Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > WLAN internet security settings

Reply
Thread Tools

WLAN internet security settings

 
 
Jeff
Guest
Posts: n/a
 
      01-06-2006
I realize one can implement more secure wireless systems (VPN etc.), but for
normal home use where VPN are not feasible, does the following seem adequate
for home broadband internet access in a wireless lan using a router?

1. change the SSID to a personal one (broadcast to avoid lan problems)
2. Use WPA with pre-Shared Passphrase
3. enable MAC filtering
4. UPnP turned off
5. DMZ turned off

Does reducing the range of ip addresses the router's DNS server can use (to
4-5) make it more secure or does it have no security benefit?

[Of course I also have virus protection and regular Spyware checks].

Jeff



 
Reply With Quote
 
 
 
 
Sooner Al [MVP]
Guest
Posts: n/a
 
      01-06-2006
In my opinion restricting the number of DHCP assigned IP addresses offers no
additional level of security at all. Once someone accesses your network the
damage is done. Use WPA-PSK (AES) or (TKIP) or WPA2 if your hardware
supports it. Closely guard who has access to the encryption key. If you do
give it to a family member or friend for temporary use, change the key once
they leave...

In my opinion MAC address authentication as a security measue is also of
doubtful value...

I would also...

* Disable administration of the access point/router via the wireless
interface if your device supports it. Only perform admin tasks on the device
via a wired interface.
* Change the default admin password to somethng else and use a *STRONG*
password. Closely guard the password.

Personally I have UPnP enabled on my router and never use the DMZ
functionality. I only allow one port incoming to be open on my router and
that is for Secure Shell (SSH) use only. All remote access to my home LAN is
done through the SSH tunnel which is totally encrypted from start-to-finish.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Jeff" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I realize one can implement more secure wireless systems (VPN etc.), but
>for
> normal home use where VPN are not feasible, does the following seem
> adequate for home broadband internet access in a wireless lan using a
> router?
>
> 1. change the SSID to a personal one (broadcast to avoid lan problems)
> 2. Use WPA with pre-Shared Passphrase
> 3. enable MAC filtering
> 4. UPnP turned off
> 5. DMZ turned off
>
> Does reducing the range of ip addresses the router's DNS server can use
> (to
> 4-5) make it more secure or does it have no security benefit?
>
> [Of course I also have virus protection and regular Spyware checks].
>
> Jeff
>
>
>



 
Reply With Quote
 
 
 
 
Jeff
Guest
Posts: n/a
 
      01-06-2006
Thank you. That is very helpful and I appreciate your taking the time to
write.

I have a SMC "barricade" G router that has all sorts of security features,
and I have successfully implemented the other suggestions you made, but I am
not sure how to do the following.

> . I only allow one port incoming to be open on my router
> and that is for Secure Shell (SSH) use only. All remote access to my
> home LAN is done through the SSH tunnel which is totally encrypted
> from start-to-finish.


What should I look for in the router interface? Would doing this disable
the ability to download files from the web or use FTP?

Thank you again.

Jeff


Sooner Al [MVP] wrote:
> In my opinion restricting the number of DHCP assigned IP addresses
> offers no additional level of security at all. Once someone accesses
> your network the damage is done. Use WPA-PSK (AES) or (TKIP) or WPA2
> if your hardware supports it. Closely guard who has access to the
> encryption key. If you do give it to a family member or friend for
> temporary use, change the key once they leave...
>
> In my opinion MAC address authentication as a security measue is also
> of doubtful value...
>
> I would also...
>
> * Disable administration of the access point/router via the wireless
> interface if your device supports it. Only perform admin tasks on the
> device via a wired interface.
> * Change the default admin password to somethng else and use a
> *STRONG* password. Closely guard the password.
>
> Personally I have UPnP enabled on my router and never use the DMZ
> functionality. I only allow one port incoming to be open on my router
> and that is for Secure Shell (SSH) use only. All remote access to my
> home LAN is done through the SSH tunnel which is totally encrypted
> from start-to-finish.
>
> "Jeff" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> I realize one can implement more secure wireless systems (VPN etc.),
>> but for
>> normal home use where VPN are not feasible, does the following seem
>> adequate for home broadband internet access in a wireless lan using a
>> router?
>>
>> 1. change the SSID to a personal one (broadcast to avoid lan
>> problems) 2. Use WPA with pre-Shared Passphrase
>> 3. enable MAC filtering
>> 4. UPnP turned off
>> 5. DMZ turned off
>>
>> Does reducing the range of ip addresses the router's DNS server can
>> use (to
>> 4-5) make it more secure or does it have no security benefit?
>>
>> [Of course I also have virus protection and regular Spyware checks].
>>
>> Jeff



 
Reply With Quote
 
Sooner Al [MVP]
Guest
Posts: n/a
 
      01-06-2006
That is usually not a router function although some Linksys routers can be
configured as a SSH server if you use third-party firmware. You would need
to run a SSH server on a PC. This would allow for remote secure file
transfer functionality and remote access/control of your home desktop PCs.
If you have no need for that functionality then don't worry about it.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Jeff" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thank you. That is very helpful and I appreciate your taking the time to
> write.
>
> I have a SMC "barricade" G router that has all sorts of security features,
> and I have successfully implemented the other suggestions you made, but I
> am not sure how to do the following.
>
>> . I only allow one port incoming to be open on my router
>> and that is for Secure Shell (SSH) use only. All remote access to my
>> home LAN is done through the SSH tunnel which is totally encrypted
>> from start-to-finish.

>
> What should I look for in the router interface? Would doing this disable
> the ability to download files from the web or use FTP?
>
> Thank you again.
>
> Jeff
>


 
Reply With Quote
 
Jeff
Guest
Posts: n/a
 
      01-06-2006
Thanks.

I don't think I need that level of security <grin>

Jeff

"Sooner Al [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> That is usually not a router function although some Linksys routers can be
> configured as a SSH server if you use third-party firmware. You would need
> to run a SSH server on a PC. This would allow for remote secure file
> transfer functionality and remote access/control of your home desktop PCs.
> If you have no need for that functionality then don't worry about it.
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Jeff" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Thank you. That is very helpful and I appreciate your taking the time to
>> write.
>>
>> I have a SMC "barricade" G router that has all sorts of security
>> features, and I have successfully implemented the other suggestions you
>> made, but I am not sure how to do the following.
>>
>>> . I only allow one port incoming to be open on my router
>>> and that is for Secure Shell (SSH) use only. All remote access to my
>>> home LAN is done through the SSH tunnel which is totally encrypted
>>> from start-to-finish.

>>
>> What should I look for in the router interface? Would doing this disable
>> the ability to download files from the web or use FTP?
>>
>> Thank you again.
>>
>> Jeff
>>

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Settings.settings file with settings for multiple regions donet programmer ASP .Net 3 11-20-2009 03:05 PM
Help needed locating driver for ACER WLAN 11g USB Dongle (WLAN-G-US1) Chris Mitchell Wireless Networking 5 12-26-2007 05:48 PM
Registry settings for WLAN configs - Decrypt? ck42 Wireless Networking 0 07-19-2006 09:23 PM
opening a help file is blocked by XP wlan settings or ?? richard1969@usa.com Computer Support 0 01-28-2006 12:00 AM
Transfer Wlan Property Settings carlknight@earthlink.net Wireless Networking 0 09-12-2004 02:38 AM



Advertisments