Any advice on securing a wireless network?

cheawick · 04-21-2005, 04:26 PM

I had to upgrade to a wireless network thanks to a lightening storm that took out three of my computers on the LAN. Now I've noticed someone sniffing out my system and want to keep them out. I freind of mine mentioned something about setting up static mac addresses, but I don't know much about networking. Anyone have some advice? I have three computers running windows and two running LINUX- if that helps.
Thanks!

idx · 04-21-2005, 06:25 PM

The basic tips are:

- don't broadcast your SSID and change it to something other than the default. (I've got about 5 "linksys"'s around my block and a few others. half aren't secured.)
- use the most encryption you can ... even if it's just a 128bit WEP key.

What router do you have?

-r

redhead · 04-21-2005, 07:00 PM

I belive you migth wanna go for WEP 128 bit encryption of your net, based on MAC adresses ofcause.
Theres a few pointers in this article
or perhaps this one
Or maybe even in this one

cheawick · 04-22-2005, 05:42 AM

Thanks for the quick responces ya'll! I have a Belkin 54mb 2.4 Ghz router, hope that helps idx. Apologies to you and redhead but though I understand what WEP 128 is, I have no clue on how to (utilize?) it. My brain is fried from a wonderful 15 hour shift and a massive three hours of sleep, so I must postpone reading your article links until the weekend, redhead. Go USAF... Yeah~a-ahem.

cheawick · 04-22-2005, 05:44 AM

Sorry, forgot to add this to the last post, but how do I ensure that my SSID is not broadcasting, idx?

idx · 04-23-2005, 08:38 AM

Quote:

Originally Posted by cheawick

Sorry, forgot to add this to the last post, but how do I ensure that my SSID is not broadcasting, idx?

More than likely the router has a web-based configuration tool, so I'd take a look at that first.

Maybe try going to : http://192.168.1.1 (might be http://192.168.2.1 )
?? Just a guess - check the manual to see what IP it uses by default.

I'm also guessing that this is your router?

As far as WEP:
More than likely your wireless adapter for the client PC's probably support 128bit WEP, but check to make sure.

If your adapters support WPA then use that. Here's an KB article about enabling WPA support on that router..

-r

cheawick · 05-15-2005, 07:49 AM

Sorry I took this long, but thanks to all of ya! The sniffing has stopped considerably. Truely appreciate all the help!

sde · 05-15-2005, 08:59 PM

i always just setup wireless security so only addresses on the approved mac address list are allowed to connect. is that safe enough? even if you broadcast your ssid?

i haven't read the links .. just joining in on the conversation

Kernel_Killer · 05-15-2005, 10:09 PM

WEP is a waste of time. It is now recorded that some have cracked 104-bit keys (128-bit) in an average time of 30s. WPA or WPA-Blowfish is a great way to go (that is if you use 802.11g).

idx · 05-16-2005, 06:27 PM

Yep... but sometimes WEP is all you have..

-r

cheawick · 05-19-2005, 03:48 PM

Heh, looks like you were ignored sde.

I was actually hoping someone would respond on that question. I was wondering about that too.

redhead · 05-25-2005, 08:23 AM

Quote:

Originally Posted by cheawick

Heh, looks like you were ignored sde.

Sorry, I first noticed this today...

Quote:

Originally Posted by sde

is that safe enough? even if you broadcast your ssid?

Not realy, the thing with settign MAC restrictions, is telling the users only to use certain MAC addresses, yet all the data send across the net isn't encrypted, meaning anybody who knows anything about spoofing MAC addresses, can get access to your net, they just have to figure out a MAC, which is allowed, after that they can sniff on every data you send, and without any further work, know exactly what you're doing, that beeing sending your ssh-key or webbank login info..