I'm not going to get into specifics on anything here, as I have no desire to write pages and pages on this topic unprompted. This is just a surface level
overview of what I can remember at the time.
1) change the default password on the device. This should be the first thing you do after plugging the device in. Because yes, there are malicious programs out
there that know and will try the default passwords for the popular network gateways.
2) turn off remote management (allowing anyone on the net to pound on the router guessing passwords all day long is bad).
3) Firmware upgrade
I don't know what version of firmware shipped on the device, but according to linksys's website the current version is 1.00.01.17
4) Change the SSID to something meaningful rather than the default.
5) mac address filtering: Only useful to prevent casual snooping. provides no real security.
6) Wireless security:
WEP is laughable
WPA is ok
WPA2 or best
The longer the passphrase the better. It doesn't have to be insane, but mixing case, letters, numbers, and symbols is a good thing. Dictionary words are
bad.
7) UPnP
While useful, I think the general lack of transparency (what is currently changed, when are changes reverted, and who has change rights) render it far more of
a security concern that it is worth. Unless you absolutely need it, don't turn it on. The fact that an infected device can use this to pwn your entire
network is a bad thing
8) Positioning of the antenna: they should be parallel (as close as you can get to exact), and vertical. If you expect to leave this in an area where they
might get knocked around, cutting a stabilizer out of paper is a good idea.
9) wireless B/G/N: select the maximum setting that all your wireless devices can operate with (probably G) and set it to that.
Most residential devices do a poor job of handling mixed mode settings and will slow everyone down to the lowest common denominator.
10) Selecting a wireless channel:
Technically there are 11 channels you can choose from. Realistically there only 3 of those are useful: 1, 6, 11
Bleeding and low quality electronics render the rest worthless. Depending on how densely populated your area is, you may have other wireless signals in your
area. If you do, you should be able to see the channels they operate on when you select a wireless network on your laptop. Chose the one that is not used (or
has the weakest interference).
And once you the settings like you want them, make a backup of the configuration, this will save pain and suffering later on if you have to reset the device.
See anything else in the setup that confuses/interests you? They are cramming more features into these boxes every day and I fully expect to have missed
something.
Anyone else think I missed something (or got something completely wrong)?
I've poked at the documentation for OpenWRT some more, and unless you know exactly what you want to do ahead of time that the current firmware doesn't
support, I wouldn't recommend it. I like the tomato firmware because it has more features with a better UI. OpenWRT definitely has more features than the
standard firmware, but the UI leaves much to be desired.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy
overview of what I can remember at the time.
1) change the default password on the device. This should be the first thing you do after plugging the device in. Because yes, there are malicious programs out
there that know and will try the default passwords for the popular network gateways.
2) turn off remote management (allowing anyone on the net to pound on the router guessing passwords all day long is bad).
3) Firmware upgrade
I don't know what version of firmware shipped on the device, but according to linksys's website the current version is 1.00.01.17
4) Change the SSID to something meaningful rather than the default.
5) mac address filtering: Only useful to prevent casual snooping. provides no real security.
6) Wireless security:
WEP is laughable
WPA is ok
WPA2 or best
The longer the passphrase the better. It doesn't have to be insane, but mixing case, letters, numbers, and symbols is a good thing. Dictionary words are
bad.
7) UPnP
While useful, I think the general lack of transparency (what is currently changed, when are changes reverted, and who has change rights) render it far more of
a security concern that it is worth. Unless you absolutely need it, don't turn it on. The fact that an infected device can use this to pwn your entire
network is a bad thing
8) Positioning of the antenna: they should be parallel (as close as you can get to exact), and vertical. If you expect to leave this in an area where they
might get knocked around, cutting a stabilizer out of paper is a good idea.
9) wireless B/G/N: select the maximum setting that all your wireless devices can operate with (probably G) and set it to that.
Most residential devices do a poor job of handling mixed mode settings and will slow everyone down to the lowest common denominator.
10) Selecting a wireless channel:
Technically there are 11 channels you can choose from. Realistically there only 3 of those are useful: 1, 6, 11
Bleeding and low quality electronics render the rest worthless. Depending on how densely populated your area is, you may have other wireless signals in your
area. If you do, you should be able to see the channels they operate on when you select a wireless network on your laptop. Chose the one that is not used (or
has the weakest interference).
And once you the settings like you want them, make a backup of the configuration, this will save pain and suffering later on if you have to reset the device.
See anything else in the setup that confuses/interests you? They are cramming more features into these boxes every day and I fully expect to have missed
something.
Anyone else think I missed something (or got something completely wrong)?
I've poked at the documentation for OpenWRT some more, and unless you know exactly what you want to do ahead of time that the current firmware doesn't
support, I wouldn't recommend it. I like the tomato firmware because it has more features with a better UI. OpenWRT definitely has more features than the
standard firmware, but the UI leaves much to be desired.
-Terry
-----
"so listen up boy, or pornography starring your mother will be the second worst thing to happen to you today"
TF2: Spy