Tilted Forum Project Discussion Community - View Single Post

Mephisto2 · 02-04-2004, 01:48 PM

OK, this seems to be a continually hot topic. As such, here's my summarized Six Steps to Security Success for your WLAN.

1) Change the default SSID
This is like your "network name" and is what people "sniff" for when war-driving. CHANGE the default! Make it something that's relevant to you.

2) Change the default Admin password on the AP
This is also very important but many people forget.

3) Disable SSID Broadcast
Just changing the SSID is not enough alone. There's no need for you to broadcast your SSID around the neighbourhood. You're not running a public hotspot are you? Besides, you will know your own SSID and can therefore configure your own clients (ie your PC/laptop).

4) Enable WPA
WPA (WiFi Protected Access) is the latest security standard. It adds the security provided by WEP by introducing a key management framework. WPA comes in two modes. For a home user you need to implement WPA-PSK mode (WPA - Pre Shared Key). This means you choose a "secret key" that you enter into both your client and your AP. This is used to automatically regenerate WEP keys on the fly. Use at least a 20 digit key if possible; the longer the better.

5) - Enable MAC Address Filtering
Every network card has a MAC address. It's a unique 12 digit hex number that identifies that card. Configure your AP so it only allows the MAC addresses you enter to associate with your AP. This stops strangers from using your WLAN.

6) - Turn down the transmit power
Many people use the highest transmit power possible. Why would you want to broadcast your wireless LAN across the street if you only want to cover your home or dorm? Use the lowest transmit power that covers the area required. This is just common sense when you think about it.

Note that not all APs support WPA, but they should all support basic WEP at least. In this case, you should use WEP as an absolute minimum. Choose 128bit key encryption and change your key regularly. A minor inconvenience, but it safeguards your WLAN.

None of the above steps will secure your WLAN securely on their own. But taken in combination they will protect you from 99.99% of most hacking attempts. Remember, the vast majority of wireless hacking is "opportunistic." If you follow the standard security recommendations, it will make your WLAN very secure and protected against all but the most professional and sustained attacks. And who's going to do this to snoop on your web-browsing or Counter Strike games? :-)

Any more questions, please feel free to ask.

Mr Mephisto

02-04-2004, 01:48 PM	#6 (permalink)
Mephisto2 Junkie	OK, this seems to be a continually hot topic. As such, here's my summarized Six Steps to Security Success for your WLAN. 1) Change the default SSID This is like your "network name" and is what people "sniff" for when war-driving. CHANGE the default! Make it something that's relevant to you. 2) Change the default Admin password on the AP This is also very important but many people forget. 3) Disable SSID Broadcast Just changing the SSID is not enough alone. There's no need for you to broadcast your SSID around the neighbourhood. You're not running a public hotspot are you? Besides, you will know your own SSID and can therefore configure your own clients (ie your PC/laptop). 4) Enable WPA WPA (WiFi Protected Access) is the latest security standard. It adds the security provided by WEP by introducing a key management framework. WPA comes in two modes. For a home user you need to implement WPA-PSK mode (WPA - Pre Shared Key). This means you choose a "secret key" that you enter into both your client and your AP. This is used to automatically regenerate WEP keys on the fly. Use at least a 20 digit key if possible; the longer the better. 5) - Enable MAC Address Filtering Every network card has a MAC address. It's a unique 12 digit hex number that identifies that card. Configure your AP so it only allows the MAC addresses you enter to associate with your AP. This stops strangers from using your WLAN. 6) - Turn down the transmit power Many people use the highest transmit power possible. Why would you want to broadcast your wireless LAN across the street if you only want to cover your home or dorm? Use the lowest transmit power that covers the area required. This is just common sense when you think about it. Note that not all APs support WPA, but they should all support basic WEP at least. In this case, you should use WEP as an absolute minimum. Choose 128bit key encryption and change your key regularly. A minor inconvenience, but it safeguards your WLAN. None of the above steps will secure your WLAN securely on their own. But taken in combination they will protect you from 99.99% of most hacking attempts. Remember, the vast majority of wireless hacking is "opportunistic." If you follow the standard security recommendations, it will make your WLAN very secure and protected against all but the most professional and sustained attacks. And who's going to do this to snoop on your web-browsing or Counter Strike games? :-) Any more questions, please feel free to ask. Mr Mephisto