General discussion

Locked

What's the Best Solution for Security at Home?

By mcollins1 ·
When it comes to Wireless security, there are a number of ways of locking down your network so that others cannot access.
The question is, what is the optimal level to advise people to use without confusing them?
What should people use and what should they maybe avoid for home use?
I personally use WEP encryption, and lock the system down by MAC address. I don't broadcast SSID, and I don't need much more than these settings for home use. The problem with this is it requires more configuration on both the gateway and the PC if a friend wants to link in.
I know people who use higher forms of encryption. One guy who uses no Wireless encryption and just a VPN tunnel (Which is technically more secure), and I know people who run it open (Which I think is crazy!).
What are people's opinions? What is the best way of doing it?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

The best or the easiest?

by JRod86 In reply to What's the Best Solution ...

In my opinion, there is no easy configuration for wireless networks. You either lock them down as tight as you can, or run a risk of someone "borrowing" your connection. If the user is in a rural location and their nearest neighbor is 1/2 mile down the road...They probably don't need their network locked down, maybe just an SSID at the most. If they are in an urban area (apartment, condo, can touch their neighbor's house through the window), they should lock it down and deal with the hassle.

I personally use WPA encryption (256 bit pre-shared key)with MAC filtering for my wireless network because I don't want anyone else using my internet access. I know too many people that just plug in a wireless card at home and have access to multiple networks that aren't their own.

Collapse -

I agree completely

by AmyB1975 In reply to The best or the easiest?

I agree with JRod completely. It's been my experience that it is all or nothing. When you have people coming over that need to gain access...it needs to be fairly simple. I have to confess that as a consultant I have often scanned neighborhoods, business, etc. when in need of access for my tablet. You would be surprised at how many networks you can easily access. One of my neighbors has actually been secretly riding off of another neighbor's access for about 2 years now. Doesn't make it right...but that's the way it goes I guess.

Collapse -

I'm rural and I lock it down by MAC

by DMambo In reply to The best or the easiest?

I don't broadcast SSID, but I do lock it by MAC address. If someone was to use my connection, he'd either have to be on my property, or in the road in front of my house. And he'd have to spoof his MAC address.

Most people are either too trusting or too ignorant to do much. I typically have to wait around for kids' piano lessons, dance lessons, scout meetings, etc to end and while I'm waiting, I usually keep up on the news by borrowing whatever is out there. It's usually available.

Collapse -

Reset Default Login/pswd &Encrypt if you can

by PacketOdor In reply to I'm rural and I lock it d ...

I'd consider this the minimum:
1) Change the default Router login/password, 2) Change the default SSID to something unique (Letters and numbers helpful), 3) Disable Broadcast of the SSID, 4) Set up MAC Address recognition.

There are tools that can sniff your network, spoof MAC addresses, and crack WEP 128 encryption keys. It's recommended that you change your SSID regularly (whether broadcasting or not) and likewise with the WEP key. If you can, use WPA. WPA automatically changes the keys every few seconds, lowering risk substantially.

If they've gone this far, it may be more likely that someone would use your internet connection to mask their activity than it is that they want to hack your PC, but just to be safe:

Inside your network, rename your PC and Laptop administrator accounts.

Futher down the rabbit hole you can place a second, hardwired-only router INSIDE the Wireless to prevent further network penetration. Don't forget, there are s/w firewalls as well.

Collapse -

how paranoid are you people???

by loanbucks In reply to What's the Best Solution ...

the range of most home routers, along with walls, appliances, etc., plus any purposeful shielding will keep most people out of open AP's; using some encryption of alpha numeric/lower & upper case mix [like apple does it] will eliminate all but a "terrorist" hacker....

a simple approach was suggested in an earlier post - if you live in close proximity to others - but even those who would put their own AP in a "Ft Knox" vault freely use any 'open' whenever it suits their own selfish interests....

Collapse -

Paranoid is as paranoid does

by f-3873986 In reply to how paranoid are you peop ...

Heh heh. _ARE_ you paranoid if they are really after you?

The answer is: If you highly value your bandwidth, reputation and data, lock down as much of your computing environment as possible. If you DON'T value your bandwidth, reputation, and data, don't secure anyhting on your network.

Wireless networks circumvent the first line of defense that all wired networks put in place. PHYSICAL ACCESS CONTROL. If you can't get to my network, you can't get to my PC which houses my presonal, confidential or valuable data. You also can't as easily destroy my reputation by downloading kiddie porn or other crap while attached to the public network on a connection that I am responsible for. You will have a harder time stealing my identification, because securtiy is applied as needed, and layered as appropriate. (IE: Encryption on the WLAN, Firewall(s) at the primeter, Firewall(s) at the end-points, Routers and ACL's, MAC identification, logging, etc.)

Just because it is a home network doesn't decrease its value. Home networks may at some point connect to business networks using VPN. They hold credit card information, personal records and all kinds of other treasures. Understand your risks, threats and vulnerabilities and take action accordingly.

Cheers!
Mark

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums