[Dshield] WireLess Home Config ?
Johannes B. Ullrich
jullrich at sans.org
Mon Jun 7 19:16:35 GMT 2004
On Mon, 2004-06-07 at 13:58, Bert Sinclair wrote:
> I would like to connect my three PCs to our Internet connection
> To do so, what will I need to connect my three PCs to the
I will try and keep my answer "on topic" and focus on the security
aspects. The easiest way to share a broadband connection is to
get a wireless router. There are plenty of different manufacturers.
Plan on spending about $100 for the router, and maybe $50 for each
wireless network card. (there may be bargains available at a significant
The first thing you need to secure is the router. There are two
WEP: relatively week encryption, supported by most devices.
WPA: better encryption, but relatively new and not universally
If you can't find a WPA capable device, Try to find one that
will be firmware upgradable in the future (may not be easy to
find out if it is or not)
Here a quick checklist for the router setup:
- disable access to the web based admin interface from the outside.
- change the password for the web based admin
- do not use the default IP address range for your LAN (typically
something like 192.168.1.0/24 or 192.168.0.0/24).
- change the SSID to a random string.
- disable SSID broadcast (not all wireless routers allow you to
disable this, and it may make it harder to connect a client)
- enable WEP or WPA (like always, use a random password, so it
can't easily be guessed)
- keep a personal firewall on all clients, and consider the wireless
network 'untrusted' (like all systems communicate across the internet).
For example, try to use encrypted application layer protocols like SSL
to connect the workstations to each other.
I think that covers the basics.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040607/acd5a947/attachment.bin
More information about the list