James Barrett on 30 Sep 2007 19:34:07 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Experience with Verizon FIOS & wireless installation


On Sunday 30 September 2007 15:01, jeff wrote:
> george@georgesbasement.com wrote:
> > In the meantime, I've set up a proper username and password (from the
> > router's "admin" & "password1") as well as a 128-bit WEP key. Any
> > other security advice from the PLUG group ?  Oh, yeah - the web interface
>
> 1. USE WPA!!!

Good advice.  Better advice would be to use WPA2 with 256-bit AES encryption 
(if available).  If WEP is all that your router can handle, it is "better 
than nothing" but still not good.  WEP keys can be cracked within a short 
period of time.

> 2. put the MAC addresses of all pc's connecting to the wireless into the
> wireless router and deny access to any other MACs.

More than a handfull of wireless devices allow one to change the MAC address 
at whim.  Additionally, kismet lists the MAC addresses of clients connected 
to a wireless network.  Using MAC address filtering would slow down an 
attacker, but not for long.

> 3. always change default name and passwords

Good advice.

> 4. turn off SSID broadcast

Kismet allows an attacker to find the SSID of any network within range, 
regardless of whether or not it is hidden.  Having said that, it is probably 
a good idea to pick a unique SSID.

> 5. use other than the default channel

This can help with connection strength, depending on your neighbors' 
configurations.  Otherwise it is really not that big of a deal.

> 6. strong passwords

Always good advice.  Using a strong encryption passphrase will help prevent 
brute-force attacks.

If you are completely paranoid, using radius authentication would be the next 
step towards a somewhat secured wireless network.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug