DaZZa wrote:
You should make sure you take the simple steps which *everyone*
running wireless should do.
1) Disable SSID broadcast
2) Disable DHCP unless you absolutely *have* to use it.
Already do the above two. SSID should only be used for public nets,
I presume. And no DHCP.
3) Make the Wireless subnet as small as you can possibly go for the
number of machines you have. The one I use at home is set to
192.168.25.0 with a 255.255.255.252 netmask - leaving room for only
the router's IP address, and the one machine I have running wireless.
The cable LAN segment has a completely different range.
Excellent advice. Thanks. I am completely statically addressed here
with a number of machines. I'll partition the address space and separate
out the cabled LAN.
Would this suffice:
LAN: 192.168.100.0 255.255.255.whatever
WiFi: 192.168.50.0 255.255.255.252
Or better:
LAN: 10.1.100.0 255.255.255.whatever
WiFi: 192.168.50.0 255.255.255.252
4) Use WPA or WPA2. WEP is badly broken, and was cracked years ago.
Will do. It's long overdue. Laziness == !Secure.
Depending on your wireless AP, you can require authentication (if
supported) before allowing a wireless connection.
Yes indeed. I already require authentication.
I am beginning to think that this icon I saw was someone's PC
trying to get on the wireless but they failed. I've turned the
wireless back on and they've vanished.
But I will remain vigilant and implement as much security as
possible.
thanks
rickw
--
________________________________________________________________
Rick Welykochy || Praxis Services || Internet Driving Instructor
My advice to the women's clubs of America is to raise more hell and
fewer dahlias.
-- William Allen White
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
