Solved

Wireless Network Security

Posted on 2006-07-05
6
443 Views
Last Modified: 2013-11-16
Hi

I've just installed a RangeMax wireless router and got it all up and running, with out any encryption or any of that security stuff. Now that I see it working ok, I want to implement some of the security features.

I'm kind of in a rush on this, so would really appreciate it if someone can supply a quick overview on basic security, and then recommend some steps I should take.

Thanks
Jason
0
Comment
Question by:Jason210
6 Comments
 
LVL 9

Accepted Solution

by:
nick2253 earned 200 total points
ID: 17046983
Jason210:

How familiar are you with the RangeMax router and how comfortable are you with its interface?  If you are, then the brief suggestions below should be enough.  If not, post and I can go into more detail.

Depending on the area you are in, I recommend WPA-2 with MAC address control.  For WPA-2, use a non dictionary phrase with numbers and non-alphanumeric characters (@!%#$).  To find the MAC address of the computers that will connect wirelessly with the router, (assuming you are using windows) go to Start->Run and type cmd. Click OK. Then type in "ipconfig /all", no quotes.  The MAC address will be listed as XX-XX-XX-XX-XX-XX.  In order to enter into the router, you may have to change the "-" (hyphens) to ":" (colons) or remove them entirely.  That should be sufficient for home use.

Good Luck
Nick2253
0
 
LVL 9

Expert Comment

by:nick2253
ID: 17046989
One thing I forgot, which is very important, is to hide the router's SSID, and prevent access from the Internet.
0
 
LVL 19

Assisted Solution

by:CoccoBill
CoccoBill earned 150 total points
ID: 17056931
Using WPA2 as nick2253 is recommended if your client hardware also supports it. If they don't, any encryption is better than nothing, they should at least support WPA or at the bare minimum WEP. Keep in mind that WEP is quite trivial to break, and WPA is also insecure if you don't use good passphrases.

Personally I'm not a fan of MAC filtering not SSID hiding, both of these just make the legit use of the network harder but offer very limited security. Think of it this way: There are most likely 2 kinds of unwanted people that would want to access your WLAN, 1) casual, as in neighbors or other freeriders just looking for a free internet connection 2) people trying to actually break into your network and systems for whatever reason. Group 1 does not have the knowledge required to "hack" into a system, group 2 does. To stop group 1 you only need some form of encryption such as WPA2/WPA to keep them out, adding SSID hiding or MAC filtering will not be needed. For group 2 who know what they're doing, it'll take a few seconds to find out the SSID and sniff the traffic for legit MAC addresses, making these useless as a security practise. However, using WPA2-PSK with a strong passphrase will as of the time of writing most likely stop even group 2, and WPA-PSK with a stron pass will slow them down. WEP will break in a couple minutes.

Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks
http://www.microsoft.com/downloads/details.aspx?familyid=269902e8-fc41-4eb1-9374-44612e64f0fb&displaylang=en
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 11

Author Comment

by:Jason210
ID: 17057093
Thank you CoccoBill for the vakluable information. Exactly the sort of thing I needed to know.
0
 

Assisted Solution

by:sphinx000514
sphinx000514 earned 150 total points
ID: 17119387
WEP can be easily broken with programs such as airsnort, weplab, ...and many more.  I strongly recomend that you use WPA, or WPA2 if your router supports it.  The passkey needs to be strong for anything to work, so your passkey should include the following:  letters, numbers, punctuation marks, capital letters, and symbols.  This will create a strong password.  for example:  98dwWI*^#|\93mxsuwI$ would be a strong passkey.  Don't expect yourself to remember the passkey that you use, just write it down and put it somewhere safe.  In addition to WPA or WPA2 and a strong passkey, You can also moniter and see anyone who is connected to your network by using a free tool called look at lan that can be found here:  http://www.snapfiles.com/reviews/LookLAN_Network_Monitor/lanlook.html

It will scan your network every few minutes and let you know if anyone else is using your network.
0
 
LVL 11

Author Comment

by:Jason210
ID: 17279749
Useful info thanks.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now