close

Privacy guaranteed - Your email is not shared with anyone.

Newbie - Setup Wireless network

Discussion in 'Tech Talk' started by pascal, Oct 5, 2008.

  1. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    Howdy,
    I previously purchased a wireless router to play with to a second none important computer. At the time I could only get wep encryption running, finally hooked it to cable and turned off wireless transmission.
    Recently my wife was issued a laptop and wanted to get online. Setup the wireless which was turned off, using WPA Personal Enhanced with about a 25 character decipher key. Broadcast SSID off and MAC filtering enabling use of only the two computers. I have Commodo Pro and Avast & AVG on the main computer. Haven't figured how to configure Commodo Pro for network protection so just using default modes.
    Does this sound fairly secure? Is there anything I missed that might increase security.
    For some reason I can't get WPA2 enhanced or WPA2 Auto working. Actually don't know the difference or benefits.
    Thanks for any help.
    pascal
    BTW she's forced to use IE7, Outlook and Microsoft Word Office. I use Firefox, Thunderbird and openoffice.
     
  2. IndyGunFreak

    IndyGunFreak

    Joined:
    Jan 26, 2001
    Messages:
    26,772
    Likes Received:
    2,103
    Location:
    Indiana
    Disabled ESSID Broadcast--- Check-- I also make a fairly ambiguous ESSID rather than leaving it Linksys or Netgear, etc.. The one I have now is HomeNetwork####### (random numbers)
    WPA--- Check
    Mac Filtering... Check, this should probably be more like Check +2.. Most people never bother locking down a network with Mac filtering.
    AV/Spyware software -- Check
    IE7-- Ugh.. :)

    I think you did fine... I generally always keep my firmware up to date also. I've had people say not to do that, because if it doesn't work or screws up, then you have a pretty plastic box w/ antenna's on it.

    Edit: Only other thing I might add(and I'm betting you've done this), is making sure you change the default log in username/password for the router. For instance, many of them come with "username=username" and "password=passwd" or something like that. That way some enterprising fellow can't try logging in to your router and make a mess of things.

    IGF
     

  3. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    Thank you for the evaluation. I did upgrade the router to the latest firmware and changed the username and password to various numbers, letters, characters and Case.
    pascal
     
  4. IndyGunFreak

    IndyGunFreak

    Joined:
    Jan 26, 2001
    Messages:
    26,772
    Likes Received:
    2,103
    Location:
    Indiana
    Then honestly, like I said, I think you'll be fine... A lot of people don't even bother disabling their SSID... I'm certainly no expert, but you seem to have taken more steps than 99% of the people out there.

    Just as an example, Thur I was on break, and pulled into a dept. store parking lot to eat lunch. There's a big complex of condo's across the street. When I started searching for a network to get on, I bet I had probably 15 visible choices, only 2 or 3 had WPA enabled, 3 or 4 had WEP, and the remaining had nothing at all and most hadn't even bothered changing the SSID, which means I probably could have logged in to their router had I felt like it.
     
  5. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    Great!!! I find it amazing though that I get 2 bars from my upstairs bedroom to the downstairs kitchen. Older router without the newer features I guess. Whoever is the administrator for my wife's computer made it impossible for me to add spyware/firewall and most disturbingly connecting to my home printer.
    Oh well it is a dell.
    rhtwist
     
  6. noway

    noway

    Joined:
    Dec 14, 2000
    Messages:
    8,735
    Likes Received:
    6
    Location:
    Davie "Cowboy" , FL
    FWIW:

    disabling SSID does help but a cracker will find it, the typical script kiddie might not.


    Also you can reduce your power output which will help you to limit the signal within a more moderate range. If you have a notebook or wifi cell phone, drive around your domicile and see just how far your signal is thrown and then go back and make adjust to the power output if you have this option.


    It's suprising to see a home WIFI WAP shooting a 70% signal strength 2 blocks over outside of the originating home ;)
     
  7. betyourlife

    betyourlife on a GLOCK

    Joined:
    May 10, 2004
    Messages:
    5,590
    Likes Received:
    0
    Location:
    Seattle, WA
    Good point, rule #1 don't give them access to the signal to begin with. NO reason for the signal to go three blocks over outside your house.
     
  8. dotsun

    dotsun Shark Stomper

    Joined:
    Mar 25, 2007
    Messages:
    1,222
    Likes Received:
    46
    Location:
    Knoxville, TN
    If there's a client connected, hiding your essid and mac filtering are a waste of time. Just use wpa with a long and strong passphrase and change your essid to something unique. That's enough to keep all but the most determined people off of your network.
     
  9. IndyGunFreak

    IndyGunFreak

    Joined:
    Jan 26, 2001
    Messages:
    26,772
    Likes Received:
    2,103
    Location:
    Indiana
    While hiding your ESSID may not be foolproof, as someone said above, its gonna keep the average script kiddie off your network. Its just the first, most basic step in securing your network, in my opinion.

    I don't think I'd consider mac filtering a waste of time(although I personally don't do it, I just use WPA)

    IGF
     
  10. d3athp3nguin

    d3athp3nguin

    Joined:
    Aug 7, 2007
    Messages:
    629
    Likes Received:
    0
    Wifi signal strength is funny in homes- the strength you get room-to-room depends on the antenna on the router, your own wifi card, and what obstacles are between you and the router. Most routers have one omni-directional antenna. Put a kitchen between you and your router and I will bet your signal strength will drop, due to stoves, ovens, fridges etc.

    Once you get good with the router, you can do all of that fun home networking stuff- set up Network Attached Storage for the whole family, get a media center PC... or if you're really nerdy like me you can get your own domain name for free at dyndns.org and link it to your router, then run a web server/ftp server on a home PC so you can access your stuff from anywhere. Why? BECAUSE YOU CAN! :supergrin:

    If you like to download things from the web a lot, most bittorrent programs have a plugin that runs a little web interface. You just forward a certain port to the router (usually 8080) and using the method above, you can go to anyone's web browser and type your.domainname.com:8080 and presto, you can add torrents to your computer from anywhere.
     
    Last edited: Oct 5, 2008
  11. dotsun

    dotsun Shark Stomper

    Joined:
    Mar 25, 2007
    Messages:
    1,222
    Likes Received:
    46
    Location:
    Knoxville, TN
    Trust me on this, if your wpa passphrase is weak no other steps are going to prevent me from accessing your wireless network. Nothing except turning it off that is. :) Everything else is just fluff, and MAC filtering is fluff that requires more administration.
     
  12. Big Al 24

    Big Al 24

    Joined:
    Apr 23, 2008
    Messages:
    1,244
    Likes Received:
    0
    Yeah passphrases should be as long and unintelligible as allowed by the router or software. Both the one to log onto the router and any others. I locked down two routers belonging to neighbors in my building. Both had NETGEAR broadcasting and only needed ADMIN to log on. Since we all feed off of the Comcast teat, I figured this would protect them as well as me. Two years later the passwords are still the ones I set, and I think it's time to change them. I personally have tried to avoid wireless except on the many free connections that are out there.
     
  13. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    Thanks Gentlemen for the ideas and experience. WPA will take 63 characters or 64 Hex numbers, is that correct? Also another simpleton question, is there a way to see who's connected to your network. I thought with the Mac filtering no other computers would be able to get on. Please correct me.
    pascal
     
  14. jilverthor

    jilverthor

    Joined:
    Apr 11, 2004
    Messages:
    1,345
    Likes Received:
    426
    Location:
    Parker, CO
    With Mac filtering, only a computer with one of the listed Mac addresses (real or spoofed) should be able to use your network.
     
  15. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    Another simple (dumb?) question. Is there a way to tell how many computers are accessing your network?
    pascal
     
  16. dotsun

    dotsun Shark Stomper

    Joined:
    Mar 25, 2007
    Messages:
    1,222
    Likes Received:
    46
    Location:
    Knoxville, TN
    Yeah I think you're correct about the possible length of the passphrase, but you really don't need it to be that long.

    If you use a truly random password with 10 or more characters with numbers, letters, and symbols AND changed your ESSID to a unique one you've made your AP virtually unhackable. You're talking at least weeks, probably months to brute force that password using a top of the line home computer. Trust me, if that doesn't stop them (and it will) the MAC filtering is a total waste of time.

    Most routers have a status page that shows what computers are on the network. If you're really paranoid you can run a network mapper (ie. nmap) to find all devices, but that's way overkill in a home network.
     
  17. DragonRider

    DragonRider

    Joined:
    Jun 6, 2002
    Messages:
    198
    Likes Received:
    0
    Location:
    NoVA
    Check your logs, right after you set up the network, once a week for the first month, then at least once a month there after. Helps you remember your configs and password. Checks to see if someone is spoofing your mac, unlikely, but.....

    John
     
  18. pascal

    pascal

    Joined:
    Jan 30, 2006
    Messages:
    786
    Likes Received:
    0
    I am now getting officially over my head. Spoofing my MAC. What does that look like in the logs.
    Reference to signal strength reduction sounds like a wise move but I currently can barely reach downstairs where the laptop is. I'll tinker around using the advise I've received. Feel pretty secure. But then again I'm paranoid. :supergrin:
    pascal
     
  19. adroc

    adroc

    Joined:
    Jul 31, 2008
    Messages:
    25
    Likes Received:
    0
    Location:
    Yao Ming City
    I would highly suggest disabling SSID broadcast and setup WPA as a minimum configuration from a security standpoint.
     
  20. dotsun

    dotsun Shark Stomper

    Joined:
    Mar 25, 2007
    Messages:
    1,222
    Likes Received:
    46
    Location:
    Knoxville, TN
    Why disable essid broadcasting when it's sent in plaintext when a client authenticates?