Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!
Securing SOHO Wireless Networks
- 2
- Add a Comment
- No Related Post
An email has just turned up in my inbox with the above heading - having just gone through a process of having to reconfigure my son’s wireless setup (he likes to play) I decided to take a read.
Here’s the full article but be warned it is quite lengthy.
It is summarised at the end with the 22 points the author thinks you should heed and I re-create those here:
- Update the firmware on the AP and on all of the STAs.
- Change the administrator’s password to a very complex one that you can remember and or document.
- If the AP allows you to do so, change the name of the administrator’s account.
- Disable DHCP on the LAN side of the AP and use Static IP addressing on the STAs.
- Change the default IP address of the AP to something that will work for your STAs.
- Use the strongest authentication and encryption that the AP and STAs can all use.
- Turn off the broadcasting of the SSID in the Beacon frame.
- Use a non default SSID that neither identifies you, your business, your location, or the location of the AP.
- Place a space or two at the end of the SSID. (War Drivers will not see them)
- Implement a MAC filter allowing only your STAs to connect.
- Turn the transmit power down on the AP to just what is required for desired coverage.
- Use a non-overlapping channel, preferably not channel 6.
- Change your PHY to 5GHz if possible.
- Use Anti-Spyware on your STAs.
- Use a personal firewall on the STAs.
- Use end point protection software if possible.
- Install the AP in a physically safe location.
- Do not disclose your configurations to others.
- Limit the number of allowed associations to just your STAs.
- When not in use, turn off the AP.
- If there is a breach in security, change all security settings as soon as possible.
- If you are unable to configure the AP securely, consult a trained and certified professional to do so on your behalf.
Some of these are just downright obvious (#6, 17), well they are to me and others I don’t totally agree with (#7, 20) but hey the author works for AirDefense so what do I know?
Anyway - would be interested in your responses and whether you agree or not with the above?
[tags]AirDefense, SOHO, wireless, cwnp[/tags]
2 Comments
bencarroll
October 15th, 2007
at 1:43pm
I don’t necessarily switch off SSID broadcasting, especially when configuring networks for other home users. Non tech savvy people expect to see the network in the list of avilable networks and it would confuse them otherwise, leading them to play about with the router etc. I do however disable it for business clients in which I am responsible for connecting all new equipment, this reduces the temptation for nearby businesses to try and crack the network, although once again, this depends on how much they know.
shausha
October 15th, 2007
at 6:27pm
Ben - I can go with that, but for me not turning off SSID broadcast is much more fundamental. It achieves precisely nothing. Every beacon packet the AP sends out includes the SSID in it so anyione near enough is going to see it whatever!