Re: home wireless router good practices for security

[Jimi Thompson <jimit () myrealbox com>]

Steve wrote:

> So I went out and purchased a wireless router (Linksys 802.11b) for home
> since it was so inexpensive and actually less cost than the wireless access
> points I was trying to get via eBay.  Got it home, installed my wireless
> network card (SMC), powered on the router, attached it to a port on my other
> wired linksys router, and boom it worked great.  Then about 5 minutes after
> I sent an instant message to my neighbor (fellow IT friend) he was on my
> network.  So I took the steps that Linksys recommends below, seems good (to
> me).
>    Change the default SSID
>    Disable SSID Broadcasts
>    Change the default password for the Administrator account
>    Enable WEP 128-bit Encryption
> Linksys also recommends these other measures, I have not implemented:
>    Enable MAC Address Filtering
>    Change the SSID periodically
>    Change the WEP encryption keys periodically.
>
> My Questions:
>
> 1) Anyone know how much enabling 128-bit encryption will hurt my wireless
> performance?
>  
My experience is that this is not noticeable on a home network.  My 
wireless LAN uses 2048 bit keys to encrypt traffic.  I have about 12 
users and I've had no complaints as yet.

> 2) Does setting the SSID for my wireless NIC then keep me from getting onto
> other wireless networks like when traveling?  I ask since that setting was
> set to ANY before I changed it to the SSID that I set for my wireless
> router.
>  

That would depend on the OS of the device.  For example, Windows XP is 
generally pretty good about locating and attempting to attach to any 
wireless lan that it can get the SSID for.  Windows 98 or 2000 might be 
a bit more problematic.  Mac's would be less so. 

> 3) What else should I really do to protect my home network?
>  

1) Run Windows update on every Windows based PC you own or operate every 
month - even if you aren't running Windows, INSTALL YOUR PATCHES
2) Install a good Firewall
3) If you're really paranoid, put the Wireless router on the "dirty" 
side of the firewall and use VPN to connect to internal stuff.
4) Check with the makers of all of your network devices for new firmware 
and software upgrades and install them on a regular basis - consider it 
an "oil change" for your network
5) Run antivirus software on any Windows-based PC
6) Run some anti-spyware as well

HTH,

Jimi

> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>
>
>  


---------------------------------------------------------------------------
----------------------------------------------------------------------------