Question about firewalls

[Mike6080919395]

I have an N600 router which I believe has a built in firewall, but what I want to know is how safe are the defaults on this router so long as I disable SSID broadcast, change the router password, enable mac address matching, and the wifi password WPA2-PSK, and limit the overall wifi power level to keep access limited by distance.

My next question is whether its worth even keeping windows 7 firewall on with a router being installed on the network?

Finally I want to know if there is a way to remove all previous SSID names what were created from old wifi routers when I created new networks, then I reset the router to defaults. I have about 6 old SSID names still showing up and I fear that if one is open its a direct access point. Eventhough I have reset the router and assigned brand new settings. I would feel much better if those SSID's weren't showing up under available wifi connections anymore. For some reason those SSID's are still showing up even after multiple resets.

[Cudni]

From what you mentioned: don't bother with disabling ssid, in fact don't disable it. I has no bearing whatsoever on router security. Change router password, enable WPA2 with a complex and long passcode (over 20 chars). The rest is neither here nor there in terms of security.

Personally I'd keep Win fw on

Where are those multiple ssid showing? Not on router

[luciddream]

I recently did some research on this subject as well as I set up a wireless network. I concur with Cudni, do not disable SSID broadcast. Anybody that wants to sniff it can do so quite easily anyway, and it can actually make you more vulnerable to man-in-the-middle attacks because your computer/adapter is continuously searching for this broadcast, kind of like asking "where you at"?

IMO, make a strong WPA2 password, 63-64 digits long, and keep it on a piece of paper in a safe place in case you ever need it. You can check out "perfect passwords" on GRC if you'd like more information regarding this.

I personally do the same with my router password, make it very long and keep it written down.

I saw much debate about how useful MAC address filtering is. Many say it's pretty moot with a strong WPA2 key, and that if somebody gets by the encryption they'd quite easily bypass this as well. Sounds logical to me, but the way I see it, it certainly doesn't hurt, so why not do it?

If you can change your username to something other than the default (usually "admin"), do that too. But many routers cannot do it.

There may be a setting in there for RIP direction, listening, ect... I forget exactly what it was called. But disable that too if it's there.

Change your router IP address to something other than 192.168.1.1 This only helps against people with physical access to your computer, in which case they certainly couldn't guess your PW anyway, rendering it moot, but hey... "layers". But keep it in the 192.168.x.x range, as they are private IP's. Don't just make it something random.

On XP Pro I also select "Access point (infrastructure) networks only", under the advanced settings, "wireless networks" tab of your LAN properties. I also de-select "Connect even if this network is not broadcasting". Not sure what the equivalent settings are in 7?

I have mine set up to auto-connect. I saw someone say that it's more secure to connect manually every time, but I disagree. It seems to again cause your computer/adapter to search for the broadcast, potentially making you more vulnerable to man-in-the-middle attacks. And sometimes it doesn't assign a network address to me until I restart my computer if I do this.

And if you have any preferred DNS servers go ahead and insert them in there. For example, Comodo has what they call "Secure DNS", and gives your 2 DNS server addresses to use.

That's all I can come up with at the time. Most of it is probably rendered moot due to a strong WPA2 key + login password, but again, it can only help not hurt so why not spend a minute and just do it?

[J_L]

Keeping Windows Firewall enabled can help in security, especially with Advanced settings (outbound control). Routers aren't perfect, and may have holes. You can use different firewall settings on each computer. Also, it barely uses any resources and has no compatibility issues with hardware firewalls.

[Spooony]

Use WPA-PSK mode with a random key. Don’t use words in the dictionary or a variation of them because they can easily be cracked.
"MAC filtering" and "SSID" are the two of the biggest myths in wireless LAN security.

[Mike6080919395]

Thank you so much for all of the help. I do have a few more questions though mainly concerning windows 7 advanced control specificly for MBAM and Avast Free

What are the rules that I should setup if I am using MBAM and Avast while windows 7 firewall is in block all mode for anything without rules. It seems like avast has alot of executables in the primary avast folder. I'm not sure which require a rule and which of them don't. I don't want to open uneccessary ports or programs as that would leave my system open.

Finally I have a question on passcodes:
I normally just use a random password generator about 8 characters, which I have been told is pretty secure. Is alot of characters really needed when it comes to routers and wifi? How fast can someone break thru a completely random passcode created thru a random password generator using 8 characters.