07-19-2011 01:27 PM
1. Again: any router, regardless of whether the SSID broadcast is enabled or not, must send out the beacon signal. That means the router is immediately detected by any attacker. Any attacker immediately knows that there is a wireless access point with SSID broadcast disabled. Any attacker easily can find the approximity position of the access point. That nothing like "completely undetectable" like you claim.
2. What does it help that an attacker may not know the SSID for 16 hours? To attack the network you'll need transmitted packets of an authenticated association (unless you do a brute force attack). Thus, either way, if you want to attack a specific network of a specific person you have to wait whether you know the SSID or not. If you all you want is a quick and free access to an internet connection you have to wait whether you know the SSID or not. It doesn't make a difference in this respect. Hiding or not hiding the SSID won't make a difference to an attacker.
3. A device "for which you can set whether your network is hidden"? Windows 7. I think a number of wireless connection tools do it, too.
4. Regarding MAC address filter? Correct, until a device uses the access point it's "secure". What does it help? What's the purpose of an wireless network if you don't use it?
5. To crack WPA2 you'll need packets from an associated client. The SSID broadcast or the MAC address filter won't make a difference. If no clients are associated to your WPA2 protected network an attack is not possible because you get obtain data for your attack. This is true whether you disable the SSID broadcast or not. Whether your use the MAC address filter or not.
It won't make a difference to an attacker. The attacker can start once you use your wireless network. But then, immediately, the attacker knows the SSID and the MAC address.
Until then, the attacker can't do nothing except a brute force attack which won't succeed because you have a strong passphrase. WPA2 with a strong passphrase will keep off the "opportunity attackers". The SSID broadcast won't. The MAC address filter won't. It won't require any effort from the attacker.
The only time it would make a difference would be if the passphrase is an easy-to-guess or easily breakable passphrase. For instance, if you use the SSID as your WPA2 passphrase then the disabled SSID broadcast would make a temporary difference to an attack.
But if we are talking about "tightly secured routers" then you will use a strong passphrase which is not easy to crack, not prone to simple dictionary attacks. Security means which are only effective as long as you don't use your wireless network are useless. It would be only effective to power down the wireless completely. But don't rely on means which require you not to use your wireless or as little as possible.
Security is generally not about the number of methods you apply but against who you need security and the methods how to protect you effectively against those.
WPA2 with a strong passphrase effectively protects your wireless network. The SSID broadcast or the MAC address filter won't enhance anything then. The SSID broadcast or MAC address filter won't make the difference to keep out the "opportunity attackers". SSID broadcast or MAC address filter won't make the difference to keep out any attacker. WPA2 with the strong passphrase makes the difference. The only difference.
07-26-2011 01:24 PM
From my perspective, one of the biggest things you can do is change what subnet you are using. What I mean is, every router is setup to create all the DHCP address using 192.168.0.x. The admin service is always 192.168.0.1.
You can edit the address, change it from 192.168.0.x to 192.168.Y.x. Where Y is between 1 and 255.
07-26-2011 01:48 PM
08-01-2011 01:06 PM
I am trying ton secure my router and cannot find the instructions in the forum. Know it is there. Please help. Can you give me the 90????? address to type in to reach the site where this is carried out with the instructions?
08-01-2011 01:19 PM - edited 08-01-2011 01:19 PM
Hi Mary Bosworth and welcome to the forums!
You can secure the router by logging in the router's page and enabling it from there. Please note that you need the router's username and password to get in. If you haven't changed it before, the default username is blank (empty) and the password is admin. Please click on the link below for instructions. Let us know how it goes.
08-27-2011 09:06 PM
Each time, I've reset my Linksys WRT160N v3, so far three times now, because since three weeks ago I've noticed three intruders on my wireless network...
"changeme-pc", "SILVER-PC", and an unknown network device
on my Network Map. My network LOCK was on. So I'm wondering how these intruders have been getting access to my wireless broadband router Internet network? On my network map, I click on my router and then click on "Basic Wireless Settings" or Status Page" which takes me to http://192.168.1.1/Wireless_Basic.asp that says "ACCESS DENIED." Last time it did that, I reset the router by press the "Reset button" in the back with a pen and changed my password... And I was able to reconfigure my router and got access to those pages above. But after 2 or 3 days, I tried to access the "Basic Wireless Settings" page on the network map, when I was taken to the webpagehttp://192.168.1.1/Wireless_Basic.asp, it says:
HTTP ERROR 403
THE SERVER HAS DENIED YOUR BROWSING REQUEST
PLEASE MAKE SURE YOU HAVE PERMISSION TO ACCESS THIS PAGE
I really don't want to keep resetting that router anymore...
My device 1-year warranty is expired...
08-30-2011 02:00 PM
I just stumbled across this thread today and felt the need to comment.
The advice user gv gave above is absolutely correct. The only real security is WPA2 and a strong passphrase. Disabling SSID and/or MAC filtering do nothing to enhance security.
I am a CISSP and have done wireless penetration testing as part of my job, I've broken into networks that don't follow the advice given above. Good security advice seems to be a rarity on the internet, but gv is correct. You can find dozens of articles on the internet telling you how to secure a router any many of those articles incorrectly mention disabling SSID broadcasting and enabling MAC filtering. While defense in depth is important, these features add zero security and only create problems when connecting devices. If you are interested in learning more, take a look at aircrack-ng that is included in the backtrack distro and practice breaking into your home network... and you'll see for yourself that disabling SSID broadcasting and MAC filtering won't make your job any harder. Furthermore, an attacker trying to break your WPA2 passphrase only needs the four-way handshake that occurs when you connect to your wireless access point, then he can go home and run a dictionary attack on your passphrase at his/her leisure.
I don't mean to beat a dead horse here, but I just wanted to second the advice given above. Use WPA2 and a strong passphrase. I emphasize strong passphrase, because there are a lot of very good tools for dictionary attacks. I would suggest a sentence at least 20 characters long that doesn't show up on a google search. A long random string is even better, but that is prone to typos when trying to connect devices to your network. A long passphrase that you can remember is sufficient.
10-02-2011 01:47 AM
Kevin512 - funny thing about google searches: you can concoct a strange and unique text string, sentence, phrase, etc. and search it, and get no hits because no one has ever searched it before...but it then becomes a google record and will show up in subsequent searches. Years ago there was a geeky game that invovled racking up the most unique (no hits) two word combinations...don't recal what it was called, but it was run by one of the contributing editors at Games magazine.
Just putting that out there for amusement btw - I think your reasoning, and this approach to strong password creation is sound.
10-02-2011 11:12 AM
Not sure anyone has mentioned this, but I ran across this method of coming up with passphrases, passwords, etc. some time ago. Take an phrase that you can remember, and take the first letter of each word of that phrase as a letter in your password. For example, the phrase "Into the valley of death rode the six hundred." would give you the password "Itvodrtsh.", which is kind of short, but it is just an example. You can add variations in capitalization, interleave digits in a way that you can remember, and so on. You might still have to write it down, but would have a shot at remembering it.
Another idea is to use on of those applications that allows you to lock your passwords up, and just have one "master" password that you need to remember. So you just need one great password *smile*, which is the key to the rest. The downside of this is that if your one great password turns out to be not so great, then all your passwords are at risk.
10-13-2011 09:59 AM
I must say that the advice given by gv and supported by kevin512 is thoroughly sound. Use a strong passphrase. ALWAYS. To make it more secure, try and replace letters with numbers (hax0r-style) and add punctuation within the passphrase. Think of something that wouldn't show in any Google searches. I have my Linksys secured with AES and a 16-digit passphrase containing letters, numbers and punctuation and for quite a few years, my network was safe and still is. I don't worry about my network being advertised (yeah, the SSID is set to "enabled"), nor do I care about MAC-filtering since the MAC address CAN be changed. Bottom line: use a STRONG passphrase encrypted with AES.