|
Vvellum
Stranger

Registered: 05/24/04
Posts: 10,920
|
securing my wireless network
#5057618 - 12/13/05 01:42 PM (18 years, 5 months ago) |
|
|
so, we have a wireless network setup in our apartment. I'd rather have just a wired connection, but that is impossible due to..uh...walls. I have WPA set up, MAC filtering, and SSID broadcast is disabled. Any other suggestions? I've heard of others recommendating VPN but I have no idea what that is - I have also heard of encryption but I am not sure how to do that either.
How would I limit the wireless strength to only my bedroom (about 15 feet from the router and through one wall)? How can I allow only my static IP to access the wireless connection?
Basically, I want to prevent others from using my internet connection as well as intercepting personal data.
I have a linksys WRT54G router.
Thanks
|
Ramlaen
Pysconaut


Registered: 11/06/04
Posts: 638
Last seen: 13 years, 4 months
|
Re: securing my wireless network [Re: Vvellum]
#5057923 - 12/13/05 02:40 PM (18 years, 5 months ago) |
|
|
You could find a lesser strength attenna or an aimed atenna
|
debianlinux
Myconerd - DBK



Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 10 months, 19 days
|
Re: securing my wireless network [Re: Vvellum]
#5058015 - 12/13/05 03:07 PM (18 years, 5 months ago) |
|
|
MAC filtering Either disable DHCP or limit the max leases to only what you'll be using Use WPA and WEP128 and change your WEP key weekly. There hare hacked firmwares for the WRT54G that allow a multitude of options to be toggled or adjusted, namely broadcast strength. I'm not so sure about the stock firmware. You can use an antenna reflector on each end to direct the signal but be aware that the directed signal will be stronger in that direction than if it were simply omni-directional.
It is more important to secure the boxes than the connection. A wireless connection is inherently insecure so a greater focus on local box administration is suggested.
|
TheCow
Stranger

Registered: 10/28/02
Posts: 4,790
Last seen: 15 years, 10 months
|
Re: securing my wireless network [Re: debianlinux]
#5060753 - 12/14/05 01:26 AM (18 years, 5 months ago) |
|
|
WPA is pretty much good to go, unless someone is real determined I wouldnt worry about it. WEP is deffinately crackable however.
|
Seuss
Error: divide byzero


Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 3 months, 8 days
|
Re: securing my wireless network [Re: TheCow]
#5061004 - 12/14/05 04:20 AM (18 years, 5 months ago) |
|
|
> I have WPA set up, MAC filtering, and SSID broadcast is disabled.
You have done pretty much all that you can. Reduce the broadcast strength will help as well, but somebody is going to have to be very talented (or lucky) to get through what you have set up.
Remember, security is always a tradeoff with usability. Also, most "hackers" will target the easiest machines. Since nothing is truely secure, the real trick is to make your box harder to get into than most everybody else. By doing the three thigns you indicated above, you have performed this task.
A few other tidbits...
Avoid WEP based security. Turn it off and use WPA instead.
Placement of the transmission source is important. If you transmit through a wall, at 90 degrees (going directly through the wall), you might have to pass through 5 or 6 inches of material. At 179 degrees (going almost parallel to the wall) you might have to pass through 30 to 40 feet of material. A wifi signal doesn't like going through 30 to 40 feet of material.
Turn off DHCP and use static IP addresses over the wireless link. Choose something a bit odd for your network... 192.168.123.*, for example, rather than 192.168.0.* or 192.168.1.* which are fairly common. Remember, most people will start searching from 0 up to 255, and a few from 255 down to 0. Very few people start searching in the middle of an address space. There are other non-routing blocks of IP addresses for private use... 10.*.*.* for example.
Netmask out everything except your static IP addresses on the router (on the wireless side). Not sure if your model will support this or not.
-------------------- Just another spore in the wind.
|
|