recommendations
by
neon samurai
·
about 17 years ago
In reply to home network security
Without knowing what model of router and how it’s management webforms are layed out, I’ll speak generally.
The other recommendations are a good start and provide the short answer; check our router’s connected clients list.
I habitually check the connected clients to see how may of my house machines are in use and if I’ve got any neibours joining in. In one case, I spent a good half hour watching someone try passwords against my ftp server before I audited there machine and cut them off.
If you have someone piggy-backing already you may want to check over your router and lock it down:
– login from your wired machine and disable the wireless radio part of the network booting any prying eyes. Now change the network and admin passwords to something five or more characters since these are only temporary passwords then reboot the router. If the admin forms don’t have a reboot button, pull the power cord out for five minutes then plug it back in.
– confirm if your router has a setting to allow administration from wireless connections in addition to the wired network and disable it. Anyone administrating your router should be sitting infront of your wired workstation.
– consider using mac filtering so your router only listens to network cards it thinks it recognizes. This is not security in and of itself but limits what network chatter your router cares about.
– check your wireless cards and router to make sure they both support 802.11g with WPA-PSK security then change your admin password and WPA-PSK (network password) to something ten characters or more in length with both numbers and letters; letters being in both upper and lower case. Admin and network passwords should be different.
– enable the wireless network radio again and confirm that you can connect with the new WPA (WPA2 is even better) ten digit network code. WEP is about as secure as a porch left unlocked for an hour with the engine idling so if WEP is your only option, consider a router firmware upgrade or new router.
– check the active clients list any time you see the wifi light on when it shouldn’t.
There was recently some heated debate over the validity of mac filtering and similar security settings for wifi routers. The minimalists argue that WPA-PSK is all you need because it’s the biggest speedbump while the other’s argue that any partial security that adds another layer helps.
Both sides agree that WPA with the pre-shared key (PSK) is currently the fundamental setting. I continue to recommend the mac filter more as tuning for your router rather than locked-door security. Hiding your SSID is not necassary but it’s up to you.