Wifi security

[lewmur]

I know anything can be hacked, but if I change the SSID and turn off broadcasting and then enable mac addressing, what are the odds of someone hacking into the router? This is in a residential neighborhood of single houses. No apt buildings around.Would I be honest in telling a client this is a safe situation?

[zlim]

Also be sure to turn off remote management. (That means no one using a wireless connection can get into the router, change the SSID and password and lock the person out of his own router).

[striker]

And change the routers password, the default one can be looked up through the net within seconds, also what router it is can be looked up very fast.Use WPA2, nothing less.The safest situation however is a wired connection, nothing beats that.

[Guest LilBambi]

That would likely be ok in a remote area without much traffic.If it was your own wireless router it would likely be fine because you would be on top of things.Will they be? Will they know if they are hacked? Will they even know what's possible and how to detect that? Most clients don't know and don't care. It would really depend upon the client I would think.Liz is right remote administration should also be turned off and UPnP.They need to be made aware that there are ways that only take less than a minute to find out the SSID just by analyzing the client traffic or using something like Kismet or other Wireless finders and Mac address cloning that even a router knows how to do -- it would be very short order to be able to make access of that open wireless hotspot.

[striker]

Yep, or in other words: just take the safe approach and don't use wifi.It's literally on the net to see within a couple of mouse clicks how to get in there, doesn't need any knowledge at all. So if the client just wants ease ... that's possible, but imo it's the wrong approach. The better approach would be building a personal fort knox these days.

[Jeber]

An additional step I take with wireless routers is to limit the number of IP addresses assigned by DHCP. If there are three computers on the network and a print server, set the maximum number of IPs to 5 (i.e. 172.16.1.101 through 172.16.1.106), or assign IPs to each device on the network. That will make it harder for a hacker to join the network, and easier to detect them if they do.

[lewmur]

That would likely be ok in a remote area without much traffic.If it was your own wireless router it would likely be fine because you would be on top of things.Will they be? Will they know if they are hacked? Will they even know what's possible and how to detect that? Most clients don't know and don't care. It would really depend upon the client I would think.Liz is right remote administration should also be turned off and UPnP.They need to be made aware that there are ways that only take less than a minute to find out the SSID just by analyzing the client traffic or using something like Kismet or other Wireless finders and Mac address cloning that even a router knows how to do -- it would be very short order to be able to make access of that open wireless hotspot.

I always change the router's password and turn off remote admin. But as to cloning the mac address, is it not true that if all of the enabled addresses are in use anytime the router is on, that another computer can't get in by cloning an address that is already in use? Edited December 22, 2007 by lewmur

[Guest LilBambi]

Patience is a virtue. Every computer has to boot occasionally.But yes, as Jeber said limiting the number along with the Mac Address Cloning does help quite a bit.

[lewmur]

Patience is a virtue. Every computer has to boot occasionally.But yes, as Jeber said limiting the number along with the Mac Address Cloning does help quite a bit.

But the user would know right away his router had been hacked in that case because he wouldn't have access. He'd know to immediately turn off the router. But I really don't see that happening. If he waits until his computer has finished booting before turning on the router, the chances would be slim to none that someone else could capture the mac before he did. I don't see how limiting the IP addresses would help. If someone knows enough to hack a mac (hey!! I'm a poet) they'd certainly know how to set a static IP.

[Ed_P]

But the user would know right away his router had been hacked in that case because he wouldn't have access.

Not necessarily. What he would know is one of his devices isn't working and the others are. So rather than disrupt everyone he would try to debug the failing device's problem. And that debugging could take hrs and many posts to forums seeking help.Depending on the hacker's intent the only thing he may have access to is the Internet and not all the files on the pcs connected to the router. And that may be all he wants.

[lewmur]

Not necessarily. What he would know is one of his devices isn't working and the others are. So rather than disrupt everyone he would try to debug the failing device's problem. And that debugging could take hrs and many posts to forums seeking help.Depending on the hacker's intent the only thing he may have access to is the Internet and not all the files on the pcs connected to the router. And that may be all he wants.

There are only two devices. If it doesn't work he can assume its hacked. But to make sure, I'm going to install a network traffic monitor. But like I said to begin with, I'm not looking for perfection. If someone is looking for a network to hack, I just want to make sure this is the one that will take the most trouble to access. There are too many unsecured network around for anyone to target this one particular one just for Internet access. Edited December 22, 2007 by lewmur

[goretsky]

Hello,You may wish to verify the residential gateway has the latest firmware installed on it in case there are any security holes in the current firmware. Usually this can be determined by checking the release notes for the firmware.Changing the IP address range and subnet mask assigned by the residential gateway may slow down a maliciously-minded individual who is trying to get into the network.If there are computers on the network which either do not need access to the Internet or only require limited access, setting their gateways or name server settings might limit their access to the Internet, and vice-versa. It might also be possible to disable the TCP/IP protocol and only rely on the older NetBEUI protocol. Generally, NetBEUI is not recommended because it is an insecure protocol, however, if your goal is to limit access to outsiders and not to internal users, that might help. Some experimentation would be needed in order to make sure everything still worked properly after changing the settings.Regards,Aryeh Goretsky

[zlim]

Removing the antenna also works but might have an affect on the computers needing to use the router from the remote corners of the house.