I installed a combination wired/wireless network in my home. Wired the basement when I finished it out and have a wireless router that allows me to access the network from anywhere else in the house.

I do not turn off SSID broadcasting simply because, as I unerstand it, any device that can scan for a wireless access point will find any live access point. Jusr because the access point doesn't send out an SSID doesn't mean it cant be found (I'm pretty certain that I'm correct in this...if someone knows better, please chime in).

I do turn ON WEP encryption for all wireless stuff, use 128 bit encryption and a long encryption keyword.

A key security thing I also do is to use a variation of static IP address. What I mean is this...when I initially set up the router, I will leave DHCP on (router automatically assigns IP address') but define a limited number of IP address for the overall network. By limited, I mean only enough for the devices that I'll have on the network. I then set up and connect each device to the network and go into the router admin screen and lock each devices MAC adddress to whatever IP address the router assigned. Do the same with the next device etc...

As I add new devices, I go back to the router admin screen, increase the network IP address range by 1 and go through this process again. End result....even if someone were to get by the WEP encryption the system would not assign an address (even though DHCP is on) because I've limited the IP address to only those for the devices I've attached/autorized) and even if a device is off (it's IP address is potentially available), a hacker would have to have the specific MAC address associated with that IP address to get on the system.

I know this sounds complicated but it really isn't after you work through it once. Takes me all of 5 minutes (maybe) to add a new device to the network.

Bottomline is that I end up with a system that is pretty close to airtight, but very flexible. Once my devices are set up (laptop, wireless PDA etc..) I can get on the network with anything at anytime. When my kid's come to visit, I just have them use a wired ethernet port. All I have to do is logon to the router, increase the IP address range, have them hook up and then lock their MAC address to the new IP address. After that I just leave it set so they can plug right in next time they come to visit.

I leave the router firewall on and run Zone Lab's software firewall on all PC's in the house. The network connects to the outside world via encrypted wireless broadband ISP (my router's IP address is private/cant be pinged or accessed from outside) and I've had absolutely no problems (knock on wood).

You seem to have two related threads on the forum here...
My take is that anything electronic with any level of intercommunication is vulnerable at some level.

I am a staunch proponent for dedicated systems in home control, as an example, and security is only one concern. I do not want my clients to have to sit through 3 hours of tech support from India to get their lights back on when a worm infiltrates their all-in-one Bill Gates internet portal, media server, and home automation controller PC.

As for the related question on the other thread, I vote to leave the security consult and network administration to a specialty IT services company. It is difficult enough to delegate time and money to keep a staff trained with the changes in our own industry, much less take on a lightning fast changes of the IT industry.

I do believe that someday soon on-call emergency techs, like the "Geek Squad" model, will be the as common in the the US as the ubiquitous Roto Rooter vans and locksmith trucks.
I imagine 24 hr. dispatched on-site tech service with dozens of little VW Beetles in every city full of propellerhead kids fixing hardware and software issues to make out homes work again.

What's the advantage of this versus just turning off DHCP and using fixed IP's? I've never understood why in a residential environment the reason for Dynamic IP addressing. In fact, with port forwarding and accessing various HA web servers, it makes more sense to fix the IP's anyway. In the old days, when using 95/98/NT required a reboot of a laptop when moving from home to on the road, maybe, but now with 2000/XP even that doesn't make sense.

An electrician friend of mine wacked some lady's PC power supply (wasn't his fault) right when she needed to get some work done in her home office. It was some proprietary power supply in a Gateway or something. If I had shown up and repaired/replaced that power supply. I could have invoiced for $400. Maybe I should get an old ambulance and go Ghostbuster style.
-Bill

Huh??? That is how people SHOULD perceive technology, but unfortunately that is a broken promise and in my opinion is anything but how many (most?) people perceive technology. That's why I'm able to stay in business selling expensive AMX and Crestron systems - because people so desperately want technology to make their lives simpler but instead most of the time it only results in cursing and raised blood pressue. The perfect evidence is the absurd machine beneath my fingers. I've got a brand new HP top of the line laptop. As usual, with just about every PC, it crashed within 15 minutes out of the box. And then again. Yesterday after about 2 months the machine would no longer reboot and gave me some absurd message. I had to re-insert the XP disc and spend two hours doing a Chk Dsk to fix the problem. How in the world would the average person have even known what to do? I'm afraid many people think our lives were easier when we were using pen and paper and typewriter. They may not be right, but they have a point.

Karl,

Try this. Remove your wireless lan from the list of preferred networks on your computer. Then log on to your router from a wired computer and turn off "SSID broadcast" . Now search for wireless networks. I just helped a friend of mine with his wireless router that the service provider set up for him. When I got there my laptop could find his router (still named linksys). Once I had finished setting up WEP, turning off UPnP, turned on block anonymous ping requests, and a few other things my laptop could not find a wireless network in range.

Now, I'm SURE there's some way still to find it but not as easily. There's a way around everything. :-)

Also, if you are using 802.11g only product then turn on WPA instead of WEP. WPA is the newer standard and supposedly more secure.

Hope this helps!!

Robert, the reason I do it this way (only advantage that I can think of) is this...if we have someone over, who needs internet access through my network, I just have to log into the router and enable an additional DHCP address for them. Other wise, they would have to go into their system and plug in an IP address that I give them along with DNS server address' etc...

This just makes it a bit simpler for guests and it takes me no more than 4-5 minutes to dot his and lock their MAC address into the router so they can then use it whenever they like (perhaps they're staying over for several days...who knows..).

Last but not least, open IP address' can be scanned for and potentially utilised. Locking an IP address to a MAC address in the network interface card provides an additional level of security with no real additional complication.

Hi Julie,

Actually, I've been surprised by the lack of concern about security. When I configure wireless networks I enable every security measure available as a matter of course, but no one ever asks about the measures I've taken. Recently, I installed a network for a client with Macs (most have PCs, of course) and found that a bug in the OS prevented the SSID and WEP key from begin saved on both systems. The customer was forced to reenter both each time when waking up or restarting. Finally, he asked for network security to be disabled, with no apparent concern other than convenience.

In another example, i installed a telephone system with voicemail. The voicemail system required users enter passwords (if previously established) even when retrieving messages locally. They were put off by the inconvienience of having to enter passwords, and never established them even when I explained that unauthorized outside callers with a rudimentary knowledge of the phone system would easily be able to retrieve private messages otherwise.

Bottom line: for most users, convenience easily trumps security.

bcf1963,

Remember above about bluetooth, security, etc.? How about this:

"CommWarrior attempts to spread by sending messages via Bluetooth wireless connections and Multimedia Message Service--different from the Cabir virus, which only used Bluetooth to proliferate."

The quote above and the article can be found at:

[Link: news.com.com]

As I said, I wasn't sure but wasn't bluetooth part of the security issues with phones?

Please try to be nice when telling someone they're a dumb*#s piece of worthless s**t and that they must be a neanderthal or something. We're all here to learn from each other, share ideas, help on problems jobs, etc. Why be so rude when even YOU do not have such infinite wisdom about everything... AS THE QUOTE ABOVE SHOWS

Whatever. I'm still disgusted by it AND you

I always get a kick out of misspellings, usually unintentional, but in this case I'm sure there are some leaders that should be "assinated".

Saw the same story. It definitely said Bluetooth equipted phones were the ones being hacked.

It went on to say, at the moment, the only damage being done was to run down the phones battery.

Not saying yea or nay, just that that was the info that was being output by the media last week.

I guess I deserved that. I still wish this site had spell check as I do not need any additional help to prove how dumb I am.

Alan

QQQ, How did you make out with Carly Fiorina's parting gift in your computer?