View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 8 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
PostPosted: Fri Mar 02, 2012 1:52 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
Been doing some reading about wifi security and wanted to calibrate here with some knowledgeable users. What are best practices for securing a home wifi network?

From what I have read, best practices:
*WPA2/personal with AES encryption.
*Use a strong (mixed alpha/num/sym) 63 character password.
*Use a strong (mixed alpha/num/sym) 63 character SSID. Why? My understanding is that the SSID is used as a component to generate key hashes used for handshakes. Therefore, using a common SSID could mean that there is a set of rainbow tables build off that specific SIDD.

False sense of securities include:
*MAC filtering.
*SSID hiding which is actually a security risk since every device connected to the network will basically scream out 'here I am... where is SSID xxx' when not connected.
*WEP-based encryption.

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Top
 Profile  
 
PostPosted: Sat Mar 03, 2012 9:01 am 
Offline
Joined: Wed Jan 07, 2004 12:14 pm
Posts: 425
Location: Charlotte, NC
Graysky, I do a lot in the wireless space - in particular wireless security. WLAN security has several issues that generate a lot of misunderstandings. I could write a book here on all of them but let's stick to the high level points. First, for a home network, I tell people to use good router hardware (consistent radios are important). I personally use either Linksys or Asus (I also use DD-WRT software - don't like the stock firmware on the routers).

Second, DON'T use WEP - I can crack it in a few minutes.

Third, use WPA or WPA2 - if you are using 'N' radios then you have to use AES (won't get the speed thoughput if you don't) . If you are 'B' or 'G', then either TKIP or AES is fine.

Fourth, use a good strong mixed password (63 character is unnecessary in a home system) but don't get carried away with too long or insane SSID (my SSID is 10 characters...). The fact is that it will take a long time (many days) and some major processing power to crack an AES well designed password.

And last - change the password occasionally.

I also suggest that you put up a "guest" network with proper restrictions for limited access (I allow for internet access only - no internal devices or network. It is on its own VLAN). You can do a lot with iptables if so inclined...

Oh, and the only time I use MAC filtering is if I want to stop my kids from getting to something ( usually because they eat up my bandwidth...).

_________________
Backend server - 4.0 TB 3.0ghz dual core 6 gig RAM, nVidia 9400, Gigabyte GA-870A-UD3 MB, 2 HD-5500, 2 HD Homerun dual tuners, 3 frontend machines - LinHES 8.6.1


Top
 Profile  
 
PostPosted: Mon Mar 05, 2012 7:37 am 
Offline
Joined: Tue Aug 15, 2006 11:14 am
Posts: 1343
Location: Orlando FL
I agree

_________________
My System


Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 8:23 pm 
Offline
Joined: Wed May 09, 2007 8:47 pm
Posts: 367
Location: Minnesota- Brrrrr!
If you using 3rd party firmware you can decrease the transmit power so that it is not 'visible' to the war drivers. You can also use a cantenna as a crude mechanism for beamforming, so as to enhance SNR in desired areas and reduce your wifi signature.

Recommend TKIP \ AES.

I prefer to keep wifi off and turn it on as needed, however, this may not be suitable in most households.

_________________
R7.3: 0.22.20091023-1, Hauppauge PVR-500 (Philips FQ1236A MK4), Gigabyte Gigabyte EG45M-UD2H, E5200 2.4Ghz, 2GB RAM, NVIDIA GEFORCE 256MB


Top
 Profile  
 
PostPosted: Sat May 18, 2013 12:27 am 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
nethomike01 wrote:
Hi, I have get wifi conection for installing the security cameras which I couldn't install yet now, but I think my wifi connection is not secure I found out when I checked my internet speed (It seems that some one else also using the same net) so I think my wifi is not secure and anybody can hack my computer or cameras too. so please suggest me what I should do for making it secure.


If this is a serious post, my best advice for you is to unplug your router and place it in a locked safe somewhere...

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Top
 Profile  
 
PostPosted: Sun May 19, 2013 8:03 am 
Offline
Joined: Wed May 09, 2007 8:47 pm
Posts: 367
Location: Minnesota- Brrrrr!
nethomike01 wrote:
Hi, I have get wifi conection for installing the security cameras which I couldn't install yet now, but I think my wifi connection is not secure I found out when I checked my internet speed (It seems that some one else also using the same net) so I think my wifi is not secure and anybody can hack my computer or cameras too. so please suggest me what I should do for making it secure.


It sounds like you are guessing and not using data or logs. If this is the case and you are unable to implement the conversation above, then you should locally hire someone with experience.

@graysky:
A 12 character password (no dictionary words, preferably with nums, caps, punctuation) should keep you secure. If you have Samba shares, you ay want to use a strong password for them as well.

Checking the logs of your router is also a good idea, especially if you have any open ports. I like to use Asiablock with my OTRW ASUS RT-N16. It puzzles me why so many go for the cheapest possible router. This techology is inexpensive and is a critical to security.

_________________
R7.3: 0.22.20091023-1, Hauppauge PVR-500 (Philips FQ1236A MK4), Gigabyte Gigabyte EG45M-UD2H, E5200 2.4Ghz, 2GB RAM, NVIDIA GEFORCE 256MB


Top
 Profile  
 
PostPosted: Thu May 23, 2013 8:09 pm 
Offline
Joined: Wed Apr 28, 2004 10:42 pm
Posts: 405
Location: Bendigo, Victoria, Australia
The recent posts by nethomike01 seem to be just spam for the purpose of promoting his signature link.
It is slightly more sophisticated than the usual spam, as he/she has actually made an attempt to fit the posts to the topic.

_________________
Paul Turpie
-------------
<--Is your location in your profile? Why not?


Top
 Profile  
 
PostPosted: Fri May 24, 2013 1:53 pm 
Offline
Joined: Wed Jan 04, 2006 10:20 am
Posts: 387
Location: South New Jersey, USA
While we are on the subject, I recently got a Netgear WNDR3400 which I wired into my FIOS Actiontec router. The Netgear is setup to work as a repeater of the same SSID and channel as the Actiontec. To do this, the Netgear menu requires me to enter the MAC of the Actiontec which I did. The problem is that, as far as I can tell, the Netgear only works in this mode in WEP. Does switching to DD-WRT allow for a repeater mode with better security?

_________________
LINHES 8.6.1 BE/FE - MSI K9N6SGM-V with AMD A64 X2 4600+, 4GB Ram. 1.5TB WD. HDHR Prime. Nvidia GT210. MCE remote.
FrontEnd - Dell Vostro 400 3.0GHz Core2Duo NVidia GeForce210. MCE Remote


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu