New_scooby_04

iTrader: (4)

Hi All,

I'm new to wireless networking and was just wondering if anyone culd advise my on what I need to do to ensure that my network is secure.

I have, at the moment, just a single laptop connected to my router (A Vigor 2800G) Windows VIsta says my Network is secured (I used WPA2) and I have the router firewall (I'm not sure how to configure this, but it appears to be working) Vista firewall, which reports all ok and Norton Internet security (which is happy). I've also hid my SSID....seemed like a good thing to do at the time! :-)

Am I secure? Is there anything else I should do to protect myself? Novice level advice only please! :-)

Thanks for any advice offered.

mike1210

how long is your password, a short one is pointless. Use a long 64 character password if possible

Generate a Secure Password - kurtm.net

Hiding a SSID doesn't really give any security benefit, but if it makes you feel happy

oh and as far as internet security goes, Kaspersky would get my vote, Nod32 for just Anti-virus

mike1210

as far as the Router, is remote managment on? If so have you changed the default password on the router to a complex password

Bad = scooby
Good = $coobyDo24+?wer

PeteBrant

If you are using WPA then you are fairly secure - If someone really really wanted to stand outside your house and hack in to your network they probably could in a few hours, but for all intents and purposes you are secure, yes.

New_scooby_04

iTrader: (4)

Excellent, that's what I wanted to know mate! I don't have to go too daft with security measures: I just want to deter the casual hacker and keep people off my network!

To some extent having military grade security might suggest you have something particularly valuable and give the pros reason to attack you, if only for the challenge!

I just want to keep the odd transaction secure and stop people from seeing how much time I spend on SN!!

Ns04

jpor

iTrader: (1)

You could always limit the connection to MAC address of the network card. Thats what I've done on my Draytek.

shanea

as jpor says, if you do that then your router wont broadcast itself to the world

mike1210

SSID steahtling and MAC filtering are 2 different things

Sonic'

Dont hide your SSID, its more of a security risk if you do

Especially with Windows Vista, because it cant find a broadcasted SSID, what Vista does is broadcasts your entire wireless settings out instead, nice on MS

New_scooby_04

iTrader: (4)

Excuse my ignorance, but how do I do that mate?

I've found the relevant settings page, but I don't understand the information being requested.

Ns04

SinghSuperStud

iTrader: (2)

New_scooby_04:

you need the mac addresses of all network adapters on your network, either ethernet or wireless. TO do this go to a DOS prompt and type in ipconfig/all and it'll give you the info you need.

You'll then need to make a note of each MAC address and add it to the page you've found on your router config.

InvisibleMan

i thought hiding your SSID was a good idea its not broadcasting your network name to the hacker? (is this just a vista problem? using xp)

Sonic'

I think it is just in Vista, it is talked about on Microsoft's site specifically under the Vista bit (I will try and find the link again)

But basically MS say don't hide your SSID as it is more of a security issue, agreed not broadcasting your SSID means that some hacker can't see it as such, but then your wireless adapter is broadcasting out a lot more than the SSID

Sonic'

Actually re-reading the articles, it looks like it is only the SSID that the client is broadcasting

Wireless security consists of two main elements: authentication and encryption. Authentication controls access to the network and encryption ensures that malicious users cannot determine the contents of wireless data frames. Although having users manually configure the SSID of a wireless network in order to connect to it creates the illusion of providing an additional layer of security, it does not substitute for either authentication or encryption.

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks. When non-broadcast networks are used to hide a vulnerable wireless network—such as one that uses open authentication and Wired Equivalent Privacy—a Windows XP or Windows Server 2003-based wireless client can inadvertently aid malicious users, who can detect the wireless network SSID from the wireless client that is attempting to connect. Software that can be downloaded for free from the Internet leverages these information disclosures and targets non-broadcast networks.

This behavior is worse for enterprise wireless networks because of the number of wireless clients that are periodically advertising the non-broadcast network name. For example, an enterprise wireless network consists of 20 wireless APs and 500 wireless laptops. If the wireless APs are configured to broadcast, each wireless AP would periodically advertise the enterprise’s wireless network name, but only within the range of the wireless APs. If the wireless APs are configured as non-broadcast, each of the 500 Windows XP or Windows Server 2003-based laptops would periodically advertise the enterprise’s wireless network name, regardless of their location (in the office, at a wireless hotspot, or at home).

For these reasons, it is highly recommended that you do not use non-broadcast wireless networks. Instead, configure your wireless networks as broadcast and use the authentication and encryption security features of your wireless network hardware and Windows to protect your wireless network, rather than relying on non-broadcast behavior.

suba

if for the moment only 1 PC is going to be connected to the 2800G router, then secure it further with MAC address filter (Wireless LAN/Access Control) and also limited the amount of IP address (in LAN/General Setup/IP Pool Counts).