Router configuration recommendations (mainly wireless)

Discussion in 'other software & services' started by Mrkvonic, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    I'm expanding and so I bought meself a router.

    Here's what I did so far:

    Firewalled it.
    Passworded it nicely.
    Allow DHCP broadcast and ping types 3 and 8 on local addresses.
    Setup wireless with WPA + nice password.

    Works fine with all Linux, Windows setups.

    And here's what I'd like to know, mainly regarding wireless:

    Do you recommend WPA TKIP, AES or mixed? Or perhaps WPA radius?
    What about WMM, turbo mode, preamble, broadcast essid, ctx protect etc?

    So in general, any tips except what I've already done?

    Mrk
     
  2. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I'm using WPA-PSK which I'm told is better than WEP or OFF - my only other choices
     
  3. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    wouldn't a belt or a corset have been better :D
     
  4. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    If i'm not mistaken, the broadcast ssid option allows you to choose whether or not the wireless network is detectable or indetectable by computers that are scanning for networks. ssid is basically the name or identiy of your router. If you disable ssid broadcast, your network would never appear to those computers scanning for wireless networks. In that case, a computer wanting to connect to your wireless network would need to know and input both the ssid you have chosen, and the wpa password you set. The others you mentioned, I either don't know, or have forgotten what they do - but usually when you're logged into your router there's an information page that describes what most if not all these options do. What type router did you get?
     
  5. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I would add MAC filtering to your setup.
    That way there is less chance that 'unknown devices' attach to your router.

    If you run Windows, there is security software available that polls the wireless router and notifies you when a unknown device is attached. Trendmicro is offering this feature, maybe there are more of the same kind.

    Also: change your SSID!

    I got my passphrase from GRC.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    Thanks all for your suggestions.

    Actually, I live in a nice neighborhood where people are polite and cowardly. They do not tend to connect to other people's wireless networks.

    Some tiny tweaking remains. I have 3-4 laptops that might need to connect to the network, so I'll prolly go with MAC filtering.

    Mrk
     
  7. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    It seems that mac filtering isn't paticularly worth the effort, according to this apparently reputable source:

    This is an excerpt from "6 dumbest ways to secure a wireless network"
    http://blogs.zdnet.com/Ou/index.php?p=43

     
    Last edited by a moderator: Dec 31, 2007
  8. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks for that - I know I had read this somewhere but couldn't remember.
    I was considering making some of the changes not recommended.
     
  9. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,076
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I'd recommend WPA2 this is a later version of WPA which offers improved security, but any WPA should be secure enough - I am using WPA2, AES with a 63 character network key (and why not) you'll need the update KB893357 for xp (and I believe SP2) / and also WPA2-802.1x - all users must have a login on the radius server and this device must have a login on the radius server, data is encrypted using an automatically generated key, depends on your setup really Mrk.
     
  11. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    also Steve Gibson on the GRC site - his show Security Now #3 was titled "NAT Routers as Firewalls"..in the PDF he reccomended turn off or disable WAN management
    and also likely turn off Universal Plug n Play if either of those two options are avail. for your router...
    .
    link to PDF: http://www.grc.com/sn/SN-003.pdf



    ..filtering MAC addresses might not stop everyone but it's another layer of protection- not everyone is an expert, MAC filtering would be enough to prevent me from logging on as i dont have a spoofing program currently and wouldnt know where in windows to change it....
     
  12. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    I use WPA2 with a Linksys router. Since it was so long, I think the 1st time I entered the password I copied and pasted. I've never had to enter it again in 1.5 years. What do if I somehow delete the password?
     
  13. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    You are asking what to do when you lost your password?
    Probably reset the router settings to factory default and setup a new passphrase.
    Usually it's possible to reset the router by pressing a paperclip in a tiny hole.
     
  14. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    OK. There's also a reset button on the front of my router. If I ever lose the password, I'll try pressing that 1st.
     
  15. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    If it is a Linksys router as stated in your signature then I do not believe that is a\the reset button.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    Thanks again all. Just for info, the laptops connecting will be running XP SP2, Tiger, Ubuntu.
    Mrk
     
  17. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268

    It says easy secure. Since I've never had to reset anything after the initial setup I'm not really worried, but I was looking to be a step ahead.

    Thanks
     
  18. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    That is the button.... If you use all the Linksys software and want it to auto config then that is what you would use. I prefer a manual config. and the Windows Zero Configuration myself.
     
  19. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    Thanks all, sorry for the hijack. :oops:
     
  20. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    I heard that WPA2 + AES was one the best choice, however I do not use myself WIFI and I didn't check that information.

    Regards,
    gkweb.
     
Loading...
Thread Status:
Not open for further replies.