Securing Wireless Network


Recommended Posts

hey guys! ive searched some tips over the web on how to secure a wireless home network.,and there are quite a number of them.

my main concern here is to prevent other people from getting logged into and using the system.

are there any tips you can share? is there any way i can password protect the network, meaning they need to know the password before they can log in? i havnt seen this on the web.

thanks! anymore tips would be very much appreciated.

PS > first time to setup a wireless system :D

Link to post
Share on other sites

Use a hidden SSID. that way if someone scans for networks they probably won't see it. Don't bother with WEP - it can be cracked in 5 seconds with a free piece of software (trust me I've checked on my own).

With hidden SSID and WPA TKIP you're fairly safe, if you also have a firewall etc on your PC as well.

Link to post
Share on other sites
Use a hidden SSID. that way if someone scans for networks they probably won't see it. Don't bother with WEP - it can be cracked in 5 seconds with a free piece of software (trust me I've checked on my own).

With hidden SSID and WPA TKIP you're fairly safe, if you also have a firewall etc on your PC as well.

Don't hide your SSID.

"There is no such thing as 'SSID hiding'. You're only hiding SSID beaconing on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all youve achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly."

http://blogs.zdnet.com/Ou/index.php?p=43

More info:

“Debunking the Myth of SSID Hiding”

Link to post
Share on other sites

Good points. However, for a user who always uses the same network I don't believe it causes as many issues as - I've extensively tested performance and not found any noticeable difference in performance between displayed and 'hidden' SSID. I agree it does nothing to stop a serious hacker because it is not truly hidden, but it does stop the guy next door who sees your network come up and decides to use your internet instead when he wants to look at dodgy sites.

I would suggest maybe trying the SSId being hidden and if performance is affected then switching back.

Also there was an issue recently in the UK regarding the fact that showing SSID with no additional security possibly constituted an invitation to use that wireless network as it was seen as being offered for free use because of being openly displayed and unsecured. This is still considered a legal grey area, although I believe it was not upheld in the original case.

Just to clarify for anyone else reading this, hiding the SSID doesn't make your network secure. It just stops your network being displayed in default programs like Windows. Whether it causes issue hiding it, I'm still not convinced on that point.

Link to post
Share on other sites

The reason not to hide your SSID is that first it really does not add any more security. Sure the network does not show in normal windows zero config and most wireless adapter software; but it is still there and still detectable. Secondly if you hide it and forget that you did and go to add another computer to your network; then it is more difficult than it should be. Same if you add a new device which needs to see your ssid to join.

So no real gain from hiding your network ssid.

As long as you have a good WPA password you are safe.

The old standard was eight character alpha numeric mixed ; but with todays faster processors and better cracking software it is now recommended you go at least 12 characters mixed alpha numeric for all passwords (and 16 would be better).

I like to go to an online password generator and print out a page or two of random ones and then pick some which I like. Or you can use the built in one in something like Keepass password storage vault.

http://www.msdservices.com/apg/index.php

Exapmles

zhsQkYxUVMj7wE

Sb8bdOmZSyq2

eKAzszW3icEshzU8

2APEVVuBTthkH

hz0oDrMJvSYd

VCduKmxwYmK153l

Link to post
Share on other sites
I think, for small home network may be also useful to make a restrictions, based on ip and MAC addresses.

Ah but Mac addresses can be cloned ; so a mac filter is pretty useless, they would just have to wait for the particular device to be powered off and login as its clone if that was your idea of security.

Just enable wpa with encryption and use a good password.

Link to post
Share on other sites
I think, for small home network may be also useful to make a restrictions, based on ip and MAC addresses.

Ah but Mac addresses can be cloned ; so a mac filter is pretty useless, they would just have to wait for the particular device to be powered off and login as its clone if that was your idea of security.

Didn't know that, thanks!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...