On Tue, Jun 17, 2008 at 2:49 PM, Rick Welykochy <[EMAIL PROTECTED]> wrote: >> You should make sure you take the simple steps which *everyone* >> running wireless should do. >> >> 1) Disable SSID broadcast >> 2) Disable DHCP unless you absolutely *have* to use it. > > Already do the above two. SSID should only be used for public nets, > I presume. And no DHCP.
Only for nets you *want* to be open for potential unauthorised use. Even in "public" nets, I disable it, and require potential users to come ask for the SSID before connecting. >> 3) Make the Wireless subnet as small as you can possibly go for the >> number of machines you have. The one I use at home is set to >> 192.168.25.0 with a 255.255.255.252 netmask - leaving room for only >> the router's IP address, and the one machine I have running wireless. >> The cable LAN segment has a completely different range. > > Excellent advice. Thanks. I am completely statically addressed here > with a number of machines. I'll partition the address space and separate > out the cabled LAN. > > Would this suffice: > > LAN: 192.168.100.0 255.255.255.whatever > WiFi: 192.168.50.0 255.255.255.252 > > Or better: > > LAN: 10.1.100.0 255.255.255.whatever > WiFi: 192.168.50.0 255.255.255.252 Either will do - it's up to you what you use. I'd just go with 255.255.255.0 for your LAN (cabled) network. The point of using a 255.255.255.252 netmask is that it only allows two nodes in the network (plus the one "network" and one "broadcast" address), and leave much less wriggle room for people to get in via an unallocated IP address open in the subnet. >> 4) Use WPA or WPA2. WEP is badly broken, and was cracked years ago. > > Will do. It's long overdue. Laziness == !Secure. Yup. No argument with that one. >> Depending on your wireless AP, you can require authentication (if >> supported) before allowing a wireless connection. > > Yes indeed. I already require authentication. Then you're probably 99.9% secure from someone sniffing you out and hacking access. > I am beginning to think that this icon I saw was someone's PC > trying to get on the wireless but they failed. I've turned the > wireless back on and they've vanished. Most likely someone just attempted a connect and failed, yes. > But I will remain vigilant and implement as much security as > possible. Constant vigilance! DaZZa -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
