Best Practices -
1. Anything but stock firmware. Might I suggest that when you look at
DD-WRT you also take a look at Open WRT (
http://openwrt.org ) which I
like a lot. It's not for the faint of heart, but it will provide you
with a really extensible router if you want that.
2. Don't broadcast SSID. Don't use a 'name' for an SSID. Make up
something long and random.
3. Make sure your WPA2-PSK passcode is long and random. SSID/PSK
hashes are fairly susceptable to dictionary attacks because people
tend to use words and phrases. Just make sure you have this
information stored somewhere that you can retrieve it if you need to.
4. Use Assigned IPs rather than DHCP.
5. Use MAC filtering / whitelisting. People can still spoof frames
with your MAC addresses, but at least you're not sitting there with a
sign that says "Please use my AP"
6. Use SSL/TLS/SSH for anything remotely important (You should be
doing that anyways)
7. Run an *ix variant.
8. Block ALL ports at the edge firewall. Re-enable only the ones for
services and programs you intend to use across the internet
connection. Yes it's a huge pain. Yes, it's worth it.
My 0x02
Good luck!
Micah
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)