Hi! guys
i have secured my wireless network using WPA-PSK encryption key now i need to secure my wireless more to make sure that it wont be easly penetrated. any suggetions?????? kindly help
network shield
-
foldingstock
- htd0rg lieutenant
- Posts: 300
- Joined: Sat Aug 16, 2008 10:38 pm
Re: network shield
Some basic "layers" of wireless security:
Encryption - You have already done this.
MAC address filtering - This is trivial to setup but also easily bypassed. Only really useful to keep out casual sniffers.
Do not broadcast SSID - Another "trivial" step, but in a neighborhood setting someone is more likely to target a broadcasted "linksys" network than a hidden network.
Subnetting - limit your DHCP server to only give out a few IP addresses. On my home network, I never have more than 3 wireless devices connected so I limit the DHCP server to only give out 3 IP addresses. This is useful because if I have two wireless devices on my network and I can't connect with my laptop, I know something other than me is using the third IP address.
Proxy - If you're really paranoid, setup a proxy that requires authentication before allowing net access. This is similar to what a lot of Hotels do. Yes it can be bypassed, but not easily.
Encryption - You have already done this.
MAC address filtering - This is trivial to setup but also easily bypassed. Only really useful to keep out casual sniffers.
Do not broadcast SSID - Another "trivial" step, but in a neighborhood setting someone is more likely to target a broadcasted "linksys" network than a hidden network.
Subnetting - limit your DHCP server to only give out a few IP addresses. On my home network, I never have more than 3 wireless devices connected so I limit the DHCP server to only give out 3 IP addresses. This is useful because if I have two wireless devices on my network and I can't connect with my laptop, I know something other than me is using the third IP address.
Proxy - If you're really paranoid, setup a proxy that requires authentication before allowing net access. This is similar to what a lot of Hotels do. Yes it can be bypassed, but not easily.
-
stasik
- Guru
- Posts: 525
- Joined: Thu Oct 12, 2006 8:38 am
- Location: dublin
Re: network shield
+ allow connecting to router ONLY via cable and only via https (username + password)
all of the mentioned can be bypass (search hidden networks, change ur mac, etc). but all these add up at the end. ur best bet is the WPA2 + AES. use a password of 63 random characters (digits, alpha, ALPHA, symbols).
all of the mentioned can be bypass (search hidden networks, change ur mac, etc). but all these add up at the end. ur best bet is the WPA2 + AES. use a password of 63 random characters (digits, alpha, ALPHA, symbols).