I have come across a lot of guidelines and tips on securing WiFi access points. The actions that can be taken include disabling SSID, using WPA2, employinmg MAC address filter, not to use default factory settings, changing admin passwords, turning off DHCP and just asking client to use static IP address, and finally only logon to the access point through LAN instead of wireless.
Strange ! For DHCP config or static IP config, nobody mentions about changing the default network of 192.168.0.1/24 to other difficult to remember RFC1918 range such as 10.97.103.0/24 and the Access Point IP address from 192.168.0.1 to some IP like 10.97.103.29 etc. It is easy to launch an attack if APs are riding on 192.168.0.1 and bad guys need not try other IP addresses. I tend to think the reason for not doing this is home users must be familiar with RFC1918 IP ranges and the subnet masks.
No comments:
Post a Comment