Question : Need to secure Netgear wireless access point WG602

Hi:

Just added a Netgear WG511 (wireless access point) to my wired network (Netgear RT314 router).   To set it up, I did very little -- just plugged it in, installed the drivers for the wireless card on my notebook, and voila, I was connected.

I know there are security steps I need to take to lock down my setup, but I'm not sure I understand them.  I tried to enable WEP but as soon as I did, I lost the connection to the laptop.  I didn't understand how to generate the keys.  I would also like to turn off SSID broadcasting but haven't figured out how to do this yet.

Lastly, I am wondering if I need to install a software firewall if I have a hardware firewall (the router).  I have no idea how safe my network really is.

Can anyone tell me if I'm missing anything really obvious, or better yet, point me to a website that explains these things in a non-technical fashion for a network newbie like me?

Thanks bunches!

Deanna   ;-)

Answer : Need to secure Netgear wireless access point WG602

DeannaRV,

I have pretty much the same setup at home.  What Kronostm wrote is pretty good, about the security.  I would just add that if your Netgear s like my Linksys, then there's a page where you can simply disable the SSID broadcasting by unchecking it.  

You can go into your laptop/desktop and type: "ipconfig /all" at a command line to retrieve the "hardware address".  This is also called the MAC address - of your Network Interface Card (NIC).  You can go into your Netgear and put this hardware address in as being allowed to connect to your Netgear and nothing else will be able to, unless hacked as mentioned above.

I would recommend changing the administrator account if you're able to - whatever the default is widely known.  So, if you can change "admin" to "mydogspot" or whatever, that's better.  Definitely change the password - instead of using something easy to guess like "spot" you could use $P0t (dollar P zero t) and it's not as easy to guess or use a "brute force" hack.

You can enable WEP and put the same string on the Netgear and your laptop/desktop.  This can be hacked, but it's better than nothing if you're concerned about security.

Finally, use a different channel - like 6 or 9 or whatever.  This is pretty easy for anyone to find, but it's just one more step - a newbie would just use channel 1.

As Kronostm said, nothing is totally 100% secure, except unplug it, turn it off, encase it in conceret, etc.  What you're trying to do is DETER somone instead of leaving the door open with the porch light on.

As far as software firewall behind your "hardware firewall".  First, know that your router is not really a firewall unless it does a thing called "stateful packet inspection".  This means that when a request goes out, it makes a note of it and inspects the reply coming back - if the request is in a table somewhere and it's related and expected, it will let it in.  Otherwise, it will drop it.  SOHO routers do a thing called Network Address Translation (NAT) and port forwarding.  This is definitely good and helpful, but not 100% secure.

So, a software firewall is an added layer of security.  BUT, more than protecting you from things coming in, I like them for things going out.  A good firewall like ZoneLabs Zone Alarm Pro will let you know when a program is trying to make a connection going out - this is great for catching spyware, viruses, etc.

And, it's defense in depth - which is a prime tenent of security.  If someone breaks in through the outside firewall - the NAT router - they still have to deal with the inside firewall.

I highly recommend Zone Alarm Professional - you'll have to pay for it, but it's worth it.

And while we're talking about security, you also ought to get some good spware programs like Spy Bot and Ad Aware and a good anti-virus program - which you can configure for automatic updating.

HTH!