Unconfigured Ad Widget

**ocabj** · 11-09-2015, 7:54 PM

Instead of using a preshared key, you're better off going to WPA2 Enterprise with individual user+passwords for all users. Use certificate based authentication for shared computers on the network (e.g. family owned desktop).

Send all router logs to a syslog server and use something like OSSEC to monitor those syslogs to provide active response (alerts and trigger firewall rule additions for any detected intrusion attempts, etc)

**Wallabing** · 11-09-2015, 9:17 PM

Dont like WPA 2 enterprise, too painful to set up and any capable cracker can set up a fake access point and try to capture the authentication.

With the 128 long security key, they will have no choice to brute force it which would make it near impossible in this lifetime.

**MarinRange42** · 11-09-2015, 9:37 PM

But not all have the ability to DDWRT flash their models. And it's a new gui to try to learn that they don't have a manual for. While I agree with you it's a great option when available, I just go with a strong password on both router and computers and with latest versions of windows it's asking them to change often enough. Don't want to sacrifice speed for security in a home environment.
Not enough strong hackers out there is my opinion. I've taken advantage though several times in the last 10 years of stupid people for a little free surfing.

**ocabj** · 11-10-2015, 12:04 PM

Originally posted by Wallabing

Dont like WPA 2 enterprise, too painful to set up and any capable cracker can set up a fake access point and try to capture the authentication.

With the 128 long security key, they will have no choice to brute force it which would make it near impossible in this lifetime.

No, if someone man-in-the-middle attacked with a fake AP, it would fail out on the SSL certificate during the initial SSL/TLS negotiation for EAP. You don't even need a publicly signed cert. Create your own root CA and a subsequent signed cert for the FreeRADIUS deployment.

128 character long security key? I guess that's overly secure, but I'm guessing you're going to be cutting and pasting that into the password fields for your devices. Hopefully you use a secure method like LastPass or a password vault to distribute that to the other devices.

**ExtremeX** · 11-10-2015, 12:49 PM

+1 for certificate based authentication.

**Section 101** · 11-11-2015, 12:04 AM

Originally posted by Wallabing

Flash your router to DDWRT if you can.

Use a 128 letter long wireless access security key with completely random characters.

Change it every month.

Best security is to unplug it.

**SheepDog78** · 11-14-2015, 3:36 PM

Originally posted by Wallabing

Dont like WPA 2 enterprise, too painful to set up and any capable cracker can set up a fake access point and try to capture the authentication.

With the 128 long security key, they will have no choice to brute force it which would make it near impossible in this lifetime.

You can use the longest password you can muster, all it takes is a packet sniffer and a little knowledge to get that. There are some great suggestions here to secure your WiFi, but a lot of this is way beyond what anybody will do for their home WiFi. Take it down to layers 1 and 2, disable your SSID broadcast and enable MAC filtering. That will all but eliminate wardrivers.

Sent from my VS985 4G using Tapatalk

**wpage** · 11-14-2015, 3:44 PM

Do what DiVinci did and screw it all...

**catmman** · 11-14-2015, 7:16 PM

Go back to 802.11b because nobody is using it!!!!!!!!

Unconfigured Ad Widget

Best way to make your router secure

Best way to make your router secure

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Calguns.net Statistics

What's Going On