably decrease the network speed, but so be it.)
Also, turn off the broadcast of the SSID in your router prefs, and change the default SSID and router admin password. You could also use ssh where possible.
Instead of DHCP, consider using static ips instead. (NAT/DHCP will insulate you from the Internet, but not from wifi intruders.)
WIFI is one example of where using ipfw on individual machines would be useful in addition to NAT.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
My wireless router is currently using NAT in conjunction with DHCP. What is the logic behind using NAT with static IPs? What sort of security is improved by such an IP assigment scheme?
How does packet filtering like ipfw make individual systems on a wifi network more secure?
I'm living with friends who have Windows laptops. Can anyone recommend something equivalent to ipfw for them?
Thanks for your prompt response,
Peter
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Mar 2002
Status:
Offline
|
|
My wireless router is currently using NAT in conjunction with DHCP. What is the logic behind using NAT with static IPs? What sort of security is improved by such an IP assigment scheme?
NAT will only block the access from the wan port/internet.
If you use static ips, it adds a layer of difficulty for baddies trying to access your lan via your access point.
How does packet filtering like ipfw make individual systems on a wifi network more secure?
You could set it to only allow requests from ips that are assigned to your lan.
I'm living with friends who have Windows laptops. Can anyone recommend something equivalent to ipfw for them?
Zonealarm. There are other alternatives, like Norton, but personally the norton windoze firewall drives me up the wall...
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
So by not using DHCP, the baddies have to guess what the machine IP's are?
Where is the level of difficulty?
It's just not sinking in! Sorry!
Thanks,
Peter
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally posted by SPiNdustrious:
So by not using DHCP, the baddies have to guess what the machine IP's are?
Where is the level of difficulty?
It's just not sinking in! Sorry!
Thanks,
Peter
The typical DHCP server begins assigning addresses at some arbitrary, standard address. My Linksys router's server defaults to a range of 50 addresses starting at 192.168.1.100. Knowing this, (yes, the intruder will probably know that) simply starts scanning at that address, looking for a response behind the NAT barier. If you assign your addresses in some odd segment of the LAN address space, such as 192.168.1.47-52, that's much harder to puzzle out.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Feb 2001
Location: always on the sunny side
Status:
Offline
|
|
Originally posted by GHPorter:
The typical DHCP server begins assigning addresses at some arbitrary, standard address. My Linksys router's server defaults to a range of 50 addresses starting at 192.168.1.100. Knowing this, (yes, the intruder will probably know that) simply starts scanning at that address, looking for a response behind the NAT barier. If you assign your addresses in some odd segment of the LAN address space, such as 192.168.1.47-52, that's much harder to puzzle out.
I have a setting on my router configuration where I can set the number of users. If I know that I'll only have 1 or 2 users would that help? In conjunction with setting specific IP's especially?
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Mar 2002
Status:
Offline
|
|
Originally posted by vmpaul:
I have a setting on my router configuration where I can set the number of users. If I know that I'll only have 1 or 2 users would that help? In conjunction with setting specific IP's especially?
On my router, that setting only applies to DHCP. (Linksys BEFW11S4V1)
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Feb 2001
Location: always on the sunny side
Status:
Offline
|
|
Can you restrict access by allowing only certain MAC Addresses from connecting wirelessly?
Would that be better than static IP's?
Is that a feature on most wireless routers?
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
Originally posted by vmpaul:
Can you restrict access by allowing only certain MAC Addresses from connecting wirelessly?
Would that be better than static IP's?
Is that a feature on most wireless routers?
MAC address restriction is easy to defeat from what I hear. Many wireless cards allow MAC address masquerading.
I'm using WEP, a funny range of IP addresses and MAC address authentication now. Thank you all for your suggestions.
Peter
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
