best way to lock down a wireless router

Crosshairs

Administrator
Staff member
Joined
Feb 3, 2004
Messages
25,302
Whats the best way to lock down a Buffalo WHR-G54S /
Im trying to keep off any unwanted traffic
 
WPA2 and mac filtering will stop any problem you could ever have except for one of your computers getting attacked by a virus or sumsuch.
 
Agreed.. WEP is not going to cut it.. I would also suggest a sufficiently long and difficult password for the WPA... use the ol' 133t' lingo to spice it up... instead of "tree" use "tr33".... over eight characters.. yada yada yada..
 
Simply turning on WPA2 encryption is more then enough... Unless you work for the government. MAC filtering is an unneeded headache.
 
wow he got an answer in about 1 minute...

gotta love the service around here.

To back up the WPA2 security, it is the best way. Simply doing WEP these days is not enough. There are far to many ways to crack a WEP key now to say that WEP is secure.
 
use AES and not TKIP also. TKIP still has flaws. If you want really secure make it a 63 character WPA2 key and even a supercomputer wouldn't be able to crack in a remotely usefull time frame. random letters & Numbers, upper and lower case, and a few symbols for good measure.
 
use AES and not TKIP also. TKIP still has flaws. If you want really secure make it a 63 character WPA2 key and even a supercomputer wouldn't be able to crack in a remotely usefull time frame. random letters & Numbers, upper and lower case, and a few symbols for good measure.

Some people are just paranoid...

Standard WPA2 is, like I said above, more then enough. It will keep 99% of people out, and that 1% would have to be heavily motivated to get in.
 
I've taken it a step further at my house, and placed all wireless traffic in it's own VLAN, firewalled off from the main network.

...then there's the little matter of a squid redirect which does fun things to any images downloaded through it ( from source IPs which do not match an ACL ). So even if you get through, you aren't going to be happy about it.
 
WPA or higher (as not all NICs 'n APs support WPA2, WPA is actually quite adequate.

And..don't forget to change the default web admin password on it.
 
Thanks for the reply's..
Looking at the config screen, the only choices I have are'
WEP, AES or TKIP..
I don't see any choice for WPA2..

I have it set now for mac filtering and a 64 bit WEP key...I can set a 128 bit WEP key, but that's my only other choice besides TKIP or AES.

I'm not trying to keep the government out, just the random crazy neighbor who likes to torrent like a mad man..but this neighbor is not so random, he is actually quite good at networking...
 
WPA2..if not the WPA.
Forget about MAC-filter, it's retarded, can be bypassed by any scriptkiddie and can cause more troubles than good.
 
Turn it off. :p













Change routers default login password.
Change the SSID from it's default and then (after you get it working) make your network hidden.
As everybody has said use WPA or even WPA2 if you can with a long complex password.
MAC filtering if you want, it can be a pain to setup.
I personally also do the following.
I disable the routers DHCP server and use static IP's on my network.
I also change the routers default IP address.
 
OK, Thanks again.
I set it up with AES, disabled SSID broadcast and changed the default IP.
When I have more time, I will disable DHCP, and set static IP's....but for now I have it set to 4 IP's max which is how many we are using...

Thanks for everyone's help
 
OK, Thanks again.
disabled SSID broadcast and changed the default IP.

Not all wireless NICs work properly with hidden SSIDs...you may have trouble with some. Besides, any software tools used to grind into someone elses wireless network will still see hidden SSIDs anyways...so it's really not a security feature.
 
Not all wireless NICs work properly with hidden SSIDs...you may have trouble with some.
Thanks, I wasn't aware of that..The laptop we are using is set to connect to this network automatically,we set it up and then turned off broadcast.. so far its working....
Besides, any software tools used to grind into someone elses wireless network will still see hidden SSIDs anyways...so it's really not a security feature.

I figure if they want in, they are getting in..I'm just trying to make it a bit more difficult..:)
 
Thanks, I wasn't aware of that..The laptop we are using is set to connect to this network automatically,we set it up and then turned off broadcast.. so far its working....


I figure if they want in, they are getting in..I'm just trying to make it a bit more difficult..:)

Cool...as long as all your rigs work fine.

Hiding your SSID prevents the old lady next door from seeing your wireless in her Windows WCZ. Just as long as you don't use it as a security measure, because the little kid next door that wants to break into neighbors networks...he'll fire up his tools..and see you anyways.

The way I look at it....for a home network, keep it convenient for you to use. And look around you...who is next door? I don't have any neighbors that I'd give a second glimpse at as far as network security . But if you have some teenage kid next door whos complection is white as a mushroom from living in front of his monitor 22 hours a day..

I'm fine with WPA, have a decent long key on mine, and I have 3x laptops in the house that travel a lot, so static IPs would just be annoying to reset several times a day as I come and go.

Other options...captive portals, WiFiSec. I use WiFiSec at medical clients. I have a fully open G network...but goes to a separate IP range...where from there they have to launch an IPSec VPN client to connect to the main network.
 
Not all wireless NICs work properly with hidden SSIDs...you may have trouble with some. Besides, any software tools used to grind into someone elses wireless network will still see hidden SSIDs anyways...so it's really not a security feature.

I've had the odd time where I had to turn the SSID back on so a PC could connect for the first time. After that turning it back off wasn't a problem. Thats why I said (after you get it working). ;)

You are correct these days it's not really much of a security feature but it may keep the amateurs out. Hopefully they go after the visible networks first.
 
Something else you can do if all your wireless devices support "N" is to change the mode from B,G and N to N only. Anybody with G only won't be able to connect.
 
Flash the Buffalo wiwth Tomato, and use WPA.

I had problems with the Buffalo on stock firmware with WPA-TKIP

Flash with Tomato
Create secure WPA password
Create secure admin password and your fine.

Honestly what are you blocking, maybe access to some Porn files that are shared?
 
Honestly what are you blocking, maybe access to some Porn files that are shared?

I think most people just want to stop someone from leaching there internet access. You want to stop somebody using your wireless/internet account to download something that you might get in hot water over. What ever they download is going to be traced to your IP address.
 
Honestly what are you blocking, maybe access to some Porn files that are shared?

I think most people just want to stop someone from leaching there internet access. You want to stop somebody using your wireless/internet account to download something that you might get in hot water over. What ever they download is going to be traced to your IP address.

Exactly....


I'm blocking my wireless from getting abused and possibly having the internet shut off for illegal downloading.
I'm on Comcast in NJ....and we all know how that goes.

I know for a fact that its been used by the neighbor.....and I know what he uses his connection for......

I just to be sure he does not use mine.
 


Thanks for the totally useless reply.

http://www.youtube.com/watch?v=vsYgqt4Kj68

Make sure you have a strong password; brute force is always an option to get into any system

I'm not protecting government secrets here.....just looking to keep the average
pimple faced loser out....

I think I should be good, but Ill continue to watch my logs and see what happens
Thanks again to those who helped
 
Back
Top