Securing your Home Network - Adequately.

[~Darkseeker~]

There's alot of talk about security these days, and alot of it is about securing your home network. Most of us don't have billion-dollar business spreadsheets stores in network shares or top-secret documents floating from host to host. To this end, a lot of this talk of stronger encryption for access points, hiding ESSIDs, MAC Filtering, and so on really is unnecessary when talking about HOME Networks. I Thought i might make a sort of 'guide' on how to do it without wasting effort and/or giving yourself headaches, but not leaving your network wide-open to outside intrusion. The worst case scenario for an unprotected network is that your neighbors start borrowing your bandwidth, but most people like to keep their neighbors out, for whatever reason. The dirty blighters should get their own internet!

Anyway, let's get on with it.

Encryption - As most people know, the WEP standard (Wired Equivalent Privacy) is now obsolete, as it was way to easy to crack. Generally most people use WPA, which is perfectly adequate for almost any network. Just make sure you use a good password.

Address Filtering - There really is no need for this on home network, it just ends up getting on your tits every time one of your friends brings his laptop or phone over and wants to use your wireless, and you have to find the MAC and add it to the list. Same thing every time someone in your house gets a new computer, xbox, ps3, phone or whatever.

ESSID Broadcastng - Leave it on. Disabling it just means you have to type it in to every device you want to connect to it, for the most part, Wi-Fi signals don't travel very far anyway, so neither will the SSID.

So, in a nutshell: Turn on WPA encryption, leave MAC filtering off and let the ESSID broadcast. There really is no need to overcompensate with security and cause endless headaches later on.

 

[~=o0no=~]

If you have set up a wireless signal then any MAC filtering is any way security through obscurity because MAC addresses are broadcasted so any one who has broken your encryption is any going to to sniff them out. I tried this my self when I cracked some ones wep encrzption and the person had MAC filtering enabled but I sniffed three of them and I was able to connect.

 

[J03]

If you have set up a wireless signal then any MAC filtering is any way security through obscurity because MAC addresses are broadcasted so any one who has broken your encryption is any going to to sniff them out. I tried this my self when I cracked some ones wep encrzption and the person had MAC filtering enabled but I sniffed three of them and I was able to connect.

Just to clarify - he is talking about sniffing the MAC addresses, and then spoofing the hardware address of his WLAN adapter with the MAC of a machine that has already connected to the network.

I think.

 

[Warren1]

I believe that one of the most important things to do with a new home network is to change the admin password at 192.168.1.1. I mean, "admin" "admin" is not that hard to crack, and if someone messes with your administrator settings, it will cause a whole lot of trouble.

 

[~=o0no=~]

Just to clarify - he is talking about sniffing the MAC addresses, and then spoofing the hardware address of his WLAN adapter with the MAC of a machine that has already connected to the network.

That is not hard to do at all and that is because MAC addresses filtering is just security through obscurity and you should not rely on it for strong security. If you want to take the next step you may want to look at this: DHCP snooping - Wikipedia, the free encyclopedia

 

[J03]

That is not hard to do at all and that is because MAC addresses filtering is just security through obscurity and you should not rely on it for strong security. If you want to take the next step you may want to look at this: DHCP snooping - Wikipedia, the free encyclopedia

Yeah - I'm aware of MAC spoofing, and how that can get around MAC filtering. I didn't know about DHCP snooping - thanks!