Home LAN hardening

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Home LAN hardening

Mark

1653 posts

Uber Geek
+1 received by user: 555

#99932 30-Mar-2012 09:25

Hi there,

Since I have a home wireless setup that seems to broadcast beyond my home I think it might be wise to toughen up security a bit.

Does anyone have some pointers to good reading material ?

I've no shortage of low power kit I can convert into all sorts of firewall thingys .. just don't have the networking voodoo yet :-)

Thanks!

Mark

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#602371 30-Mar-2012 10:27

Wireless settings should be WPA2 (rather than WEP or WPA) with AES (rather than TKIP) encryption

Choose a nice long password easy to remember hard to guess eg http://xkcd.com/936

You can also enable mac addresss filtering ie: only devices with mac addresses in the allowed list can connect to the wifi.

Wouldn't bother going further than that tbh but if you wanted too the next step would to be to have some kind of captive portal (like coffee or hotel wireless) where a user has to sign in on a web page before they can get to the internet... would use something like pfsense for this.

http://doc.pfsense.org/index.php/Captive_Portal
http://pfsense.org/

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233

#602393 30-Mar-2012 11:10

MAC filtering is pointless..

Also make sure you have WPS turned OFF.
See http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars

(Lots of APs have PIN WPS turned on and it's "easy" to crack, which will give someone your WPA1/2 passphrase, no matter the length)