On Jan 23, 2008 9:23 PM, Jacques B. <jjrboucher@xxxxxxxxx> wrote: > > On Jan 23, 2008 8:55 PM, Frank Cox <theatre@xxxxxxxxxxx> wrote: > > On Thu, 24 Jan 2008 10:24:09 +0900 > > John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > WEP's good for about two minutes these days. > > > > Interesting. > > > > What should you do to protect access to your wireless network? > > > > -- > > MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com > > > > -- > > > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > > > Use WPA, MAC filtering (only allow connections from ...), don't > broadcast SSID (and don't use a SSID that provides someone with an > indication of who owns the AP - more for privacy reasons), subnet mask > to minimize the # of possible IPs on your network (use a subnet mask > that will provide you with the required # of IPs only, with a few > spares only if your situation requires it), monitor router logs for > unauthorized attempts or successful connections. You could also used > static DHCP if your router supports it, or turn off DHCP and manually > assign IPs to your machines. If your wireless router supports > modifying the signal strength you could do some testing to see if you > can scale back its strength to cut down on the distance from which > someone can connect (recognizing that people can use directional > antennas to improve their reception even with a weaker signal strength > from your part). > > Ultimately you want to be less of a target than others. The casual > hacker will move on to a lesser challenge. With the exception of your > neighbour who has all the time in the world, for most hackers (using > the term loosely) the rewards would have to outweigh the effort. > Implementing the various layers of security I've suggested should > avoid you from being the low hanging fruit. > > Jacques > A few other tips I should have passed on... As Tim suggested, use a unique SSID (make sure it's not the same as others in your area - use something unique that won't accidentally be used by a neighbour). Also change your IP range on your LAN to something other than the default for that AP (i.e. instead of 192.168.0.x change it to 192.168.40.x for example). Change the default password on your router (very, very important). And if you don't need it disable remote management of your router (probably off by default if supported). If you do enable it, if possible limit the range of IPs that can connect to it and disable it again once you don't need it anymore. And if the router allows it (and your ISP allows it - mine does not appear to allow it anymore as they don't use port 25 anymore for outgoing mail and my router will try and smtp on the default port) configure the router to email you the logs when they are full. Again, this will help you avoid being the low hanging fruit. None of this is 100% security. If you require that then you probably will be hiring a consultant to come in and implement a corporate solution anyhow. Jacques B.
