• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Securing wireless network

dreamworks

--== babyface ==--
#1
Hi guys ..

I have just recently bought a Linksys wireless broadband router (Model: BEFW11S4) and I am wandering whats the best way and practise to secure my home wireless network?

This is what I have done:-

1) Changed default admin password
2) Disabled Wireless SSID broadcast
3) Enabled Block Anonymous Internet Requests
4) Switched on wireless security mode to WEP

I would like to protect the network from intruders who maybe around with wireless capability and use my network to surf the net and also protect the individual workstations.

On the desktops and workstations, the firewall is already configured but when I do a simple check with grc.com, I find that my port 80 is open. Do I have to disable that or should I leave it as it is ..?

Please advise. Thank you.

:D
 

muzikool

Act your wage.
Political User
#2
Port 80 should be open since it's for HTTP and you are online using grc.com. It looks like you've done plenty to secure the network. I was going to recommend WEP, but you've already done it. :)
 

dreamworks

--== babyface ==--
#3
muzikool, thanks for your feedback.

i was previously using an artnet adsl router connected to an 8 port switch .. after i bought the linksys device, i connected the artnet adsl router into the linksys. so it becomes like a router connected to a router.

i took out the artnet adsl router and use back my original aztech adsl modem, run a check on grc.com and symantec.com and all ports are closed now.

is WEP the normal standard for securing our wireless network? honestly speaking how safe is the wireless network? : )

Hehehehe ..
 

tdinc

█▄█ ▀█▄ █
Political User
#4
dreamworks said:
honestly speaking how safe is the wireless network? : )

Hehehehe ..


Wireless routers in my opinion are extremely unsafe no matter how
patched, locked, or hidden you are. anyone with some knowledge of linux
and with a program like snort, can cause havoc. that is why I'm still sticking
with a wired setup....BTW if you really want to feel more at peace
build yourself a honeypot server for added security. :)
 
#6
Admiral Michael said:
what about MAC filtering?
Excellent suggestion. I just read the original post and wondered why it wasn't there on the list. MAC filtering is actually one of your safest bets.

As tdinc mentioned, utilities like AirSnort can be used to crack WEP encryption. Now admittedly, this is unlikely since it takes quite a bit of time to crack the encryption key (we're talking days to weeks here, depending on the amount of data traffic, and whether you're using a 64 or 128-bit key). If anybody were to crack it, it would probably be one of your neighbors, or else you'd probably notice someone sitting in your front yard with a laptop for a few days.


With MAC filtering on the other hand, the router maintains a list of MAC addresses that are allowed to connect to it. Any MAC address not on the list is denied access. Again, MAC address spoofing is possible, but the chances of anyone trying to gain access to your network knowing the MAC addresses of your wireless adapters is next to impossible.
 
#7
muzikool said:
Port 80 should be open since it's for HTTP and you are online using grc.com.
Actually, that's not quite true.

The GRC port scan checks if the port in question is open to incoming traffic, not outgoing traffic. Port 80 should be open to incoming traffic only if you're running an HTTP daemon like Apache/IIS etc.

@dreamworks: Check your router port forwarding settings to make sure than port 80 isn't being forwarded to any machines on the internal LAN, and that the DMZ option is disabled. If you're using a software firewall, it should be blocking port 80. If everything is setup correctly, you should see it marked as stealth on the GRC test, as in this screenshot:
 

muzikool

Act your wage.
Political User
#8
I set up a friend's network with access limited to specific MAC addresses, so I don't know why I didn't think of it earlier. It's simpler than setting up WEP as well. Like NetRyder said though, the chances of cracking the encryption for WEP is unlikely. Wireless networks can be secure, so don't be too paranoid about it. ;)
 
#9
the port 80 thing, is the wireless router/access point setup for "Remote Administration" as that would allow incoming traffic to port 80.
 
#10
muzikool said:
I set up a friend's network with access limited to specific MAC addresses, so I don't know why I didn't think of it earlier. It's simpler than setting up WEP as well. Like NetRyder said though, the chances of cracking the encryption for WEP is unlikely. Wireless networks can be secure, so don't be too paranoid about it. ;)
Well for *nix MAC address is software instead of hardware like on pc though .. so if someone knew a valid MAC on that list ... :p Ok I'm just being a pain.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,247
Members
89,019
Latest member
fontjohnson