wifi security discussion

So far I have been able to secure my wife network by filtering MAC addresses, and using a 64bit WEP encription. It is the only encryption that will work with my step son's old laptop which using a wireless B card (with the latest driver installed). Now I am considering disabling DHCP. Is it worth the trouble? I can find sites online on how to do this for windows and mac (my wife uses a mac). But will it cause problems for devices like my mobile phone or the Wii.

Also, I have charter cable internet, and I read that they won't allow you to have a static IP unless you have a business account. Is this true, and is it related to what I am attempting?

Also, If I seriously screw up, is there a way to reset my netgear router to the factory settings?

 

Here are cat5e's suggestions for wireless security - Link

cat5e's take on DHCP is to limit the scope (or number of leases) to the actual of number of devices that you will have connected to your router.

The static IP that charter is referring to is the IP assigned to you by charter itself. (Public side of the router)
The static IP that you want to assign are the IP's assigned by you in each machine's configuration. (Private side of the router.) Depends on the device as to how each one gets an IP address.

If you have the model and version numbers of the netgear router, you should be able to go to their support pages to find a manual with the procedure to reset to factory defaults.

Do you have a unique log on name and password to access the router configuration pages? That would be another layer of security.

 

{quote=ibmest]Do you have a unique log on name and password to access the router configuration pages? That would be another layer of security.[/quote]

Yes, the password is different, I turn off remote access. Can't change the user name locally.

 

If I use the DHCP reservation feature, could this make it more secure too? With this feature, I can decide that a certian mac address will recieve a certain IP address. How can I completly disable file sharing? Is channel 11 the best channel? Most wifi networks use this channel by default. Would that mean it's crowded?

 

mac filter is a good place to start. no one can even connect your wireless unless their mac is in the filter. also disabling the broadcast of your ssid helps too.

dhcp, or lack thereof, isnt really going to help protect your network. anyone can guess what ip addressing scheme you use and set their static ip accordingly. 192.168.x.x is the more commonly used ip scheme for private networks. then with that, you can try either a 192.168.0.x or 192.168.1.x which is also more commonly used. the x doesnt matter really. all that matters is that the number is from 1 to 254. so 192.168.1.1 - 254. reserving an address in the dhcp scope only makes sure dhcp doesnt hand out the address to another computer giving you an ip conflict when you use static ips.

The channel on your wireless is used to help prevent interference. channel 11 isnt the "best" channel. it is just one of the 3 channels that will be isolated from one another. meaning if you have 3 access points, you use 1, 6 , and 11 for non overlapping frequency ranges. yes, it could be crowded if all your neighbors use wireless and are on channel 11. if that is the case, you can change your channel to 1 or 6 to be isolated from the others.

 

My router does give me the option to completely change my IP address.

 

youll be ok with your mac filter and wep security. if you wanted to take the extra step and disable your ssid broadcast, you could. i just have a mac filter and wep on my AP at home and so far it has proven to work fine.

 

I tried disabling the SSID broadcast, but my step's old laptop won't pick it up. I'm starting to realize that having the old laptop is a security risk. I've that the FBI can crack WEP in 3 minutes.

Are there certain ports that I can close off? Currently I have the windows firewall disabled. Does this put me at risk? What is the best firewall software free or licensed?

 

yeah, anyone can crack wep. i actually read a post that was later revised on slashdot about someone cracking the encryption algorithm on WPA. it turned out to be misinterpreted by the poster.

anyway, your mac filter is going to add the security by not allowing people to connect whose mac address is not added by you. there is no way that i know of to get around that, as the access point will not connect with a computer that isnt in the mac filter. you dont need to start closing ports. there are many free software firewalls out there. comodo is a good one. your neighbors are really the only ones that would be able to use your wireless. and kids driving around trying to find open wireless connections.

stick with your mac filter, WEP or WPA if you have it. WPA is a lot more secure. you can download comodo firewall for free from a number of sites. im sure MGs has it for you to download as well. the old laptop is not a security risk to your home network.

 

i dont know tim, mine has 50. its a stand alone access point though. i havent used those home router/switch/ap deals in a long time.

 

i use linksys WAP54G at home and work, FYI.

 

lol dogs the new form of network security? its worth a shot. keeps the "wardrivers" at bay.
are you looking at the wireless tab at wireless mac filter and you only see 3 slots to put a mac in??

 

There are ways around mac filtures, but i can't seem to find the articles i read about it. But it is not an easy task and requires lots of wireless traffic to do, as does most method of cracking wep or wpa. Basiculy it would take months for a low traffic (ie home) network to gather enough data to crack wep or wpa.