LinHES Forums
http://forum.linhes.org/

securing wifi suggestions
http://forum.linhes.org/viewtopic.php?f=5&t=22496
Page 1 of 1

Author:  graysky [ Fri Mar 02, 2012 1:52 pm ]
Post subject:  securing wifi suggestions

Been doing some reading about wifi security and wanted to calibrate here with some knowledgeable users. What are best practices for securing a home wifi network?

From what I have read, best practices:
*WPA2/personal with AES encryption.
*Use a strong (mixed alpha/num/sym) 63 character password.
*Use a strong (mixed alpha/num/sym) 63 character SSID. Why? My understanding is that the SSID is used as a component to generate key hashes used for handshakes. Therefore, using a common SSID could mean that there is a set of rainbow tables build off that specific SIDD.

False sense of securities include:
*MAC filtering.
*SSID hiding which is actually a security risk since every device connected to the network will basically scream out 'here I am... where is SSID xxx' when not connected.
*WEP-based encryption.

Author:  nbdwt73 [ Sat Mar 03, 2012 9:01 am ]
Post subject:  Re: securing wifi suggestions

Graysky, I do a lot in the wireless space - in particular wireless security. WLAN security has several issues that generate a lot of misunderstandings. I could write a book here on all of them but let's stick to the high level points. First, for a home network, I tell people to use good router hardware (consistent radios are important). I personally use either Linksys or Asus (I also use DD-WRT software - don't like the stock firmware on the routers).

Second, DON'T use WEP - I can crack it in a few minutes.

Third, use WPA or WPA2 - if you are using 'N' radios then you have to use AES (won't get the speed thoughput if you don't) . If you are 'B' or 'G', then either TKIP or AES is fine.

Fourth, use a good strong mixed password (63 character is unnecessary in a home system) but don't get carried away with too long or insane SSID (my SSID is 10 characters...). The fact is that it will take a long time (many days) and some major processing power to crack an AES well designed password.

And last - change the password occasionally.

I also suggest that you put up a "guest" network with proper restrictions for limited access (I allow for internet access only - no internal devices or network. It is on its own VLAN). You can do a lot with iptables if so inclined...

Oh, and the only time I use MAC filtering is if I want to stop my kids from getting to something ( usually because they eat up my bandwidth...).

Author:  mattbatt [ Mon Mar 05, 2012 7:37 am ]
Post subject:  Re: securing wifi suggestions

I agree

Author:  gatorback [ Fri Apr 06, 2012 8:23 pm ]
Post subject:  Re: securing wifi suggestions

If you using 3rd party firmware you can decrease the transmit power so that it is not 'visible' to the war drivers. You can also use a cantenna as a crude mechanism for beamforming, so as to enhance SNR in desired areas and reduce your wifi signature.

Recommend TKIP \ AES.

I prefer to keep wifi off and turn it on as needed, however, this may not be suitable in most households.

Author:  graysky [ Sat May 18, 2013 12:27 am ]
Post subject:  Re: securing wifi suggestions

nethomike01 wrote:
Hi, I have get wifi conection for installing the security cameras which I couldn't install yet now, but I think my wifi connection is not secure I found out when I checked my internet speed (It seems that some one else also using the same net) so I think my wifi is not secure and anybody can hack my computer or cameras too. so please suggest me what I should do for making it secure.


If this is a serious post, my best advice for you is to unplug your router and place it in a locked safe somewhere...

Author:  gatorback [ Sun May 19, 2013 8:03 am ]
Post subject:  Re: securing wifi suggestions

nethomike01 wrote:
Hi, I have get wifi conection for installing the security cameras which I couldn't install yet now, but I think my wifi connection is not secure I found out when I checked my internet speed (It seems that some one else also using the same net) so I think my wifi is not secure and anybody can hack my computer or cameras too. so please suggest me what I should do for making it secure.


It sounds like you are guessing and not using data or logs. If this is the case and you are unable to implement the conversation above, then you should locally hire someone with experience.

@graysky:
A 12 character password (no dictionary words, preferably with nums, caps, punctuation) should keep you secure. If you have Samba shares, you ay want to use a strong password for them as well.

Checking the logs of your router is also a good idea, especially if you have any open ports. I like to use Asiablock with my OTRW ASUS RT-N16. It puzzles me why so many go for the cheapest possible router. This techology is inexpensive and is a critical to security.

Author:  turpie [ Thu May 23, 2013 8:09 pm ]
Post subject:  Re: securing wifi suggestions

The recent posts by nethomike01 seem to be just spam for the purpose of promoting his signature link.
It is slightly more sophisticated than the usual spam, as he/she has actually made an attempt to fit the posts to the topic.

Author:  Big boy stan [ Fri May 24, 2013 1:53 pm ]
Post subject:  Re: securing wifi suggestions

While we are on the subject, I recently got a Netgear WNDR3400 which I wired into my FIOS Actiontec router. The Netgear is setup to work as a repeater of the same SSID and channel as the Actiontec. To do this, the Netgear menu requires me to enter the MAC of the Actiontec which I did. The problem is that, as far as I can tell, the Netgear only works in this mode in WEP. Does switching to DD-WRT allow for a repeater mode with better security?

Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/