are these router settings safe?

Discussion in 'other firewalls' started by iceni60, May 30, 2007.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i got a laptop. i've never bought one before mainly because i don't like them, i don't like wireless stuff either. if i have these settings in my router does that mean my wireless and everything else is safe?
     

    Attached Files:

  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Your greatest security comes from the fact you have WPA enabled. Depending on the length of your network key and its`make up, alpha-numeric, upper and lower case as well as mixing in non-alpha-numeric symbols. I would say yes, you about as secure as you can be on wireless.
     
  3. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    I use MAC address filtering. It allows only the PCs I add to connect. (Unlesss some one is hacking you and knows how to spoof and clone MAC, you should be ok in wireless connection. Another trick is this:
    If you have 3 PCs, allow only 3 IPs. Change the pw to the router, disable the remote admin on the router, change the router address from 192.168.1.1 to something else. Lastly, hide your SSID
     
  4. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Actually, apart from changing the password on your router (essential) and disabling remote admin (which will be off by default anyway), all these other measures are completely useless and serve only to add to your own inconvenience. None of the measures you mention in any way make it more difficult for a wardriver to crack your WiFi network. Using WPA-PSK (or WPA2-PSK) will protect you from any known cracking tactics, provided your PSK is long enough (30 chars or more will do), contains random characters rather than words, and you don't allow it into the wrong hands.
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    eniqmah mentions MAC address filtering. Select the Wireless Access Station List - Setup Access List on that page and turn on Access Control then select the Trusted Wireless Stations, or you can choose to add manually by adding the Device name and MAC address of your laptop.
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Changing default SSID helps to avoid conflict with neighboring WLANs
    You want at least WPA security..that's good, WEP is too easily cracked (in under a minute these days with avail tools)
    Disabling SSID broadcast does not stop someone who uses tools...which will find it anyways, so you can leave it on. Some wireless NICs don't always connect very well when SSID is disabled.
    MAC filtering can by bypassed easy enough also these days with avail tools.
     
  7. Gren

    Gren Registered Member

    Joined:
    May 31, 2007
    Posts:
    93
    That's the same router that I have and it looks like you've done everything you can from that angle. Assuming that your SSID has been changed.

    SSID change
    Admin password change
    No broadcast of network SSID
    MAC filtering
    WPA security

    Make sure sure in the WAN page you have the 'Respond to ping' box unticked for full stealth.
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Please enlighten me as to how these improve security over WPA/WPA2.

    For example, what about MAC address filtering, you said they can spoof and clone the MAC quite easily, so why should a person use this if they already have WPA?

    Then for only allowing 3 IPs, how does that help? Because you are limiting for only dhcp, right? So couldn't someone just make a static ip.

    Another question, how does changing the router address help?

    Another one, what does hiding your SSID do that helps security so much?

    Any of the other posters who suggested these same security measures can also help me into figuring out these added benefits.

    Cheers,

    Alphalutra1
     
  9. Gren

    Gren Registered Member

    Joined:
    May 31, 2007
    Posts:
    93
    None of them are foolproof but all may make anyone looking for a free ride to look elsewhere. My wireless card picks up 7 networks without moving. Only 1 is ours! It's like the car alarm thing - not that much of a deterrant these days but most people will choose the easy option.

    Hide and change the SSID makes it more difficult for people to find you in the first place. MAC filtering means they can't get on if they find you.

    Encryption just stops them picking up your signal and gleaning any sensitive info from it.

    The two things protect against different 'attacks' - some people are after using your connection and some are after your banking details for example.

    All can be gotten past (quite easily I've heard) but how many of us are under that kind of threat and how many of us are just trying to stop people using our connections?
     
  10. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Correction ... none of them (except WPA-PSK and changed router password) are of any practical use whatsoever.

    Wrong on both counts. It is trivial to get past both.

    Wrong. Encryption in no way hides a signal.

    Correct ... provided you use WPA-PSK with a sufficiently long and random password.

    Your thinking is flawed. There are no known means of breaking WPA-PSK, except by dictionary attack. Then a long, random password will thwart any such attempts. So, if you have proper WPA-PSK implemented, people can't get in, irrespective of their intentions. Using MAC address control, hiding the SSID, etc., add absolutely nothing except inconvenience to you.
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    But, I thought disabling SSID only cancelled a few of the MANY broadcasting types for wireless networks, but maybe you have a lot more research in this area then I do. I also thought that MAC addresses were easily clonable, and that if you don't have the wireless key for the encryption to the network, you cannot get on. But since you obviously can, please tell me what I can do to prevent it.
    Or really, so if it is encrypted, there is no way they can capture the packets in the air, then decrypt them else where since encryption makes them hidden right? So encryption doesn't really help protect people from using your connection, just reading what you are doing I guess.
    Oh, there are two different "attacks" then, interesting... Please explain how I can prevent both only using solutions that work.
    Please provide me with links from where you have "heard" and authoratative areas to learn about this very vulnerable area in security. My authpf+openvpn security might not be safe enough any more for my access point :'(

    Cheers,

    Alphalutra1
     
  12. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    I have grown to dread when ever a wireless network question is posed. The discussion generally degenerates into a what does\does not work, what has\has not been cracked and the OPs` OT is forgotten. As of this date what Spm said in his last paragraph holds the most accurate statements. Anything but WPA (what ever flavor) with a proper length, configured key has been\can be easily cracked by readily available tools found all over the Net. My apologies to iceni60 for this post going OT. <TZ stepping off of his soapbox>
     
  13. Gren

    Gren Registered Member

    Joined:
    May 31, 2007
    Posts:
    93
    Okay.....let me be clearer.

    Some security (no matter how easily bypassed by those in the know) is IMHO better than none - as long as you arent lulled into a false sense of security. I've connected to neighbours' wireless networks by mistake - 4 times in as many minutes when I was upgrading to Vista and it was picking up the first signal automatically as our SSID was hidden. If I had less scruples I might have stayed connected and done a bit of sniffing around. Had their security been better, even slightly so, I would not have been able to do this without more specific knowledge and software. Even a MAC filter would have stopped me.

    To say none of them are any practical use whatsoever is patently not true as described by the above example. Agreed they are no use if you come into the sights of someone who knows what they're doing but most people don't.

    SSIDs may be picked up still if hidden (I don't know personally how to do this) and MAC addresses can be cloned but again not by your average home user.

    Okay it's the non-average users that you really need protecting from but anyone out there can do real damage if they get on your network.

    As for links, sorry but this info has been picked up over a number of months of reading various forums. This one, the Netgear one (before it was taken down) and DigitalSpy to name but three. Not always the most accurate of sources I admit but then again thousands of posts can't be wrong. Can they?

    PS Of course encryption does not stop you picking up a signal. My mistake. It just, hopefully, stops anyone using what they pick up.
     
  14. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Well, even though some security is better then none, why would you add stuff like MAC and SSID on top of WPA/WPA2 if it doesn't offer any practical security advantage? Please explain. Also, I don't see why your SSID was disabled, if it was enabled you wouldn't have had that problem I don't think
    See above question
    Unfortunately, the average home user is smart enough to read, and when I went to google, I found two tutorials on how to do it:
    http://www.tazforum.thetazzone.com/viewtopic.php?t=2069
    http://www.smallnetbuilder.com/content/view/24244/98/
    But how can they get on my network if I have WPA/WPA2 enabled? Please tell me how to prevent it since I am not sure I can.
    Unfortunately, the public can be misinformed quite easily, and told to know something that is wrong, intentionally or not. Just look in the history of our countries and you will see what I mean. I have found a forums where the people are very knowledgeable, maybe it could help you and everyone else in this thread:
    http://www.dslreports.com/forum/wlan
    and this link is quite helpful for "newbies":
    http://theillustratednetwork.mvps.org/LAN/SoHoWirelessSecurity.html
    At least you can admit mistakes, that is very good, and you know what they say, you learn best from your mistakes ;)
    Cheers,

    Alphalutra1
     
  15. wat0114

    wat0114 Guest

    If the option is available, try reducing the router's radio transmit power ( maybe under "Wireless settings"). As long as you and the other pc's in your household are within range of the signal, that is all that should matter. Hopefully no one attacks me for this suggestion :rolleyes:
     
  16. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Not attacking, I was just wondering how this helps in security. It would be great for you to explain it to me since I am a bit fuzzy on how it helps.

    Cheers,

    Alphalutra1
     
  17. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    No attacks, just differences of opinion. ;) Your idea is sound but may\can cause other problems. An example, I have extended my WAP range with a set of long range antennas. I want full use of my lap top as I choose\roam my yard\set on my porch. If you signal can be seen it can be cracked, even with WPA. It is about taking the time required to do it. A WPA properly configured key may be cracked. But as opposed to taking minutes, it could take years....or shear luck.
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    is the router stable and easy to setup?
    i have found out that router is quite cheap.
    so i thought i would ask if its any good since im looking for a decent cheap adsl modem router.
    lodore
     
  19. wat0114

    wat0114 Guest

    Of course and I agree. The reduced radio power is simply in addition to the WPA/PSk - or better - encryption. If a wardriver gets only a spotty signal or none at all from where they are searching, it makes it that much more difficult on them. I believe it benefits those especially who live in a condominum or apartment, since it will reduce the number of potential "looky-loo" neighbors who can pick up the signal. That said, it can benefit anyone in any location who incorporates this option.
     
  20. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    But why should I care if my signal is in the range of others if it cannot be broken and infiltrated, and only cause more annoyance to me if I want to go further away from the AP and I cannot pick up a signal anymore?

    Cheers,

    Alphalutra1
     
  21. wat0114

    wat0114 Guest

    Is the encryption 100% secure? If so, then you need not care, otherwise if there is even a remote chance of it being deciphered, I would like to have that little bit extra security of reducing my router's available signal range, especially if the reduced tx power still affords me my maximum required range.

    As for MAC address filtering, limiting available ip's, going with static ip's and, of course, passwording the limited user login of the router, I also do all of that. Some may mock all this extra overhead, but I like it :) If it all requires the wardriver to incorporate extra tools and knowledge to crack the router, thus spending more time and effort doing so, then I'm all for it.

    BTW, I live in a 4 story condominium complex and routinely see 6-7 hot spots in my Wireless networks window. Of those, no more than 2 incorporate the more secure WPA encryption. The others use WEP. I'm not into cracking wireless, but if I was, I probably wouldn't need to pay my ISP the $42/month (includes basic tv cable) service fee ;)
     
  22. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Yep, it is pretty much 100% secure ATM, especially with a password with 63 random characters, numbers, etc. It will take several years (like hundreds) to go through all of the possibilities right now. And reducing the range will not do much, especially in a condo, since there are things called high gain antennas ;)
    So you are saying you are proud that you implement security that does not work and will only cost someone a max of one minute to circumvent? Also, from those tutorials I gathered, almost no knowledge is required. In addition, doesn't limiting the available ips only limit the number of dhcp addresses it can hand out, so couldn't they just assign themselves a static ip? However, the passwording is a pretty good tip.
    You know that linksys is the most widely used ISP ;)

    (BTW, I may not post anymore since I have 999 posts just to annoy some people :p, but I doubt it)

    Cheers,

    Alphalutra1
     
  23. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    LoL

    How true it is. Every single thread about this topic has been hijacked by know-it-all remarks and arguments about what's weak, what's strong, "correcting" people. LoL. Just stick to your own guns, take from my suggestions what you think will help you. Ultimately, no matter how geek you are, if someone goes after you, it's just a matter of time. In the mean while, your preventive measures simply work to hold off the Joe Shmoes in the local vicinity who are trying to leech off your connection. Thats all. No need to geek-it-up and be falsely secured
     
  24. wat0114

    wat0114 Guest

    Should we take those "tutorials" as gospel? Just asking, because that means all those other options avalable in routers are just a waste of time, correct? I believe it important to clarify this because then in future threads of this nature responses can simply be restricted to: "use WPA or better and use strong passphrases. All the other security options in your router are useless"
     
  25. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Rewrite that as "All the other wireless security options in your router are useless", then - yes, precisely.
     
Loading...
Thread Status:
Not open for further replies.