Securing wireless network

D

dreamworks

--== babyface ==--
Joined
19 Jan 2003
Messages
355
Hi guys ..

I have just recently bought a Linksys wireless broadband router (Model: BEFW11S4) and I am wandering whats the best way and practise to secure my home wireless network?

This is what I have done:-

1) Changed default admin password
2) Disabled Wireless SSID broadcast
3) Enabled Block Anonymous Internet Requests
4) Switched on wireless security mode to WEP

I would like to protect the network from intruders who maybe around with wireless capability and use my network to surf the net and also protect the individual workstations.

On the desktops and workstations, the firewall is already configured but when I do a simple check with grc.com, I find that my port 80 is open. Do I have to disable that or should I leave it as it is ..?

Please advise. Thank you.

:D
 
Port 80 should be open since it's for HTTP and you are online using grc.com. It looks like you've done plenty to secure the network. I was going to recommend WEP, but you've already done it. :)
 
muzikool, thanks for your feedback.

i was previously using an artnet adsl router connected to an 8 port switch .. after i bought the linksys device, i connected the artnet adsl router into the linksys. so it becomes like a router connected to a router.

i took out the artnet adsl router and use back my original aztech adsl modem, run a check on grc.com and symantec.com and all ports are closed now.

is WEP the normal standard for securing our wireless network? honestly speaking how safe is the wireless network? : )

Hehehehe ..
 
dreamworks said:
honestly speaking how safe is the wireless network? : )

Hehehehe ..
Click to expand...



Wireless routers in my opinion are extremely unsafe no matter how
patched, locked, or hidden you are. anyone with some knowledge of linux
and with a program like snort, can cause havoc. that is why I'm still sticking
with a wired setup....BTW if you really want to feel more at peace
build yourself a honeypot server for added security. :)
 
Admiral Michael said:
what about MAC filtering?
Click to expand...

Excellent suggestion. I just read the original post and wondered why it wasn't there on the list. MAC filtering is actually one of your safest bets.

As tdinc mentioned, utilities like AirSnort can be used to crack WEP encryption. Now admittedly, this is unlikely since it takes quite a bit of time to crack the encryption key (we're talking days to weeks here, depending on the amount of data traffic, and whether you're using a 64 or 128-bit key). If anybody were to crack it, it would probably be one of your neighbors, or else you'd probably notice someone sitting in your front yard with a laptop for a few days.
laugh.gif


With MAC filtering on the other hand, the router maintains a list of MAC addresses that are allowed to connect to it. Any MAC address not on the list is denied access. Again, MAC address spoofing is possible, but the chances of anyone trying to gain access to your network knowing the MAC addresses of your wireless adapters is next to impossible.
 
muzikool said:
Port 80 should be open since it's for HTTP and you are online using grc.com.
Click to expand...

Actually, that's not quite true.
smile.gif

The GRC port scan checks if the port in question is open to incoming traffic, not outgoing traffic. Port 80 should be open to incoming traffic only if you're running an HTTP daemon like Apache/IIS etc.

@dreamworks: Check your router port forwarding settings to make sure than port 80 isn't being forwarded to any machines on the internal LAN, and that the DMZ option is disabled. If you're using a software firewall, it should be blocking port 80. If everything is setup correctly, you should see it marked as stealth on the GRC test, as in this screenshot:
 
I set up a friend's network with access limited to specific MAC addresses, so I don't know why I didn't think of it earlier. It's simpler than setting up WEP as well. Like NetRyder said though, the chances of cracking the encryption for WEP is unlikely. Wireless networks can be secure, so don't be too paranoid about it. ;)
 
the port 80 thing, is the wireless router/access point setup for "Remote Administration" as that would allow incoming traffic to port 80.
 
muzikool said:
I set up a friend's network with access limited to specific MAC addresses, so I don't know why I didn't think of it earlier. It's simpler than setting up WEP as well. Like NetRyder said though, the chances of cracking the encryption for WEP is unlikely. Wireless networks can be secure, so don't be too paranoid about it. ;)
Click to expand...
Well for *nix MAC address is software instead of hardware like on pc though .. so if someone knew a valid MAC on that list ... :p Ok I'm just being a pain.
 
:) Hehehe .. good suggestion.

I've just enable MAC filtering as well. Thanks for your suggestion guys.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 408 (members: 0, guests: 408)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back