I'm planning on building a wireless network within my house. What kind of security risks do I have to worry about, and what can I do to make it as secure as possible?
Printable View
I'm planning on building a wireless network within my house. What kind of security risks do I have to worry about, and what can I do to make it as secure as possible?
Well, you might have to worry about your neighbors piggy backing off your connection, so id turn off broadcasting of your SSID, sure you have to know it to type it in, but thats not to hard. Also, if your router supports WEP turn that on, I think we use a 128 bit key here and it works fine, also, if your router has it, you can disable access to it via mac addresses, if the mac address isnt in the routers table the computer wont even get an IP.
The casual user will be restricted by these methods, but advanced users can spoof your MAC addy, and WEP slows your connection down. If you got WPA, use it instead, some manufactures provide this as a firmware update.
hasn't slowed anything down inho. I have set it up in three different locations, and it is working fine everywhere. If there is a slowdown, then it isn't noticeable to us...
The casual user is what you are mainly protecting against, it is highly unlikely someone with the know how to break through such security will attempt to attack some random person, unless of course you live next to some computer genius hoboQuote:
Originally posted by Ideas Man
The casual user will be restricted by these methods, but advanced users can spoof your MAC addy, and WEP slows your connection down. If you got WPA, use it instead, some manufactures provide this as a firmware update.
If WEP is all you've got it is better than nothing and as has been said it does protect against the casual cracker.
But with the correct software installed nearly anyone can park their laptop outside your house and crack 128bit WEP in about 5 mins.
I have configured my router to block all outgoing connections on port 80 and 443 and have all internet connections go through a proxy server which requires authentication.
Alright, I finally got my router setup (Linksys WRT54G, if that helps), so I'm re-reading over this thread and trying to implement your suggestions.
I've turned off Broadcast SSID, and that's about it so far.
In my configurator/settings thing, it has a Security Mode option with the following available:
Disable
WPA Pre-Shared Key
WPA Radius
RADIUS
WEP
What are these, and which one should I go with? Also, each one brings up different options, and I have no idea what to put in there, so any help with that would be great too.
Thanks for all the help so far.
Anybody? :(
I use WEP. To use it, you choose a passkey, and it generates a passphrase. You enter that passphrase into each computer that you want to be able to use the network.
Not sure what other wifi shops use, but I know that I had a chance to get free T-Mobile minutes in a Starbucks coffee house, but my trial ran out before I had a chance to use it.
I have a program that auto-detects wifi networks, and lets you choose which one to log on to.
The default wifi setting allows anyone with a wifi card to be able to log on for as far as the signal gets generated. This can be not so good if you don't want neighbors using your signal.
Paint your walls with lead paint :afrog:
already have lead-base paint. does that count?
:wave:
Use WPA seeing as you have it.
Don't be so paranoid. Honestly I wouldn't bother.
If you have 256bit WEP I'd use that instead of the 128bit WEP.
There's nothing wrong with broadcasting your SSID if you're using encryption. All that'll happen is it will make it a pain in the ass to use your wireless network.
Why go to all the hassle? If one knew how to spoof MAC addresses, they wouldn't bother stealing the internet connection of a simple cable or dsl user - they'd be sitting in front of a large corporation building.
According to Cisco, in theory 128bit WEP could be hacked in 4 hours. That's a long way from theory to practice. But something like 256bit would take much much much longer.
use what you have. any encryption is better than none.
:(