Wireless best practices

Michael March mmarch at gmail.com
Mon Sep 18 01:23:16 MST 2006 

> A few points:
> 1) Cable modems provide no security, All Cable/DSL users should have a proper firewall (usually a Linux(or BSD)-based appliance or a dedicated Linux or BSD PC).
> 2) The Linksys WRT54G is OK in it's default config.  You should definitely break out the manual and go over it's settings to see if you can lock it down any further, since the default does allow a few not-good things to avoid breaking common applications.

No matter what version of of the WRT54G/GS you have, there is a
version of the optional DD-WRT firmware that will run on it. Its a
zillion times better than the stock firmware.

> 3) WEP is an instant hack, most wardriving tools break through it without even pausing.  If you want a secure wireless you need WPA2 (which isn't supported well in Linux), and even then DO NOT TRUST a wireless network, ever.
> 4) Do all sensitive tasks (financial, sensitive personal information, home video surveillance, etc...) from a machine with a wired connection only, preferably behind a second firewall to protect it from the wireless network.
>
> Example diagram attached.
>
> ==Joseph++
>
> FoulDragon at aol.com wrote:
> > I'm having cable put in, so I wanted to make sure my ship was as tight as
> > possible first.  Up til now, aside from a disasterous attempt to share a 56k
> > connection, the network has been for file and printer sharing only.
> >
> > Current Network configuration:  Two desktop PCs on wireless, one networkable
> > printer via Ethernet.  Possibly an on-again-off-again wireless laptop.
> >
> > Right now, I suspect IP numbers are being assigned by DHCP
> >
> > The router/hub/waffle iron is a Linksys WRT54G version 2.  Apparently very
> > popular.
> >
> > The network configuration:
> > -Two desktop PCs with $19 802.11g PCI cards.  Likely peak configuration will
> > be four desktops.  These PCs will be running Windows (2000 SP4 / XP
> > gold-master / 98SE o.O) at least part time.
> >
> > -One, possibly worst-case two laptops with 802.11 cards.
> >
> > -One HP LaserJet 5, hanging off Ethernet.
> >
> > Wireless security in place:
> >
> > WEP with a 112-bit key.  SSID changed from the default.  SSID broadcast
> > disabled.  MAC filter set to "allow specific cards only" and filled in with the two
> > PCI cards and one prehistoric PCMCIA 802.11b card I have in my near-dead
> > laptop.
> >
> > Is there anything else I should be doing to keep wardrivers at bay?
> >
> > And how do I set the WRT54G's firewall, both in terms of where are the
> > controls and what are reasonable values?
> >
> > Or is it moot and the "default" Cox modem the bloke is bringing also
> > supplants the router?  If so, are there a specific list of best practices for that
> > setup?
> >

More information about the PLUG-discuss mailing list