| View previous topic :: View next topic |
| Author |
Message |
Spawn of Lovechild
Apprentice
Joined: 03 Feb 2004
Posts: 253
Location: Århus, Denmark
|
|
| Back to top |
|
 |
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
 Posted: Thu Mar 11, 2004 1:21 pm Post subject: |
 |
|
Some toughts: if you go wireless, don't expect to get much more than 20Mbps real speed... the 802.11g standard does indeed give 54Mbps, but that's raw, without all overhead and wireless handshaking.
As you said, as soon as you go wireless, you have an open network. However if you configuer it well it can get better:
- Don't transmit the SSID. This is an information a client NEEDS to know to log on. Setting this option will make the access point (router) not broadcast it. A hacker can however still sniff the air and grab the SSID when one of your clients log on.
- switch to a non-default channel. This will not help much... but it might stop the interference from neighbouring WLANS
- {I can't believe I have to say this} CHANGE THE DEFAULT PASSWORD of your router to something difficult
- add WEP. This gives an additional layer of security. To be realy sure it works, you need to change (automaticaly or manualy) the WEP key daily. By just sniffing a busy-WEP-WLAN you can distillate the WEP key in about a week.
Those are specific WLAN items. you can also add VPN support and other kinds of encryption.
about the hardware: Sorry, i don't know enough about them to give good advice |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Thu Mar 25, 2004 2:00 am Post subject: |
|
|
for an accesspoint i got a Netgear WG602 v2, it has some interface bugs so i can only change certain things with IE  but other than that it's great with WPA support too.
For a Card get an Orinoco chipset card, they are the best and easyest to work with.
Security:
Enable Mac Address Filtering.
Enable WPA (Connection denied unless correct password is specified, this can be stored on the laptop so i just ran /dev/urandom into hexdump, added some capitals and had a nice long 30 char password (i think it can take something like 86 characters). That will keep people out of the network.
Enable WEP to prevent info being intercepted.
Broadcasting SSID will not matter with WPA enabled, feel free to broadcast a cool'ly named SSID, mine is Rlyeh from Midian Mythology.
Have Wireless Fun! if your paranoid put the AP in a DMZ, and for jebus's sake change the password!!! |
|
| Back to top |
|
|
MacMasta
Guru
Joined: 18 Apr 2002
Posts: 545
Location: Anchorage, AK
|
| Posted: Thu Mar 25, 2004 2:22 am Post subject: |
|
|
Remember that WEP is only trustworthy if you can guarantee that nobody will be able to sniff much data; it's weak against large-dataset attacks, so breaking it isn't that terribly fast.
And IPSec is your friend...get happy with ssh tunnels, and you're as secure as can be.
~Mac~ |
|
| Back to top |
|
|
viperlin
Veteran
Joined: 15 Apr 2003
Posts: 1319
Location: UK
|
| Posted: Thu Mar 25, 2004 9:59 am Post subject: |
|
|
the probability of me generating enough IV WEP packets is a bit incorrect for just a 1 person user, that would take months to crack with the amount of traffic i use (occasionally slashdot, mainly used for instant messaging, it's a 233Mhz laptop.....)
today i hope to be placing the accesspoint in a DMZ, with a port 22 pinhole to my main PC and my server, therefor the only connections allowed to my LAN are port 22's  |
|
| Back to top |
|
|
Sir_Chancealot
n00b
Joined: 08 Jan 2004
Posts: 63
|
| Posted: Fri Mar 26, 2004 3:00 am Post subject: |
|
|
Go with the Netgear. I haven't used the wireless features, but I have put enough of them in for people to know that they are the best quality at the price you are looking at. I actually have some Netgear Firewalls running at some business sites. Believe it or not, one site switched out from a PIX firewall because of the issues we were having. The Netgear firewall I currently used has been on continiously for about 90 days now (battery backup! ), and I haven't had any problems.
I cannot say enough good things about Netgear when you don't want to spend large amounts of money.
Whatever you do, DO NOT buy D-Link or Linksys, because I have had nothing but trouble from them (and I've put in a LOT of low-cost routers/firewalls for smaller clients).
Oh, one other thing. Don't try and complicate your network by adding a DMZ. I thoroughly explained why a DMZ doesn't offer that much more protection for the type of setup that you have in another thread, so I will only repeat a very small portion of it here. Suffice it to say that if you need to access the server setting in the DMZ from behind the firewall, it's much better to just put it behind the firewall, and use port-forwarding to the server.
I've installed 4 Netgear router/firewalls recently, and there hasn't been one complaint. |
|
| Back to top |
|
|
xmit
Apprentice
Joined: 02 Apr 2003
Posts: 158
Location: Hamburg, Germany
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
