Protection for wireless networks

Refefer

audiobliss wrote: »

Should I just use something like this for the password?

That's a little hardcore. It would work very well, but it's almost too hardcore IMO. I really think a passphrase of sufficient length with some numbers intertwined would be the best way to go: Easy to remember for adding other computers to the network, sufficiently convoluted to prevent dictionary hackers to have success.

audiobliss

avguytx wrote: »

So that should work for pretty much any router no matter what the brand? I thought I'd check mine to see what settings are on it but it says "problem loading page" on Firefox and on IE, it kind of does the same thing but goes to some kind of search page.

Yeah, I got that same error. Enter JUST the numbers (and decimals) into the search bar.

I.E. 192.168.1.1

That worked for me.

Strong Bad

Some best practices...

Under Wireless - Basic Wireless Settings, change the SSID (to whatever you want to call it) and Disable SSID broadcast. Write the SSID down. You'll need to know it.

Wireless Security, choose WPA2 Personal and create a long **** password with caps, lowercase, numbers and some other characters (like the @ or other symbols). I personally have a 21 character key. Write it down!

Under Security Tab, make sure the Firewall is enabled.

Under Setup - Basic Setup, limit the number of DHCP addresses to the number of PC's that connect to it. You can also change the last octet of the DHCP scope to, say, 100. This is what I did. It's the STARTING IP ADDRESS feature. It will say 192.168.1.100 in there if you change it.

Above all, each time when you make a change to something, click SAVE SETTINGS on that page before navigating to another.

MAC Address filtering is fairly easy if you know how to get the MAC address off your machine.

John

audiobliss

Refefer wrote: »

That's a little hardcore. It would work very well, but it's almost too hardcore IMO. I really think a passphrase of sufficient length with some numbers intertwined would be the best way to go: Easy to remember for adding other computers to the network, sufficiently convoluted to prevent dictionary hackers to have success.

I think I might just go for it. I have a 64MB flash drive I never use anymore. I'll just label it and keep it for this one code.

audiobliss

Strong Bad wrote: »

Under Setup - Basic Setup, limit the number of DHCP addresses to the number of PC's that connect to it. You can also change the last octet of the DHCP scope to, say, 100. This is what I did. It's the STARTING IP ADDRESS feature. It will say 192.168.1.100 in there if you change it.

When you say the number of computers connected...is that just the wireless ones, or total?

Thanks!

Serendipity

Refefer wrote: »

That's a little hardcore. It would work very well, but it's almost too hardcore IMO. I really think a passphrase of sufficient length with some numbers intertwined would be the best way to go: Easy to remember for adding other computers to the network, sufficiently convoluted to prevent dictionary hackers to have success.

I personally think it's cooler to use a scrambled word as your passphrase, plus it's more comical.

For example, I use a scrambled version of "digital video adventure damn XP PCs serendipity" for a passphrase. Way cooler than a random # generator...

Serendipity

audiobliss wrote: »

When you say the number of computers connected...is that just the wireless ones, or total?

Thanks!

Total.

audiobliss

Ok, I just added that password, clicked on save settings, and it says my group key renewal interval is invalid (I didn't change it...it was on 0). It says it has to be between 600 and 7200.

Refefer

audiobliss wrote: »

When you say the number of computers connected...is that just the wireless ones, or total?

Thanks!

It's total. I'm not sure if that would be sufficient in limiting the total number of clients connected to your router, but it would certainly make it a lot harder for them. MAC address filtering is the best route to go.

bigaudiofanatic

the linksys should make a randum key for you that what I did for my parents.

audiobliss

appadv wrote: »

Total.

Thanks.

Refefer

audiobliss wrote: »

Ok, I just added that password, clicked on save settings, and it says my group key renewal interval is invalid (I didn't change it...it was on 0). It says it has to be between 600 and 7200.

3600 is the way to go. You don't want it to be too short or too long. That should be good.

Strong Bad

audiobliss wrote: »

When you say the number of computers connected...is that just the wireless ones, or total?

Thanks!

Total number of PC's connected, wireless and hard wired.

avguytx, what brand of router you have? I know the old D-Link I used to have had an address of 192.168.0.1. Brands do vary, so give that one a shot.


John

Refefer

Strong Bad wrote: »

Total number of PC's connected, wireless and hard wired.

avguytx, what brand of router you have? I know the old D-Link I used to have had an address of 192.168.0.1. Brands do vary, so give that one a shot.


John

With that note, my belkin I used to have had an ip address of 192.168.2.1, so if the other don't work, it might be worth a try.

audiobliss

Dang, the number of addresses is set to 50 by default! :eek:

avguytx

Mines a Belkin F5D7320.4 and is maybe under 2 years old I think.

Edit: F5DY230-4. Can't read well upside down...

Refefer

avguytx wrote: »

Mines a Belkin F5D7320.4 and is maybe under 2 years old I think.

Try 192.168.2.1

Strong Bad

Refefer wrote: »

It's total. I'm not sure if that would be sufficient in limiting the total number of clients connected to your router, but it would certainly make it a lot harder for them. MAC address filtering is the best route to go.

Thats just in case some numbskull that may be trying to get in didn't think to set a static IP on his machine. I may actually turn off DHCP and set static IP's on all of my machines.

Hmm, this thread got me thinking...

Good thread!


John

avguytx

Refefer wrote: »

Try 192.168.2.1

That did it. I remember it being that now...duh.

Also, I went to their website and it looks like there are a lot of firmware updates for my router. I guess I better do those before I mess with anything. Or, is it the old like "if it ain't broke, don't fix it"?

audiobliss

Ok, slight problem, perhaps. I finished setting everything up on the router via my wired desktop, and went to change everything on Mom's wireless desktop.

I selected our network and clicked on properties, and in the drop down box for data encryption, the only two options are disabled and WEP.

So does that mean I can't go with WAP?

Refefer

audiobliss wrote: »

Ok, slight problem, perhaps. I finished setting everything up on the router via my wired desktop, and went to change everything on Mom's wireless desktop.

I selected our network and clicked on properties, and in the drop down box for data encryption, the only two options are disabled and WEP.

So does that mean I can't go with WAP?

It means you need to update the drivers for the wireless card. Time to put that flash drive to work.

Strong Bad

audiobliss wrote: »

Dang, the number of addresses is set to 50 by default! :eek:

Yeah, alot of the default settings will make you go :eek:

Limiting the addresses is not major security, but every little bit helps. MAC Filtering is a biggy.

The newer Linksys routers have an interactive setup CD now that takes you through setting up the router, including wireless encryption. Guess they figured out that alot of people had no idea how to even get into the thing and if they did, had no idea of what to set and set it to.

John

bobman1235

Refefer wrote: »

It means you need to update the drivers for the wireless card. Time to put that flash drive to work.

May not be possible. Some older cards do not support WPA at all. Aside from upgrading the card, yes, it means you're stuck wtih WEP for now.

Strong Bad

avguytx wrote: »

That did it. I remember it being that now...duh.

Also, I went to their website and it looks like there are a lot of firmware updates for my router. I guess I better do those before I mess with anything. Or, is it the old like "if it ain't broke, don't fix it"?

Nahh, go ahead and update it. Follow the instructions! Usually you just download the update, go into the router, choose update firmware and point the router to the file. You must be a wired connection or you risk bricking the router (aka, effing it up!).

The new firmware should give you the latest wireless encryption types (WPA2) and other fixes.

John

audiobliss

I'm currently downloading and then going to install new drivers for that wireless adapter. If that won't work....I'll think of something else...

audiobliss

Hahaha, no WPA2 here with the new firmware. The latest firmware update for our router was posted in 2005! I guess it is an old router! :eek:

avguytx

Refefer wrote: »

3. Change it to WPA2 Personal, and enter a password. You will need this password for every computer that wants to connect to the router, so don't forget it.

In a pull down menu, mine gives options for "WPA-PSK" (no server), 128bit WEP, 64bit WEP, and WPA with Radius Server. What's the recommendation here? I think it was set to the first option.

The first one has this info beside it...."WPA-PSK (no server)
Wireless Protected Access with a Pre-Shared Key: The key is a password, in the form of a word, phrase or series of letters and numbers. The key must be between 8 and 63 characters long and can include spaces and symbols. Each client that connects to the network must use the same key (Pre-Shared Key)."

Refefer

avguytx wrote: »

In a pull down menu, mine gives options for "WPA-PSK" (no server), 128bit WEP, 64bit WEP, and WPA with Radius Server. What's the recommendation here? I think it was set to the first option.

WPA-PSK.

avguytx

And give it a long **** funky password? The desktop PC won't have to have that will it? It's hardwired to the router.

It also gives a pull down menu for 2 choices. One is "TKIP" and the other is "AES". It's set to the first.

Refefer

avguytx wrote: »

And give it a long **** funky password? The desktop PC won't have to have that will it? It's hardwired to the router.

When you try to connect to it for the first time from a computer via wireless, it will ask for the password.