Welcome back! I'm glad to see you are not interested in "just" being secure, but you want to be very secure. There are pros and cons to this. You know the pros. Security! , but first of course is my:
DISCLAIMER: While every reasonable precaution has been taken in the preparation of this document, the author is not responsible for errors or omissions, or for damages resulting from the use of the information contained herein.
The information contained in this document is believed to be accurate. However, no guarantee is provided. Use this information at your own risk.
OK. Here are the cons:
- No DHCP (Dynamic Host Configuration Protocal) Server. You will need to set your IP addresses manually on all the wireless and wired clients you want to hook to your network.
- No viewable SSID. You will have to remember the name of your wireless network, then manually join wireless clients to your network.
- No standard IP address for your router. You will have to remember what you set that to. (This is easy as you can always check the IP address of a computer connected to your network.)
- MAC (Media Access Control) will be used. This is like a computers finger print. You will have to remember to allow this computer into your network. Unless they are explicitly allowed to join the network they will not be able to unless this step is complete, even though they know the SSID and Shared Key.
Note: on't make these changes with a wireless client. You will not be connected for very long if you do. Use the computer that is hard wired to the router. PRINT this document or save a copy of it local on your computer. There will be places where you will not be able to get to the Internet to read this until some changes are made. You need this document to make those changes. This documentation has been done with Windows XP. If you have Windows Vista the documentation will not match exactly. The settings are the same, but getting to the place the settings are made will be a little different. Read through this document before making any changes.
Please be aware that these are no rock solid guarantees to keep people out of your network. These following steps are simply deterrents, and can be gotten around if the intruder wants in bad enough. If you have gotten to this point I need to make something perfectly clear. The encryption you are using is your number one defense. Don't do these steps if you have set a key like "mynetwork", or used WEP for your security. Use the strongest security available (WPA-AES) and have at least a 20 character key with numbers and upper/lower case characters. There should be no words in there that can be found in the dictionary. That being said let's get on with the deterrents.
Go into the local LAN settings and change the IP address of your router. If the default IP address of your router is 192.168.1.1 change it to something like 192.168.112.86. You can use 10.x.x.x or 172.16.x.x. Replace the "x" with any number under 255. Remember the number you used as it will become the default gateway and the DNS server for your network and you will have to set it in the client since we are going to disable DHCP. Make the changes and apply them. This makes guessing your IP range harder for the intruder. Leaving it set to the default just makes it easier to get into your network.
The computer hard wired to your network should still be able to connect to the network since it is using DHCP to get an IP address. You will have to change the address in your browser to the new IP address to get back into the router settings. That will change with this next step. You will have to hard code the IP address in the client to be able to get back on the network.
Go into the web interface and to the LAN settings. Find the DHPC server and disable it, or uncheck enabled. Save the settings. At this point you will not be able to get into your network. You have just told your router not to give any computer an IP address. If they want in they need to know an IP address that fits the network. To get back into your network we need to do this.
- Right click on My Network Places and choose Properties.
- Right click on the Local Area Connection that matches your Ethernet adapter. If you have a wireless adapter you will see two. Choose the LAN connection, or the one that is hard wired to your network. Choose properties.
- In the box labeled This connection uses the following items:
- scroll down to Internet Protocol (TCP/IP).Click on it then click on the Properties button.
Click the Use the following IP address and Use the following DNS server addresses radio buttons. The boxes will become white and you can enter data into them. Enter the following data: This is what you would enter if your routers IP address is 192.168.89.1
- IP address: 192.168.89.2
- Subnet mask: 255.255.255.0
- Default gateway: 192.168.89.1
- Preferred DNS server: 192.168.89.1
Click the OK button and you should be able to get back in to your network from a hard wired computer. If you have a wireless adapter you will have to follow these steps in your wireless clients to allow them back into the network.
Note: ***You cannot have any clients with the same IP address***. Increment the last number by 1. Example, the wireless client would have an IP address of 192.168.89.3. The Subnet mask, default gateway, and DNS server address will not change. Keep then the same on all clients.
Your wireless client should not be able to access the network. Let's make a few more changes before we join it to the network.
Next we are going to enable MAC filtering. This will only affect wireless clients. What you are doing is telling the router that only the specified MAC addresses are allowed in the network, even if they know the encryption and key. To do this go to Wireless Settings and find a box labeled Enforce MAC Filtering, or something similar to it. Check it an apply it. When the router reboots you should see the MAC address of your wireless client in the list. You can find the MAC address of your client by opening a DOS box like we did earlier and enter "ipconfig /all" without the quotes. You will see the information about your wireless adapter.
If you want to allow other wireless clients into your network you will have to edit the list and allow them. MAC addresses can be spoofed, but this is another layer of security that you can implement.
So far we have changed the IP address of your router, disabled DHCP and set MAC filtering. I will take it for granted you had, or have changed, your encryption to be as strong as possible. The last thing we will do is not broadcast your SSID. What this means is where you look for Available Wireless Networks you will not see yours.
To disable the broadcasting of your SSID from the web interface for you router go to Wireless Security and uncheck Broadcast SSID and apply it. Your router will reboot.
Now, on to the wireless clients. You will have to assign your wireless client a static IP address. Do the exact same steps as above to do this, but choose the wireless adapter. Once you have a valid IP address you should be on the network. Your wireless client already knows of the SSID and the settings. If you View Available Wireless Networks your SSID will be there.
If you bring in another wireless client it will know nothing about your network. You will have to do the following to get it into your network.
- Set your IP address, Default gateway, etc... on the new wireless clint
- From the Available Wireless Networks dialog choose Set up a wireless network for home or small office.
- Select Create a new connection.
- The Welcome to the Wireless Network Connection Setup Wizard will start. Click Next.
- Enter your Network name (SSID): "your network name"
- Select Manually assign a network key
- Check Use WPA encryption instead of WEP (WPA is stonger than WEP but not all devices are compatible with WPA).Click Next
- Enter your key twice. Click Next
- Choose Setup a network manually
- Click Finish
You should now be connected to the wireless network.
This concludes PART3 if you would like to get things even stronger please review the final chapter PART4
A direct link to this article, complete with images can be found at TechAlternatives
Helping you Discover Your Choices
Article Source: http://EzineArticles.com/?expert=Keith_Hagans
comment 0 التعليقات:
more_vertsentiment_satisfied Emoticon