Best Practices - 1. Anything but stock firmware. Might I suggest that when you look at DD-WRT you also take a look at Open WRT ( http://openwrt.org ) which I like a lot. It's not for the faint of heart, but it will provide you with a really extensible router if you want that. 2. Don't broadcast SSID. Don't use a 'name' for an SSID. Make up something long and random. 3. Make sure your WPA2-PSK passcode is long and random. SSID/PSK hashes are fairly susceptable to dictionary attacks because people tend to use words and phrases. Just make sure you have this information stored somewhere that you can retrieve it if you need to. 4. Use Assigned IPs rather than DHCP. 5. Use MAC filtering / whitelisting. People can still spoof frames with your MAC addresses, but at least you're not sitting there with a sign that says "Please use my AP" 6. Use SSL/TLS/SSH for anything remotely important (You should be doing that anyways) 7. Run an *ix variant. 8. Block ALL ports at the edge firewall. Re-enable only the ones for services and programs you intend to use across the internet connection. Yes it's a huge pain. Yes, it's worth it. My 0x02 Good luck! Micah --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss