View Single Post
Old 08-22-07, 06:24 PM   #5
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Wireless Security Questions (My Home Network)

Monolyth is correct, and there's a recent thread with some great infomation. To reiterate some key points, defense in depth is a perfectly acceptable practice. While each vector of security in itself is insecure in some fashion, a layered approach is best.

To highlight some key points:

1) Tune your transmit power and antenna to not cover any area you don't need WiFi access; max power isn't the best solution.

2) Use 128 Bit WEP since that's all you have available.

3) Don't broadcast your SSID, and, set it to something to indicate you're not your average SOHO 'linksys' or 'netgear' user. Something like 'I_WATCH_ASSOCATIONS_AND_WILL_PROSECUTE' or 'Honeypot' are good examples. Even though your SSID is easily discovered with tools like Kismet, it's still a good idea.

4) Enable the firewall on your home computers. Even though your connected through a NAT router, penetration of your WiFi shouldn't be synonymous with local machine penetration.

5) Setup MAC address filtering, as you've already done.

6) Change the router password to something complex and secure to avoid penetration and intentional man-in-the-middle (MITM) attacks via DNS poisoning.

7) Firewall broadcast traffic and GARP (gratuitous ARP) to avoid arpsoof style MITM attacks.

8) Limit the maximum number of client assocations in the router/access-point to the total number of clients you have. No reason to permit 100 assocations if you only have two WiFi clients.

9) Watch your logs!
evilghost is offline   Reply With Quote