Wireless best practices

FoulDragon at aol.com FoulDragon at aol.com
Mon Sep 18 12:26:15 MST 2006 

In a message dated 18.Sep.2006 10.44.23 US Mountain Standard Time, 
micahdj at gmail.com writes:

>1. Anything but stock firmware.  Might I suggest that when you look at
>DD-WRT you also take a look at Open WRT ( http://openwrt.org ) which I
>like a lot.  It's not for the faint of heart, but it will provide you
>with a really extensible router if you want that.

I wish they'd invent a firmware which would improve the dead spots. :)

>2. Don't broadcast SSID. Don't use a 'name' for an SSID. Make up
>something long and random.

My SSID is an obscure proper noun with only 2450 Google matches, not a family 
name or anything similar.

>3. Make sure your WPA2-PSK passcode is long and random. SSID/PSK
>hashes are fairly susceptable to dictionary attacks because people
>tend to use words and phrases.  Just make sure you have this
>information stored somewhere that you can retrieve it if you need to.

I have the devil's own time getting WPA working.  I suppose it *could* be 
because it's apparently only supported by the tool in XP/SP1.  I'll have to go 
back to the manufacturer-supplied control utility, I guess.


>4. Use Assigned IPs rather than DHCP.

Is this so an intruder would stand out in logs, or so that my printer will 
stay in place if I change network topology, or both?

>5. Use MAC filtering / whitelisting.  People can still spoof frames
>with your MAC addresses, but at least you're not sitting there with a
>sign that says "Please use my AP"

Been that way for months.

>6. Use SSL/TLS/SSH for anything remotely important (You should be
>doing that anyways)

You mean I shouldn't just send my charge plate number to everyone over 
nonsecure sites?.

Hmm... interesting thought for a Firefox extension... if you enter a string 
of 16 digits in a non-secure web form, it automatically slaps you in the face 
as a warning.

>7. Run an *ix variant.

I don't think Mom's ready for Slackware.

>8. Block ALL ports at the edge firewall.  Re-enable only the ones for
>services and programs you intend to use across the internet
>connection.   Yes it's a huge pain. Yes, it's worth it.

Given the way the other users in the house are baffled by networking in the 
first place (see 7), I'd think it would save me a LOT of being whined at if I 
could start with a blacklist of known problems mindset.

More information about the PLUG-discuss mailing list