Wi-Fi security using linux-based router

John Schember j5483 at yahoo.com
Tue May 15 09:58:26 MST 2007


Like that links says a third party firmware (DD-WRT or OpenWRT) are
required if you want more functionality than it comes with.

As far as securing your wireless network:

* Use WPA2 with AES encryption.
* Use a random key, grc.com[1] has a very good one.
* Rotate your key month at a minimum.
* Turn down the transmit power on the router to the point that the
signal does not reach outside any area you would connect from.
* Use a Mac filter.
* Use a good rule set for Iptables.
* Use static IP addressing.
* If the firmware allows it divide the wireless and wired lan into
different segments (different address ranges) to better control what the
wifi can access. This with static IP addressing will allow you to add
Iptables rules that prevent devices on the wireless portion to access
devices on the wired. This is still possible with the same address range
on wired and wireless but having them separate is a bit easier.

John

[1]https://www.grc.com/passwords.htm


On Tue, 2007-05-15 at 09:34 -0700, vodhner at cox.net wrote:
> About a month ago I bought a Linux-based Linksys wireless router,
> WRT54GL v1.  By the way, as I approached the Linksys shelf at
> Fry's (Northwest Phoenix) it was the first box I came to ... didn't
> have to search.
> 
> Are there any interesting things I can install on it, to improve the
> security of my wireless network?
> 
> I found one link right away, which I haven't looked at yet:
> 
> http://www.sns.ias.edu/~jns/wp/2006/03/24/iptables-on-a-linksys-cisco-wrt54gl-broadband-router-howto/
> 
> I'm just fishing for any pointers or recommendations that will give
> me a boost.  I'm specifically interested in controlling what wireless
> connections can see, and maybe limiting access to specific PCs.
> 
> Thanks,
> 
> Vic
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



More information about the PLUG-discuss mailing list