General discussion


Security and wireless connectivity

By errin.johnson ·
How can I make wireless safer? What can one do besides not having wireless at all...thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by Jaqui In reply to Security and wireless con ...

close the access to private not public.
use secure connections,
if suported use encrypted connections.
the three things to secure wireless.

Collapse -

Build Up The Layers

by rob.lay In reply to Security and wireless con ...

Start with the basics, turn of broadcast the SSID, then make sure your power settings are sensible, don't go blasting 100yrds outside of your area of required coverage. Then get 128bit WEP running with TKIP & MIC as well if your wireless kit supports it. Also run some form of authentication, eg 802.1x with RADIUS. Finally if you really want to make it diffcult to hack run a VPN over the top of the link to your server/destination. You'll never make it 100% secure, just make it very difficult to hack. Hope this helps.

Collapse -

My God, man.....

by cp7212 In reply to Build Up The Layers

I was assuming it was a home network.....

Maybe the poster could enlighten us as to whether it is a home or business-oriented setup.

Collapse -

Home or Not....

by Synthetic In reply to My God, man.....

These are great suggestions and are not difficult to deploy. Why should ones home access be any less secure than ones business. Even though it can be spoofed, my network has all of the above, plus MAC segregation! Make sure to get a router that is 802.11g. That way you should have no problem deploying WPA, which is highly secure in comparison to WEP, which only use the first two layers of the OSI, therefore no end to end authentication is possible.

Collapse -

Besides the above

by HAL 9000 Moderator In reply to Security and wireless con ...

If you have the ability to create a user list of computers that connect to the wireless connection do that it will at least keep the walk by out but you'll will not have total security at this point in time.


Collapse -

Wireless router password

by Info-Safety, LLC In reply to Besides the above

You do need to change the default router password to something much more secure than "admin," or none of the above will really matter.

Craig Herberg

Collapse -

MAC Filtering

by jmgarvin In reply to Wireless router password

Don't forget about MAC filtering. Don't forget about using WPA-PSK. Passkeys sure do help and they keep away the rabble.

If you have time you might want to get some RF reflecting paint and other damping measures.

Collapse -

All of the above - and then some

by Howard Holton In reply to Security and wireless con ...

1. Turn off SSID - this will nt work with someone wardriving - the packets are still visible and the SSID is available there - but it will discourage casual users

2. MAC Filtering - see not above. session hijaaking is a common "hacking" tool for taking over a wireless session. MAC Cloning is very easy to do.

3. Disable DHCP - Again - against a sniffer this is not too much good, but it is still better - create a subnet with exactly the ammount of IP's you need and statically assign them to your wireless users.

4. 802.11x WPA / Radius - use cert serices and AD to add security to wireless

5. After all of that you can place the wireless outside your firewall and use PPTP VPN on each client - this provides and encrypted method that is very hard to crack.

Again, this is on top of changing the default router password.

Collapse -

Upgrade Firmware

by pete.g In reply to Security and wireless con ...

You can also make sure you have the latest router/AP firmware installed by visiting the manufacturer's website. Also take a look at this TechRepublic download for all the steps mentioned (although it's for a Linksys product the steps apply pretty much to all routers/APs):

Collapse -

You Can't make Wi-Fi Safe Or Secure

by dotxen In reply to Security and wireless con ...

Simple as that. Wi-Fi cannot be made secure. WEP is a joke and 3DES isn't much better.

Wi-Fi was sold on the basis of "Look no wires". It wasn't properly thought through and it hasn't been developed with any real strategy since it's launch. It's about sales.

90% of business Wi-Fi in London leaks to the street. There are 'cabalistic' signs on the pavement left there by people who have leached into a Wi-Fi access point and used it for their own purposes.

With VOIP in the same mess it is going to be freebees all round for years.

If you must use Wi-Fi (I can't imagine why anyone would want use this medium, other than to get rid of cables or to be trendy) move into a rural area and encrypt everything with to blowfish level.

I guess I am being a bit harsh, so for home use it's probably fine. For business use, well, that is another story and one that I would not offer to any of my clients.

Related Discussions

Related Forums