Quote:
|
Originally Posted by Mr Mephisto
It's quite possible to secure a WLAN to a level that makes any hacking all but impossible.
I've posted guidelines on how to do this several times before, but I'm willing to repost if people want advice. The three steps listed above are only part of the story.
|
They're usually a bit more trouble, like setting up a RADIUS server, or a VPN, or deploying your own IDS.
Reading your
guide...
1 - Enable WPA if at all possible
I mentioned WPA and WEP. I wish my wifi card supported WPA.
2 - Change default SSID
I missed that one. But it doesn't matter too much unless you --
3 - Disable SSID Broadcast
I mentioned that, and how it's only gonna stop NetStumbler kiddies
4 - Enable MAC filtering
I mentioned that
5 - Turn down transmit power
Missed that one. Of course, if you have a
real hacker on your hands, he'll have a directional antenna that'll snipe your connection from halfway down the street.
6 - Change the admin password
Ooh, how could I forget that one?
7 - Change default IP address
Missed that. Although I think Kismet and other wardriving tools will tell you the address of the router. From there, you can watch the traffic to see what else is on the network. This is a good one, though.
8 - Reduce the size of your DHCP
Missed that. But if someone is spoofing your MAC, they can just steal from the IP pool.
1 is only effective with WPA. (I mean that WEP is useless compared to WPA).
2, 3, and 4 are nothing to a serious hacker.
5 won't stop anyone with a good antenna (serious hacker).
6, as long as it's a good password, will be a serious roadblock -- to hacking the router. A hacker will probably look for an easier target, or a way to exploit the router.
I'm actually not sure how much 7 would impact a hacker. I assume not very much, since a good packet sniffer will tell you what's going on.
8 is like MAC filtering. Easily circumvented.
All but impossible? Depends on how secure WPA is. If you can't crack the encryption, then you can't see anything of use on the network.