WLAN internet security settings

Discussion in 'Wireless Networking' started by Jeff, Jan 6, 2006.

  1. Jeff

    Jeff Guest

    I realize one can implement more secure wireless systems (VPN etc.), but for
    normal home use where VPN are not feasible, does the following seem adequate
    for home broadband internet access in a wireless lan using a router?

    1. change the SSID to a personal one (broadcast to avoid lan problems)
    2. Use WPA with pre-Shared Passphrase
    3. enable MAC filtering
    4. UPnP turned off
    5. DMZ turned off

    Does reducing the range of ip addresses the router's DNS server can use (to
    4-5) make it more secure or does it have no security benefit?

    [Of course I also have virus protection and regular Spyware checks].

    Jeff
     
    Jeff, Jan 6, 2006
    #1
    1. Advertising

  2. In my opinion restricting the number of DHCP assigned IP addresses offers no
    additional level of security at all. Once someone accesses your network the
    damage is done. Use WPA-PSK (AES) or (TKIP) or WPA2 if your hardware
    supports it. Closely guard who has access to the encryption key. If you do
    give it to a family member or friend for temporary use, change the key once
    they leave...

    In my opinion MAC address authentication as a security measue is also of
    doubtful value...

    I would also...

    * Disable administration of the access point/router via the wireless
    interface if your device supports it. Only perform admin tasks on the device
    via a wired interface.
    * Change the default admin password to somethng else and use a *STRONG*
    password. Closely guard the password.

    Personally I have UPnP enabled on my router and never use the DMZ
    functionality. I only allow one port incoming to be open on my router and
    that is for Secure Shell (SSH) use only. All remote access to my home LAN is
    done through the SSH tunnel which is totally encrypted from start-to-finish.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...

    "Jeff" <> wrote in message
    news:%...
    >I realize one can implement more secure wireless systems (VPN etc.), but
    >for
    > normal home use where VPN are not feasible, does the following seem
    > adequate for home broadband internet access in a wireless lan using a
    > router?
    >
    > 1. change the SSID to a personal one (broadcast to avoid lan problems)
    > 2. Use WPA with pre-Shared Passphrase
    > 3. enable MAC filtering
    > 4. UPnP turned off
    > 5. DMZ turned off
    >
    > Does reducing the range of ip addresses the router's DNS server can use
    > (to
    > 4-5) make it more secure or does it have no security benefit?
    >
    > [Of course I also have virus protection and regular Spyware checks].
    >
    > Jeff
    >
    >
    >
     
    Sooner Al [MVP], Jan 6, 2006
    #2
    1. Advertising

  3. Jeff

    Jeff Guest

    Thank you. That is very helpful and I appreciate your taking the time to
    write.

    I have a SMC "barricade" G router that has all sorts of security features,
    and I have successfully implemented the other suggestions you made, but I am
    not sure how to do the following.

    > . I only allow one port incoming to be open on my router
    > and that is for Secure Shell (SSH) use only. All remote access to my
    > home LAN is done through the SSH tunnel which is totally encrypted
    > from start-to-finish.


    What should I look for in the router interface? Would doing this disable
    the ability to download files from the web or use FTP?

    Thank you again.

    Jeff


    Sooner Al [MVP] wrote:
    > In my opinion restricting the number of DHCP assigned IP addresses
    > offers no additional level of security at all. Once someone accesses
    > your network the damage is done. Use WPA-PSK (AES) or (TKIP) or WPA2
    > if your hardware supports it. Closely guard who has access to the
    > encryption key. If you do give it to a family member or friend for
    > temporary use, change the key once they leave...
    >
    > In my opinion MAC address authentication as a security measue is also
    > of doubtful value...
    >
    > I would also...
    >
    > * Disable administration of the access point/router via the wireless
    > interface if your device supports it. Only perform admin tasks on the
    > device via a wired interface.
    > * Change the default admin password to somethng else and use a
    > *STRONG* password. Closely guard the password.
    >
    > Personally I have UPnP enabled on my router and never use the DMZ
    > functionality. I only allow one port incoming to be open on my router
    > and that is for Secure Shell (SSH) use only. All remote access to my
    > home LAN is done through the SSH tunnel which is totally encrypted
    > from start-to-finish.
    >
    > "Jeff" <> wrote in message
    > news:%...
    >> I realize one can implement more secure wireless systems (VPN etc.),
    >> but for
    >> normal home use where VPN are not feasible, does the following seem
    >> adequate for home broadband internet access in a wireless lan using a
    >> router?
    >>
    >> 1. change the SSID to a personal one (broadcast to avoid lan
    >> problems) 2. Use WPA with pre-Shared Passphrase
    >> 3. enable MAC filtering
    >> 4. UPnP turned off
    >> 5. DMZ turned off
    >>
    >> Does reducing the range of ip addresses the router's DNS server can
    >> use (to
    >> 4-5) make it more secure or does it have no security benefit?
    >>
    >> [Of course I also have virus protection and regular Spyware checks].
    >>
    >> Jeff
     
    Jeff, Jan 6, 2006
    #3
  4. That is usually not a router function although some Linksys routers can be
    configured as a SSH server if you use third-party firmware. You would need
    to run a SSH server on a PC. This would allow for remote secure file
    transfer functionality and remote access/control of your home desktop PCs.
    If you have no need for that functionality then don't worry about it.

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...

    "Jeff" <> wrote in message
    news:%...
    > Thank you. That is very helpful and I appreciate your taking the time to
    > write.
    >
    > I have a SMC "barricade" G router that has all sorts of security features,
    > and I have successfully implemented the other suggestions you made, but I
    > am not sure how to do the following.
    >
    >> . I only allow one port incoming to be open on my router
    >> and that is for Secure Shell (SSH) use only. All remote access to my
    >> home LAN is done through the SSH tunnel which is totally encrypted
    >> from start-to-finish.

    >
    > What should I look for in the router interface? Would doing this disable
    > the ability to download files from the web or use FTP?
    >
    > Thank you again.
    >
    > Jeff
    >
     
    Sooner Al [MVP], Jan 6, 2006
    #4
  5. Jeff

    Jeff Guest

    Thanks.

    I don't think I need that level of security <grin>

    Jeff

    "Sooner Al [MVP]" <> wrote in message
    news:...
    > That is usually not a router function although some Linksys routers can be
    > configured as a SSH server if you use third-party firmware. You would need
    > to run a SSH server on a PC. This would allow for remote secure file
    > transfer functionality and remote access/control of your home desktop PCs.
    > If you have no need for that functionality then don't worry about it.
    >
    > --
    >
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the
    > mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights...
    >
    > "Jeff" <> wrote in message
    > news:%...
    >> Thank you. That is very helpful and I appreciate your taking the time to
    >> write.
    >>
    >> I have a SMC "barricade" G router that has all sorts of security
    >> features, and I have successfully implemented the other suggestions you
    >> made, but I am not sure how to do the following.
    >>
    >>> . I only allow one port incoming to be open on my router
    >>> and that is for Secure Shell (SSH) use only. All remote access to my
    >>> home LAN is done through the SSH tunnel which is totally encrypted
    >>> from start-to-finish.

    >>
    >> What should I look for in the router interface? Would doing this disable
    >> the ability to download files from the web or use FTP?
    >>
    >> Thank you again.
    >>
    >> Jeff
    >>

    >
     
    Jeff, Jan 6, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Transfer Wlan Property Settings

    , Sep 12, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    542
  2. ck42

    Registry settings for WLAN configs - Decrypt?

    ck42, Jul 19, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    778
  3. Replies:
    0
    Views:
    374
  4. Chris Mitchell
    Replies:
    5
    Views:
    12,644
    Barb Bowman
    Dec 26, 2007
  5. Jim Watt
    Replies:
    0
    Views:
    632
    Jim Watt
    Apr 27, 2008
Loading...

Share This Page