-
Wireless Security
-
I'm gonna go out on a limb here and try to simplify that. :)- Enable WPA encryption with a strong (long -- you get 63 characters) passphrase. It has to be long so it's resistant to brute force attacks.
- Change the username and password for managing your router. If you can configure it so the management interface isn't accessible from the Internet side, even better.
That's it. As for some of the other common advice:- WEP is better than nothing the same way that having a curtain for your front door is better than having an open doorway. If your equipment doesn't support WPA, ditch it. WEP can be broken in a minute or two.
- Hiding your SSID doesn't hide your SSID -- it's still sent, unencrypted, each time one of your PCs joins or leaves the network. And an attacker can force your PCs to leave the wireless network (and automatically reconnect) at will.
- MAC filtering is close to useless. At least one valid MAC address for your network is sent unencrypted in each and every frame transmitted. Configuring a PC to use another MAC address takes seconds.
SSID broadcast disabling and MAC filtering are management tools, not security features. If someone is just looking for a wide-open network, having encryption will stop them. If they're willing to try and break in, they will have defeated both of those measures well before they've broken your encryption (even if it's only WEP).
There are some other good tips in some of those documents for a corporate network (like dumping wireless clients in an untrusted network and forcing users to then VPN into the real network), but for a home user it all comes down to having WPA and a strong passphrase.