but can be quite often IMHO more trouble then its work for securing your network.įor the soho. if you do not have to auth to access your network. Sure it keeps people from mistakenly connecting to your network. just another step you will have to take, every time you want to add a device to your network. Change it to something other then what all the default ones in the are area - just so you know which one is yours ) Can be very useful even in a wired network - keeping salesmen, guest, etc from just plugging into your lan, getting an IP and spreading the latest worm across your infrastructure.Īs to turning off SSID broadcast, thats not going to stop anyone - maybe the old lady across the street, and is just a waste of time and makes connecting to your own network a bit more complicated.
Since they must be authenticated before making available any services offered by the switch or the LAN. It is also Port-Based Authentication, and can be used to prevent unauthorized devices (clients) from gaining access to the network. It supports multiple authentication methods, not just smartcards and or certificates.
but most likely WPA-802.1x would mean using a radius server to auth the client with username and password.Ĩ02.1x also known as EAPOL is a framework for authenticating and controlling user traffic to a protected network is all. 802.1x is is simply a standard for passing EAP (Extensible Authentication Protocol) over a wired or wireless LAN. To be clear, 802.1x does not mean there is a smart card or digital cert involved.
PA-802.1x is also known as PA Enterprise - its for if you need an even higher level of security than a password like a smart card or digital certificate. Thing is, it all depends on how evil you think your neighbours are. The first one and the last two are mostly to **** potential hackers off and disencourage them. instead of 192.168.1.1) I can't remember if it was advisable to set the router's IP to any random one too. There were another things to make a WiFi network safe.
That's how I learnt how to make mine secure. I once read a guide to "hack" WiFi networks. Use WEP only if there is no other choice, heh. So if all the devices (computers, most likely) are compatible with WPA-PSK, then go for it! However, if most routers nowadays still include WEP encryption (even though it's known to be weak) it's because there are still WiFi devices that only have support for it. I think there is WPA2 encryption, the newer, the more secure it is. If your's doesn't allow that, then you can assign IP addresses manually at each device and set the DHCP assignment range to 1.I don't know what you mean with WPA-802.1x either.Īnyway, WEP is weak encrypcion, and WPA-PSK is better, with one of those TKIP passwords or something hehe. To take advantage of Wireless Ns great speeds, you need to use WPA2/AES wireless securityeither the personal (PSK) or enterprise (802.1X) version. Using the WEP or WPA/TKIP encryption methods on your Wireless N network can dramatically reduce throughput. Just like static addresss but controlled from the router instead of each system independently. For Best Performance, Dont Use WEP or WPA.
This works for both WiFi and wired connections - say like a guest staying with you for a few days.įor my router, MAC filtering also allows me to predetermine the IP address to be assigned. This moves the problem (of control) to one of managing IP address assignments. then config the firewall(s) to allow Print/File sharing on the former and denied to the latter.It’s been superseded and is no longer a secure option. WPA-PSK (TKIP): This is basically the standard WPA, or WPA1, encryption. WEP 128 (risky): This is simply WEP with a larger encryption key size. get everything else at some other range (x.y.1.100->200) WEP 64 (risky): The old WEP encryption standard is deprecated and extremely vulnerable and should never be used.get all known systems into a small range of ip-addresses.Here's my method of controlling the problem.
They would get Internet access thru your router+modem.Īccessing your other systems is a firewall issue (on each system). The 'break-in' would occur on the WiFi-SSID side which is actually on the LAN side. Very good - You're seeing the issues well