hello gurus' .. I have recently networked my new lappy with the home desktop, bluddy marvellous thing and very happy with it too!

My question though concerns the security aspect.

How can I make sure that the wireless connection is purely for my two computers, not my two computers and all of the neighbours as well?

tks in advance

1) use the encryption that your WAP supports - it'll be either WEP or WPA, WPA is the stronger.

2) MAC address filter - just allow your laptop MAC address.

3) Network address - change from the default (usually 192.168.0.0) to something else - like 192.168.101.0

4) name your wifi network something other than the default. Change the password of the WAP to something strong. If you can, change the admin account name to something else.

5) don't advertise the SSID of the network - assuming your WAP supports it.

6) DHCP scope - only use as many IP addresses as there are devices - in your case 2. So the network address is 192.168.101.0, the router is 192.168.101.1, the DHCP scope is 192.168.101.2 - 192.168.101.3. Create a reservation for you laptop's IP address.

7) for the truly paranoid, limit the IP addresses available on your network by changing the subnet mask to 255.255.248 - this would only allow 6 hosts on the network, including the router.

Excellent reply Saab - suggest you sticky it.

Just for fun, my system's SSID is Sun UltraSPARC IV......

:ok:

Some of this is debatable, IMHO.

With any security policy, one needs to identify the enemy.

To stop a casual passer-by all you need is plain 64-bit WEP with some not totally obvious password e.g. ppruNe9734

This gives you very good equipment compatibility and doesn't need a revisit to the router config for each new device.

Equally, one could leave the network wide open and use MAC filtering, allowing only the known clients. This gives the best possible equipment compatibility (because as far as each client is concerned the network uses no security) but needs a visit to the router config for each device to be added.

To stop somebody who knows what they are doing you have to use WPA/PSK, or better. Adding the other stuff (MAC address filtering, SSID broadcast disabled) doesn't add any security because the required data can be picked up instantly by monitoring existing traffic.

"SSID broadcast disabled" in particular is a equipment compatibility nightmare. Many XP laptops will never find the access point thus configured, unless they are rebooted. A lot of gear just doesn't work, or disconnects randomly. My HP 4700 PDA doesn't work at all sime some access points. The latest Draytek 2600 firmware stops working completely if I set this... This method stops the casual passer-by noticing the network, that's all.

one could leave the network wide open and use MAC filtering, allowing only the known clients. This gives the best possible equipment compatibility (because as far as each client is concerned the network uses no security)

Sorry - have to disagree here: MAC address filtering on its own is far too simple to circumvent. All you need is a wireless packet analyser, then manually configure your wifi adapter with the required MAC address.

Yes, but then the attacker would be in the second category.

Disabling SSID broadcast is just as useless if somebody is packet sniffing because intercepting any existing traffic will reveal both the SSID and the MAC.

WEP can be attacked too nowadays but it's still a bit obscure.

The other thing I wouldn't do is use one's house name / number as the SSID. A lot of people do that, and it makes it really easy to work out where one should be for best reception :)

hello gurus' .. I have recently networked my new lappy with the home desktop, bluddy marvellous thing and very happy with it too!

My question though concerns the security aspect.

How can I make sure that the ...(snip)... connection is purely for my two computers, not my two computers and all of the neighbours as well?

Er, I just use wired connections. Not only faster and more reliable, but this completely avoids all the problems of having to get one's head round the security stuff. It Just Works and nobody can tap into it (unless they've first burgled the house, at which point I've got worse things to worry about).

(Oh, there is one downside though. When lightening struck our fishpond it took out all the wired network gear; a wired network would have survived a bit better.)

GtW,

Fine to use wired ethernet if you have either flood wired your dwelling - like they do in new domestic buildings in Scandinavia and Germany, apparently - or don't mind trailing wires around the house.

Not so convenient if you wish to occasionally work with a lappy in the garden, in bed, or on the kitchen table.

Or if someone visits, or if the sprogs need to play games with their friends, or if you want to use a PDA with wifi etc.

WiFi is here to stay, better to know how to maximise the benefits and minimise the risks.

SD

There is one additional and very simple precaution that I use. Unless someone in our house is using the wireless network, I turn the WAP Off! This still leaves internet access on one PC, connected to the router by cable.

I knew I came to the right place ;)

thankyou for your advice!!

now, is there a some sort of monitoring programme that will actually watch over the network and throw up alerts if someone is trying to use it?? (if you know what I mean)

This is a pretty comprehensive article...............

"How to Secure Your Wireless Home Network with Windows XP"

http://www.microsoft.com/windowsxp/using/networking/learnmore/bowman_05february10.mspx

Hope it is of some interest and/or help.

N o t a