Re: Wireless best practices

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMicah DesJardins at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: FoulDragon@aol.com
Date:  
To: plug-discuss
Subject: Re: Wireless best practices
In a message dated 18.Sep.2006 10.44.23 US Mountain Standard Time,
writes:

>1. Anything but stock firmware. Might I suggest that when you look at
>DD-WRT you also take a look at Open WRT ( http://openwrt.org ) which I
>like a lot. It's not for the faint of heart, but it will provide you
>with a really extensible router if you want that.

I wish they'd invent a firmware which would improve the dead spots. :)

>2. Don't broadcast SSID. Don't use a 'name' for an SSID. Make up
>something long and random.

My SSID is an obscure proper noun with only 2450 Google matches, not a family
name or anything similar.

>3. Make sure your WPA2-PSK passcode is long and random. SSID/PSK
>hashes are fairly susceptable to dictionary attacks because people
>tend to use words and phrases. Just make sure you have this
>information stored somewhere that you can retrieve it if you need to.

I have the devil's own time getting WPA working. I suppose it *could* be
because it's apparently only supported by the tool in XP/SP1. I'll have to go
back to the manufacturer-supplied control utility, I guess.


>4. Use Assigned IPs rather than DHCP.

Is this so an intruder would stand out in logs, or so that my printer will
stay in place if I change network topology, or both?

>5. Use MAC filtering / whitelisting. People can still spoof frames
>with your MAC addresses, but at least you're not sitting there with a
>sign that says "Please use my AP"

Been that way for months.

>6. Use SSL/TLS/SSH for anything remotely important (You should be
>doing that anyways)

You mean I shouldn't just send my charge plate number to everyone over
nonsecure sites?.

Hmm... interesting thought for a Firefox extension... if you enter a string
of 16 digits in a non-secure web form, it automatically slaps you in the face
as a warning.

>7. Run an *ix variant.

I don't think Mom's ready for Slackware.

>8. Block ALL ports at the edge firewall. Re-enable only the ones for
>services and programs you intend to use across the internet
>connection. Yes it's a huge pain. Yes, it's worth it.

Given the way the other users in the house are baffled by networking in the
first place (see 7), I'd think it would save me a LOT of being whined at if I
could start with a blacklist of known problems mindset.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Wireless best practicesRe: Faking out web servers->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)