# Best Security Options for Cisco Linksys Wireless N Broadband WRT300N Router



## willmon18 (Apr 22, 2006)

The settings I have now are to not broadcast the SSID have it set to a maximum of 3 users and on top of that I have the wireless mac address blocking enabled. So then only the people with either my laptops mac address or my computer towers mac address can access the network. How I have it set up is having my skyway usa modem plugged into the router's internet port and have one other computer plugged into one of the ethernet ports of the router. I don't have the mac address set to allow and block on the ethernet ports for the router because I don't know how to set it. I am quite certain there is probably a way to make a wireless router think that a wireless network card is a wired card. I don't have any security key set because I think that since the SSID isn't broadcasted they shouldn't know what the SSID's name is the only thing they would see is Other Network and I don't know if there is a method to end up knowing what the SSID is. I am going to need to change it though because I am sure eventually anyone that trys to get in would eventually figure it out since it is the default name the router gives for it. Other than this I don't know what other information to include as I don't know how else a person can get in with the settings I have.


----------



## johnwill (Sep 26, 2002)

First off, most of thse security measures are anemic at best. FYI, even though you aren't broadcasting your SSID, it's trivial to find it. All SSID hiding and MAC filtering do is make it hard for you to use your own network.

The only real wireless security is encryption, and you should be using at least WPA with a strong 20 character or more encryption key.

*A good read: **The Six Dumbest Ways to Secure A Wireless LAN*


----------



## willmon18 (Apr 22, 2006)

That is an interesting article. Though I haven't been to school in about a year and I barely passed the class I still remember quite a bit of what I learned about wireless networks. I know that disabling the SSID broadcast doesn't do much of anything as if you get the right tool I am sure it can recieve some packets and instead of seeing Other Network as the SSID you would get the correct SSID to use. Now on the part of the Mac Address filtering I never did get it as it is quite stupid of how it works. As if you have the mac address the router will let you in. Don't you think they should make it like real life? As in if the router finds that the mac address is already in it should lock out the other person that is trying to get in. But this would still end up leaving one flaw as if you aren't on and someone ends up getting your mac address and wait till you are off the network and then get in with your mac address then you wouldn't be able to get in without doing a few things with the router. And as for the person that is on your network I forgot on how to remove them from it when they are on it. I would limit the signal but what would be the point as I know there are antennas that are sold online that can make anyone around me easily get the signal. But I don't think there would be anyone in this area that would even bother as I can't pick up anyones wifi without going outside and there isn't many that show either. I suppose I need to secure my network with a WPA2-PSK with AES encryption then? I really need to have something that is nearly impossible to hack as I am going to be getting a wireless router connected at my brothers apartment and there are plenty of people around that would try to get into any network.


----------



## johnwill (Sep 26, 2002)

If you use WPA2-AES with a strong random key, none of the other measures will be necessary, and you'll be as secure as you can be with current wireless technology. I'm not saying the three-letter government agencies can't crack it, but nobody you're going to run across is going to get in. :smile:


----------



## willmon18 (Apr 22, 2006)

Well now I know exactly how the Mac Address verification can work. It can be just like on some websites for usernames and passwords as well as how a security guard at a place is. Basically you can have a usb stick with a picture that you plug in and then unplug. Then the router will see the picture on the usb stick and have your mac address. Now if someone else trys to get in with your mac address it will know you are already in and it will also want a usb stick in particular with a particular picture on it for verification. I wonder if they have this for routers yet. If not it would be a pretty good security measure aside from WPA2-PSK AES I think. What do you think?


----------



## johnwill (Sep 26, 2002)

Well, I think that MAC filtering is totally unnecessary with WPA2-AES, so it's somewhat pointless to worry about it. :wink:


----------



## willmon18 (Apr 22, 2006)

I believe the password I have is nearly impossible to break. An example of a good password that I think would be [email protected] gHijkL,789101 My password isn't as through as this but I do have capital letters with at least one symbol and a space. But the Mac address thing I was talking about I believe would be something that could be implemented but it would be making it harder on you to get your network set up and to have to put in your usb stick in and out each time you want in. But I would just think it is too much the trouble and stick with what I have set up now. Anyways thanks for helping me set up a viable security measure for my router as I am sure there are plenty around here where I have the router that people just pull in to the gas station next door and if the person knows enough just "borrow" any wifi they can get.


----------

