Re: OT: unathorized network user.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jacques B. wrote:
On Jan 23, 2008 9:23 PM, Jacques B. <jjrboucher@xxxxxxxxx> wrote:
On Jan 23, 2008 8:55 PM, Frank Cox <theatre@xxxxxxxxxxx> wrote:
On Thu, 24 Jan 2008 10:24:09 +0900
John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:

WEP's good for about two minutes these days.
Interesting.

What should you do to protect access to your wireless network?

--
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com

--

fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Use WPA, MAC filtering (only allow connections from ...), don't
broadcast SSID (and don't use a SSID that provides someone with an
indication of who owns the AP - more for privacy reasons), subnet mask
to minimize the # of possible IPs on your network (use a subnet mask
that will provide you with the required # of IPs only, with a few
spares only if your situation requires it), monitor router logs for
unauthorized attempts or successful connections.  You could also used
static DHCP if your router supports it, or turn off DHCP and manually
assign IPs to your machines.  If your wireless router supports
modifying the signal strength you could do some testing to see if you
can scale back its strength to cut down on the distance from which
someone can connect (recognizing that people can use directional
antennas to improve their reception even with a weaker signal strength
from your part).

Ultimately you want to be less of a target than others.  The casual
hacker will move on to a lesser challenge.  With the exception of your
neighbour who has all the time in the world, for most hackers (using
the term loosely) the rewards would have to outweigh the effort.
Implementing the various layers of security I've suggested should
avoid you from being the low hanging fruit.

Jacques



A few other tips I should have passed on...

As Tim suggested, use a unique SSID (make sure it's not the same as
others in your area - use something unique that won't accidentally be
used by a neighbour).  Also change your IP range on your LAN to
something other than the default for that AP (i.e. instead of
192.168.0.x change it to 192.168.40.x for example).  Change the

Why? it takes a few seconds to see what IP address you're using if the network's busy.

I prefer to use an IP address range the router does not use. makes it harder to address.


default password on your router (very, very important).  And if you
don't need it disable remote management of your router (probably off
by default if supported).  If you do enable it, if possible limit the
range of IPs that can connect to it and disable it again once you

I've heard of routers that, in their default configuration, allow folk on the Internet to configure them.

don't need it anymore.  And if the router allows it (and your ISP
allows it - mine does not appear to allow it anymore as they don't use
port 25 anymore for outgoing mail and my router will try and smtp on
the default port) configure the router to email you the logs when they
are full.

Some allow you to log to an external log (ie on one of your machines). Use it.




--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux