1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security on the WRT54GS V.6

Discussion in 'General Discussion' started by essorama, Dec 25, 2007.

  1. essorama

    essorama LI Guru Member

    Hi, seeing as there is no real practical way to check whether someone is hogging your wireless connection, just thought I'd share with the best way of creating security...the following is what I have done...please please if anyone knows of extra security I can do or things I have missed, let me know...

    1) Changed Router password
    2) Using MAC address security for WiFi access
    3) Set security key for WAP Personal - AES encryption (with a key thats more than 12 characters long) - WEP key is easier to crack using WifiWay or Backtrack.
    4) Router Administration disabled for Wireless - administration can only be done from PC connected direct to Router
    5) Removed DHCP - manuel IP addressing only being used
    6) Router hostname: changed to something that does not give away any info (ie: no_configuration, device_error_409, no_host etc)
    7) Hidden the SSID

    I think that about covers it.

    Router logs enabled. As mentioned in previous post, from what I've read there is no firmware available for WRT54GS-UK V.6 which I can use to enable logs to be sent to a named PC - thus I am unable to use wall watcher/Link Logger type products.
    Thus I am using official linksys firmware; 1.52.4
    However, I used a web query within Excel to auto download Router logs into a spreadsheet at 1 minute intervals - however not being an Excel Guru I had some problems with this (not sure how to incorporate the date/time and how to stop Excel automatically removing the data once reaching a number of cells and starting from beginning again).

    I am convinced however, that there surely must be some other application out there that is made for remotely downloading and keeping updates of various kinds of data from internet pages. Something that for instance might be used to download stats from trading, stock or economic websites - such an app may even let you configure it to be able to read anomalies within the data and thus set of alarms or alerts.
    I am hunting for such an app, however without success. If anyone can think of anything like this or finds anything similar...let us know...this way we can finally solve the problem of Router Log collection (a problem is concurrent on MANY makes of router).

    Look forward to your replies/discussion.
  2. Macskeeball

    Macskeeball LI Guru Member

    I have a few comments about the first part of your post. It's actually WPA, not WAP. WAP is another wireless networking acronym (Wireless Access Point), and the two acronyms are easy to confuse.

    If you're already using solid encryption in the form of WPA and have a strong password (extremely long, extremely random, and definitely not in the dictionary), you don't need either MAC address filtering or SSID hiding. Both of those are extremely easy to get around, and if someone is actually able to get around your WPA encryption, they will have no trouble getting around MAC address filtering or SSID hiding. So, they add no additional security benefit, but they do add a lot of inconvenience. SSID hiding even causes technical problems. I would only do them in a situation where I absolutely had to use WEP (which has been very badly broken).

    You can get very strong passwords from https://grc.com/passwords

    One thing I would add is thinking about defense in depth. One example of this include using the built-in firewall provided by the OS in addition to the router, so that each computer is protected from other computers on the network, in case one of them gets bad software on it. This is especially true for laptops that you may use on other people's networks. Another example is using a secure connection (https) for your router config, again for protection from other computers on the network that might get bad software on them.

    Essentially, consider malware as a backdoor into your LAN, and take a few simple measures to be prepared for it.
  3. essorama

    essorama LI Guru Member

    Sorry, I did actually mean WPA and not WAP (was hasty).
    I can understand how someone can crack WEP, Backtrack lets you bypass the hidden SSID issue also, but "how" would someone get past MAC filtering?
    I know of products that let you change your MAC address (this Router lets you do it for a start) - but how will someone discover "which" MAC address's you have allowed in at the router - to be able to clone that right address? If Wireless Router Administration is disabled, they cannot get onto the Router page.
    Windows Firewall - not being used. ZoneAlarm being used instead - with Server service disabled.

    NetPeeker is another good software to use - it has bandwidth throttling and has excellent TCPIP traffic log recording and management.

    Any thoughts about Router Logging?
  4. Macskeeball

    Macskeeball LI Guru Member

    MAC addresses are sent in the clear with the packets when network activity happens. Freely and widely available programs called "packet sniffers" can be used on many different platforms to see what the packets are, and therefore identify the MAC addresses being used for the active (or somehow logged) network traffic. If you were not using WPA encryption, most network activity would be completely in the clear (usernames, passwords, emails, web pages, everything- anything that was not already otherwise encrypted) and easily viewable by strangers (or malware on their systems).

    I'm not a Windows user myself (Mac & Linux here), but I remember hearing on a recent episode of the Linux Reality podcast (the one where the hosts of the PaulDotCom Security podcast were interviewed) that third party firewalls such as ZoneAlarm (mentioned specifically) are somehow less secure than the built-in Windows firewall. I don't remember the details, but that was the gist of it.

Share This Page