Someone guide me to a perfect WiFi Security Setup.

I need a perfect WiFi Security setup so when I run my box on WiFi I feel protected.
What software should I run in order to protect my network from intruders and what software to run for Intrusion Detection System?

Also what WiFi router is most secure?

Also how is BlackIce?
Does it still homephone? And does it detect Wifi hacks?

 

What type of hardware do you have for WiFi?

 

None yet that is why I am asking what is the most secure WiFi router. I will buy the network card and the router from the same company but I don't know which one is most secure.

 

All I have ever used is LinkSys WRT54G router, WMP54G NIC and also their WRE54G range expander... the WRT54G or w.e is the latest NetGear model should be just fine. You just have to worry about using encryption
turning off Plug 'n' Play
use a Static IP if possible, or at least assign one to internal computers
disable the SSID (wireless broadcast)
change the default Subnet Mask, Gateway, DNS
turn on the built in NAT/SPI firewall
restrict what MAC addresses are allowed to connect to your router, ect.

It is all basically about configuring everything right rather than looking for software such as a firewall for your WiFi connection. If you choose the LinkSys WRT54G(S) setup I know of a setup which allows you to use very strong PEAP encryption rather than the defaults, but it comes with WEP, WPA and some others which should be more than enough. Also, you can check out fwbuilder.org which has a program that can generate an iptable based on what you want and you can use that iptable with the WRT54G (and probably others, but I only have used the WRT54G with modified firmware by sve a soft which I can provide you the most updated version of for free )

Here is a link to a thread on WiFi/general Network security over at the Software Security Forums which you may find usefull: http://www.fluxgfx.com/ssc/showthread.php?t=65

 

A great open source intrustion detection system which i view as being better than Black Ice (even though it can be setup to run along with Black Ice) is Snort. I am using Demarc's PureSecure which is an automated install of Snort with a nice web interface and some file monitoring options. Demarc PureSecure is free for personal use and their URL is demarc.com <--highly suggested

There are tons of ways to setup a Graphical User Interface for Snort, but that is my favorite so far. You might be interested in Eagle X(automated setup) or IDScenter which you can find at engagesecurity.com

I typed these posts up kinda quick-like so if you dont understand wtf i am talking about just let me know

 

We recommend that you use the non-default/manually set WPA as the default WPA has been cracked. When specifying your passcode it is necessary to use more than 21 characters and use no words, some upper and lower case letters, numbers and symbols. This is in addition to the above from AJohn. Of course you already know to purchase the "G" system. Keep in mind that 802.16 aka WiMax is due out soon.

A little something to read on WiMax - http://www.siliconvalley.com/mld/siliconvalley/business/technology/personal_technology/9831069.htm

 

Good advice Q, using a random password generator might not be a bad idea...

 

I would also advise changing the router default login and password, and maybe even changing the standard IP subnets to something other than the standard ones most use which is the 192.168.0.x range.

 

I just got the Wrt54g router but what is the most secure and feature rich firmware (moded)?

Thanks

 

The only experience I have is with the Sveasoft Satori 4.0 firmware on a WRT54GS. Absolutely rock solid. Very reasonable complement of security options - WPA-PSK, WPA-RADIUS, RADIUS, WEP; MAC filtering; etc.. Take a look at the Sveasoft documentation for some additional info

Blue

 

Given the record of problems with successive Wi-Fi encryption schemes I would suggest not relying on them at all. Consider using something like OpenSSH for Windows to create encrypted tunnels between your computers. If the router does not support SSH itself (few do), you will need to have a PC physically connected to it (with a cable) instead to accept and decrypt SSH connections before sending the data out on the Internet.

This would be of non-trivial complexity (i.e. pretty hard work to set up for a novice) - but if you want "perfect" security, this does mean using the most tested encryption methods (OpenSSH has had vulnerabilities in the past, so you do still need to keep abreast of security issues).

Once you have this set up, the only thing left is to prevent outsiders from using your connection and MAC address filtering (mentioned previously) is the best option here.