[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
trewornan wrote: > I've got a fairly basic network - internet router, wireless AP, Switch and a few > computers (my PC, my laptop, housemates laptop). I leave my wireless AP open so > that others can use it if they need to. > > The other day I noticed some heavy usage on the router and discovered that > someone was connected and using a considerable bandwidth - some nmapping, > arpspoofing and wiresharking revealed three "unknown" MACs connected to the AP one > of which I believe was downloading a bittorrent. Hi, To secure my wireless network (as far as practically possible that is) I do the following: 1. Change the ESSID for something non-standard. 2. Hide it. 3. Change router userid and password to something else 4. Enable MAC Access Control - I have mine set for the Firewall *and* Wireless. 3. Turn on encryption - I use WPA-PSK. I believe a lot of password hacking is done by a dictionary search for common words. That can be defeated or made much harder in three ways: a. Replace letters with punctuation and numbers, e.g. ! for l, @ for a etc. This one I think most people know about. b. Pick a favourite book or poem and use the initial letters of the first line/sentence, e.g 'I am the very model of a modern major general' becomes 'IATVMOAMMG' or even better 'I@TVM0AMMG'. Also a mix of upper and lower case characters helps. c. My favourite, my own idea, and I'm not aware of it being used elsewhere. I believe dictionary searches are mostly done using an English dictionary, or at least the official language of the country the network is in. My tip is to pick a phrase you know, then use an online translator to convert it into a language you *don't* speak. Translators online are known for not getting syntax perfect every time, sometimes even spelling wrong so even a native speaker of the language, *if* they knew which one you used *and* the phrase, may not get it. Then use the translation as your password. The phrase 'I am the very model of a modern major general' in Portuguese becomes 'Eu sou o modelo mesmo de um general principal moderno' (according to Babelfish anyway :)). You could even combine all three, converting the above to letters and punctuation and you end up with 'ES0MMDU8PM'. Of course as always, the longer the password the better, e.g. 'Eu sou o modelo mesmo de um general que principal moderno eu tenho o vegetal e o mineral animais da informação' becomes 'ES0MMDU8QPM3T0V30MADI' which is getting to the point you'd need to save it to a USB stick or risk never accessing your own network ever again :) As always the goal is not to make your network security perfect, as a determined hacker will get through eventually. The goal is to make your network less attractive than other available networks - especially in your situation with drive-by bandwidth thieves. Kind regards, Julian -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html