WirelessPirate.net

Fun without wires

Securing My Netgear Network

without comments

On advice from someone who works in the DSD (pretty good advice on this sort of thing I’d say!), I went about securing my network as soon as I had it installed. This is basically all I had to do;

  1. Get connection going normally (unencrypted) between my WAP and my wireless-card-equipped laptop.
  2. Log into the admin interface on my WAP/switch
  3. Under the ‘Maintenance’ section, go to ‘Set Password’ and change the admin password for the administration interface (default is ‘password’ on Netgear devices)
  4. Under ‘Setup’ go to the ‘Wireless Settings’ and configure the WAP with the following details;
    1. Region: Australia (don’t know why this is required, but set it anyway)
    2. SSID: ansible (see previous post about origin of this name)
    3. Click to ‘Configure WEP’
      1. Leave ‘Authentication Type’ on ‘Automatic’
      2. Set ‘Encryption’ to 128-bit
      3. Enter a passphrase (remember it, will need for the PC Card later, and if anyone else is going to access this network)
      4. Click ‘Generate Keys’ and ‘Apply’ when done to save it all to the WAP, this will reboot WAP to initiate settings (losing wireless connection in the process, because I am no longer authorised to connect!)
  5. On the ‘Security’ tab of the config utility for my PC Card (on my laptop) adjust the following settings;
    1. ‘Enable Encryption’ (check this box to turn it on)
    2. Change ‘Key Length’ to ‘104/128 bit’
    3. Under ‘Create with Passphrase’ enter the same passphrase as was used on the WAP
    4. Click ‘Apply’ to save the settings, then go to the ‘Status’ tab and click ‘Re-Scan’ which connects back onto the WAP (using encryption this time)
  6. Now that we are connected using WEP, we are little more secure, but we also want to restrict connections to only certain MAC addresses (the hardware signature of the PC card).
  7. Get the MAC for you wireless card; I got mine by going back to the WAP admin, then selecting ‘Attached Devices’ under ‘Maintenance’.
  8. Again, under the ‘Wireless Settings’ under ‘Setup’ in the WAP admin interface, we now click the ‘Trusted PCs’ button under the ‘Access Point’ section (to specify trusted PCs)
  9. Enter the MAC for your wireless card in the space provided and click ‘Add’ – mine came up with the name of my machine next to the MAC, so I assume it is either encoded in the MAC, or it contacted my machine and asked (?)
  10. Click ‘Back’ when you’re done so we can turn on the security access based on MAC.
  11. Now select ‘Trusted PCs only’ under ‘Allow access by:’ so that only those machines on your trusted list can connect.
  12. Click ‘Apply’ to save these changes and reboot the WAP. You should reconnect successfully once it’s on again, since you are now on the trusted list. If you have another device, try connecting to confirm that it’s secure. I haven’t been able because I don’t have anything else, but I assume it just won’t be able to connect πŸ™‚

More security info to come, including some experiments with things like AirSnort hopefully πŸ™‚

Written by Beau Lebens

October 19th, 2003 at 4:00 pm