Router configuration recommendations (mainly wireless)

Hello,

I'm expanding and so I bought meself a router.

Here's what I did so far:

Firewalled it.
Passworded it nicely.
Allow DHCP broadcast and ping types 3 and 8 on local addresses.
Setup wireless with WPA + nice password.

Works fine with all Linux, Windows setups.

And here's what I'd like to know, mainly regarding wireless:

Do you recommend WPA TKIP, AES or mixed? Or perhaps WPA radius?
What about WMM, turbo mode, preamble, broadcast essid, ctx protect etc?

So in general, any tips except what I've already done?

Mrk

 

I'm using WPA-PSK which I'm told is better than WEP or OFF - my only other choices

 

wouldn't a belt or a corset have been better

 

If i'm not mistaken, the broadcast ssid option allows you to choose whether or not the wireless network is detectable or indetectable by computers that are scanning for networks. ssid is basically the name or identiy of your router. If you disable ssid broadcast, your network would never appear to those computers scanning for wireless networks. In that case, a computer wanting to connect to your wireless network would need to know and input both the ssid you have chosen, and the wpa password you set. The others you mentioned, I either don't know, or have forgotten what they do - but usually when you're logged into your router there's an information page that describes what most if not all these options do. What type router did you get?

 

I would add MAC filtering to your setup.
That way there is less chance that 'unknown devices' attach to your router.

If you run Windows, there is security software available that polls the wireless router and notifies you when a unknown device is attached. Trendmicro is offering this feature, maybe there are more of the same kind.

Also: change your SSID!

I got my passphrase from GRC.

 

Hello,

Thanks all for your suggestions.

Actually, I live in a nice neighborhood where people are polite and cowardly. They do not tend to connect to other people's wireless networks.

Some tiny tweaking remains. I have 3-4 laptops that might need to connect to the network, so I'll prolly go with MAC filtering.

Mrk

 

It seems that mac filtering isn't paticularly worth the effort, according to this apparently reputable source:

This is an excerpt from "6 dumbest ways to secure a wireless network"
http://blogs.zdnet.com/Ou/index.php?p=43

 

Thanks for that - I know I had read this somewhere but couldn't remember.
I was considering making some of the changes not recommended.

 

Hello,
Steve Gibson has a nice article on the WPA encryption types. It's in article #13 . You also might want to take a look at article #11
http://www.grc.com/SecurityNow.htm#124

 

I'd recommend WPA2 this is a later version of WPA which offers improved security, but any WPA should be secure enough - I am using WPA2, AES with a 63 character network key (and why not) you'll need the update KB893357 for xp (and I believe SP2) / and also WPA2-802.1x - all users must have a login on the radius server and this device must have a login on the radius server, data is encrypted using an automatically generated key, depends on your setup really Mrk.

 

also Steve Gibson on the GRC site - his show Security Now #3 was titled "NAT Routers as Firewalls"..in the PDF he reccomended turn off or disable WAN management
and also likely turn off Universal Plug n Play if either of those two options are avail. for your router...
.
link to PDF: http://www.grc.com/sn/SN-003.pdf



..filtering MAC addresses might not stop everyone but it's another layer of protection- not everyone is an expert, MAC filtering would be enough to prevent me from logging on as i dont have a spoofing program currently and wouldnt know where in windows to change it....

 

I use WPA2 with a Linksys router. Since it was so long, I think the 1st time I entered the password I copied and pasted. I've never had to enter it again in 1.5 years. What do if I somehow delete the password?

 

You are asking what to do when you lost your password?
Probably reset the router settings to factory default and setup a new passphrase.
Usually it's possible to reset the router by pressing a paperclip in a tiny hole.

 

OK. There's also a reset button on the front of my router. If I ever lose the password, I'll try pressing that 1st.

 

If it is a Linksys router as stated in your signature then I do not believe that is a\the reset button.

 

Hello,
Thanks again all. Just for info, the laptops connecting will be running XP SP2, Tiger, Ubuntu.
Mrk

 

It says easy secure. Since I've never had to reset anything after the initial setup I'm not really worried, but I was looking to be a step ahead.

Thanks

 

That is the button.... If you use all the Linksys software and want it to auto config then that is what you would use. I prefer a manual config. and the Windows Zero Configuration myself.

 

Thanks all, sorry for the hijack.

 

Hello,

I heard that WPA2 + AES was one the best choice, however I do not use myself WIFI and I didn't check that information.

Regards,
gkweb.