DeannaRV,
I have pretty much the same setup at home. What Kronostm wrote is pretty good, about the security. I would just add that if your Netgear s like my Linksys, then there's a page where you can simply disable the SSID broadcasting by unchecking it.
You can go into your laptop/desktop and type: "ipconfig /all" at a command line to retrieve the "hardware address". This is also called the MAC address - of your Network Interface Card (NIC). You can go into your Netgear and put this hardware address in as being allowed to connect to your Netgear and nothing else will be able to, unless hacked as mentioned above.
I would recommend changing the administrator account if you're able to - whatever the default is widely known. So, if you can change "admin" to "mydogspot" or whatever, that's better. Definitely change the password - instead of using something easy to guess like "spot" you could use $P0t (dollar P zero t) and it's not as easy to guess or use a "brute force" hack.
You can enable WEP and put the same string on the Netgear and your laptop/desktop. This can be hacked, but it's better than nothing if you're concerned about security.
Finally, use a different channel - like 6 or 9 or whatever. This is pretty easy for anyone to find, but it's just one more step - a newbie would just use channel 1.
As Kronostm said, nothing is totally 100% secure, except unplug it, turn it off, encase it in conceret, etc. What you're trying to do is DETER somone instead of leaving the door open with the porch light on.
As far as software firewall behind your "hardware firewall". First, know that your router is not really a firewall unless it does a thing called "stateful packet inspection". This means that when a request goes out, it makes a note of it and inspects the reply coming back - if the request is in a table somewhere and it's related and expected, it will let it in. Otherwise, it will drop it. SOHO routers do a thing called Network Address Translation (NAT) and port forwarding. This is definitely good and helpful, but not 100% secure.
So, a software firewall is an added layer of security. BUT, more than protecting you from things coming in, I like them for things going out. A good firewall like ZoneLabs Zone Alarm Pro will let you know when a program is trying to make a connection going out - this is great for catching spyware, viruses, etc.
And, it's defense in depth - which is a prime tenent of security. If someone breaks in through the outside firewall - the NAT router - they still have to deal with the inside firewall.
I highly recommend Zone Alarm Professional - you'll have to pay for it, but it's worth it.
And while we're talking about security, you also ought to get some good spware programs like Spy Bot and Ad Aware and a good anti-virus program - which you can configure for automatic updating.
HTH!
Main Topics
Browse All Topics
by: kronostmPosted on 2004-02-24 at 04:47:19ID: 10440222
Deanna .... first of all no wireless network is secure. NONE. What you have to ask yourself is " Does anyone have a strong enough reason to break into my wireless network? "
WEP encryption is one of the ways to secure your transmission, but the truth is that a wireless card set in promiscuous mode and a decrypting software CAN break this WEP, even if it is a 256 bit one. Also, MAC address filtering is a way to restrict access into your 802.11x network, but this can be overridden too, in a similar way. What's more difficult to achieve for a possible attacker is to launch a denial of service attack on your wireless client , grant this unreachable and then change his MAC address to the one of your client and this way gain access into the network.
One strong way to secure can be not to "spread" your signal all over. That mean to use only directional antennas. But this connection is limited, you can only connect two "ends" ... one being the AP and one is the client. This way it's unlikely for somebody to "catch" your signal.
You were talking about a firewall for internet connection.... well... this one is useless since the possible attack will actually come from inside (inside your LAN). So, software firewalls on your local machines is advisable.
For turning off SSID broadcast, setting the WEP encryption key, MAC address filtering and others you just have to browse your AP using the WEB managed interface that most of them are provided with. The WEP key should be the same on all the machines in the 802.11x network for the connection to work.
Hope this helps
KronosTM