[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 01/09/13 11:07, Daniel Robinson wrote: > So what are the recommendations before another of my posts goes completely > off topic! Ah yes, sorry about that... well, you've really got two, maybe three options for getting wifi set up: 1: Use whatever crappy router your ISP sent you, and try and secure it as best you can 2: As mentioned, get a 3rd party router that you can flash with Tomato, OpenWRT, etc 3: Use a computer, with a wifi card or several, and setup your network with that That is in ascending order of security, complexity and price all at the same time. Your free ISP router is the least customisable, will have the weakest security, lowest range and will generally be crap but it is both free and probably available to you right now. I've got one of these from Virgin and although I've turned off UPnP, WPS and so on, I don't particularly trust it but it's fine for providing a general guest wifi network for quick casual access and it runs 24/7 with no problems at all. Getting a third party router means you will have to find a well-supported model and buy it, probably from Ebay. It won't cost you much, but it is much more effort. In return, you'll get a massively more customisable router with full support for pretty much anything a Linux networking box could give you - QoS, port knocking, filtering, the lot. You will also no longer have to trust the undoubtedly needlessly crippled, probably vulnerable firmware your ISP foists upon you and can remotely reflash at any point. Option 3 might not actually be the most expensive, particularly if you can rustle yourself up a free computer from Freecycle or your job rifling through the old Currys in Exeter. Ideally, as it's going to run 24/7, a low power (potentially a job for a Raspberry Pi?) solution might be best as the low cost of a donor machine might end up being cancelled out by it's inefficient PSU gobbling your mains power constantly. Perhaps one of those mini-clients that Gordon is offering might fit the bill if you can be bothered coaxing it back into life, that'd probably be a pretty low power solution. Anyway, once you've got your PC, stick a wifi card (get a good one, and by that, I pretty much mean an Atheros chipset) and as many extra NICs in it as required. Grab your favourite customised router/gateway/network-in-a-box Linux distro (ClearOS, IPFire, Smoothwall... there are many to choose from - also BSD style like Monowall, pfSense, etc) and set to work building your own little solution. Option 3 will require the most work and will by far and away be the most powerful, reliable and secure system. I do this at home as well as option 1, running a normal but very heavily customised and hardened OpenBSD system with 4 NICs and 2 Atheros wifi cards on a dinky little venerable Pentium II 450MHz w/ 512Mb RAM. It's been working 24/7 for years and I virtually never have to do anything to it, just read my logs and make sure the poor old thing hasn't finally died every now and then. So there you go - as usual, you were asking hopefully about magic anti-hacking solutions: I'm afraid there aren't any my friend! Just do your best to avoid really stupid things (like leaving WPS on, or choosing WEP...), make sure your root password isn't "password123" and read a security article every once in a while and you're done. Right, hope that actually answers your original question a little better this time around. Cheers -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq