Securing a wireless connection -- little help, if possible

[Freakin]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
You may have heard that not broadcasting SSID is an added security measure. DO NOT bother with that, KEEP broadcasting SSID, if you do not broadcast SSID your wireless WILL NOT work.

[/ QUOTE ]
Mine works fine. [img]/images/graemlins/confused.gif[/img]

[/ QUOTE ]

seriously.. you can easily turn off SSID broadcast and still have normal wireless if you know what you're doing.

[/ QUOTE ]

It does not appear to be a case of knowing what you are doing.

It must be possible with some routers but not all.

If you know better then please explain.

[/ QUOTE ]

Your wireless functions completely normally, but you must explicitly define your wireless connection by SSID and security method. If you don't manually add your connection, and tell your computer to use it, then it won't work.

It's pretty pointless, because it's definitely still being broadcast in some way, just not in a way casual users will see.

It's totally pointless to disable it as a security method.

[Al Mirpuri]

[ QUOTE ]


seriously.. you can easily turn off SSID broadcast and still have normal wireless if you know what you're doing.

[/ QUOTE ] Your wireless functions completely normally, but you must explicitly define your wireless connection by SSID and security method. If you don't manually add your connection, and tell your computer to use it, then it won't work.

It's pretty pointless, because it's definitely still being broadcast in some way, just not in a way casual users will see.

It's totally pointless to disable it as a security method.

[/ QUOTE ]

Theoretically, begging your indulgence, how would one define the SSID to each computer in the network?

[PLOlover]

if you only have one computer a good preventive measure is to set your router to just give one address, eg, define range as 192.168.0.100 to 192.168.0.100
and just leave your computer on all the time.

[Freakin]

[ QUOTE ]
if you only have one computer a good preventive measure is to set your router to just give one address, eg, define range as 192.168.0.100 to 192.168.0.100
and just leave your computer on all the time.

[/ QUOTE ]

anyone can statically assign themselves an IP address in the same range. This is a horrible option.

If you are going to do one thing, enable WPA-PSK.

Two things, enable WPA-PSK and MAC address filtering.

[goldtoes]

there have been several detailed threads with explicit instructions on how to lockdown your routers ... use the search feature.

[Al Mirpuri]

[ QUOTE ]
there have been several detailed threads with explicit instructions on how to lockdown your routers ... use the search feature.

[/ QUOTE ]

I think there is one in the FAQ but it is not very good. It tells you what needs doing but NOT how to do it.

[Al Mirpuri]

[ QUOTE ]
[ QUOTE ]
if you only have one computer a good preventive measure is to set your router to just give one address, eg, define range as 192.168.0.100 to 192.168.0.100
and just leave your computer on all the time.

[/ QUOTE ]

anyone can statically assign themselves an IP address in the same range. This is a horrible option.

If you are going to do one thing, enable WPA-PSK.

Two things, enable WPA-PSK and MAC address filtering.

[/ QUOTE ]

MAC address filtering does not work...MAC addresses can be spoofed. Enabling WPA-PSK is the best way forward.

[PLOlover]

[ QUOTE ]
anyone can statically assign themselves an IP address in the same range. This is a horrible option.

If you are going to do one thing, enable WPA-PSK.

Two things, enable WPA-PSK and MAC address filtering.

[/ QUOTE ]

really? so both computers would have the same address 192.168.0.100 or whatever? I was under the impression that if the router only had one address to give out then only one computer wouuld be able to connect to the router.

But yeah its not really a security feature as much as just if you want to lock out some users for a while, like if theyre hogging bandwidth or something, like your roommates p2p app is causing you to lag bad and hes not home or anything so you can just temporarily adjust the router so you get all the bandwidth for a while.

[Freakin]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
if you only have one computer a good preventive measure is to set your router to just give one address, eg, define range as 192.168.0.100 to 192.168.0.100
and just leave your computer on all the time.

[/ QUOTE ]

anyone can statically assign themselves an IP address in the same range. This is a horrible option.

If you are going to do one thing, enable WPA-PSK.

Two things, enable WPA-PSK and MAC address filtering.

[/ QUOTE ]

MAC address filtering does not work...MAC addresses can be spoofed. Enabling WPA-PSK is the best way forward.

[/ QUOTE ]

I'm saying that after WPA-PSK, it is the next best option. Someone would essentially have to grab packets from an allowed NIC to get the MAC to spoof.

I would never use it alone, but would combine it if I was extra paranoid.

[Freakin]

[ QUOTE ]
[ QUOTE ]
anyone can statically assign themselves an IP address in the same range. This is a horrible option.

If you are going to do one thing, enable WPA-PSK.

Two things, enable WPA-PSK and MAC address filtering.

[/ QUOTE ]

really? so both computers would have the same address 192.168.0.100 or whatever? I was under the impression that if the router only had one address to give out then only one computer wouuld be able to connect to the router.

But yeah its not really a security feature as much as just if you want to lock out some users for a while, like if theyre hogging bandwidth or something, like your roommates p2p app is causing you to lag bad and hes not home or anything so you can just temporarily adjust the router so you get all the bandwidth for a while.

[/ QUOTE ]

A router will only ASSIGN one IP address, but it will still route traffic to the whole subnet. Anyone can assign themselves the IP address they had previously and still get internet.