The (Other) End of the Internet

The last stop on the information superhighway. All traffic must exit in 500 feet.
«But I don’t like SPAM
Trivia for 8/29/2007 »


Wireless security summary

Welcome back!

I’ve spent quite a bit of time recently trying to learn how to make it impossible for someone with a laptop to park down the road from my house and use my internet connection and any shared resources I have on any of these computers.

Here’s a quick summary of what I’ve learned:

  1. DO NOT use WEP security. It’s so full of holes it isn’t funny. Set up either WPA or WPA2 (also called WPA-PSK or WPA2-PSK, respectively).
  2. When selecting a passphrase for your WPA setup, pick something that is as long as you are allowed - typically 63 characters - and all random numbers and letters. Dictionary words can be figured out eventually. Write down your string of gibberish so you can enter it in all the remote machines. It’s a hassle, but it’s worth the effort.
  3. Make sure your wireless router is set to NOT broadcast your SSID. While it is true that a decent packet-sniffer can find it even when you’re not broadcasting it, there’s no sense in HELPING a would-be hacker.
  4. Speaking of your SSID, make it a string of random letters. That makes it harder for you to enter into the remote machines, but it also makes it more difficult for a would-be hacker to guess. And, when using WPA encryption, that SSID is used in creating the security key, so you want something as long and as random as possible.
  5. Set the WPA Rekey interval to something short - say, one minute. This means that if your attacker can’t guess your SSID and key in one minute, then the encryption key changes and they have to start over.
  6. Enable MAC address filtering. This means that only the network cards that have your explicit permission can even access your network. Again, a good packet-sniffer can find a valid MAC address and spoof it, but, again, there’s no need in helping out the attacker who doesn’t know that bit of trivia.
  7. Turn off your router’s DHCP server. This is what assigns IP addresses to all the machines on your network. If it isn’t handing out valid IP addresses to anyone who asks, and you’ve manually configured static IP addresses for all your machines, then an attacker can’t get an IP address and, therefore, can’t access your network at all.

Unless I’ve missed something, I’m very sure that implementing the above steps will make your wireless network as secure as the average home network can be made.

If you enjoyed this post, make sure you subscribe to my RSS feed!

By: Thriell | 2007/08/28 | How to ... | Trackback | Comments [RSS 2.0]

No Comments

Sorry, the comment form is closed at this time.

The (Other) End of the Internet is proudly powered by WordPress
WP Theme "Fast Lane" design by: beng hafner