Hi Guys, I posted this over on Dsl Reports but have not heard back yet, so figured I would try good ole Wilders Security Forums. I will just copy paste what I posted there. Thanks!! Hi folks, Been awhile since I posted this thread: »Linksys Router Recommendations? Just wanted to let you all know that I recently moved, and was able to get Comcast to swap out my cable modem. That old modem must have been the problem since after getting a new cable modem, the Linksys connected right up no problem. My question is what is the "normal" security settings for this router? And what can I do to make it more secure? What I've done so far is the typical. Change the admin password. Changed the SSID Enabled WPA2 Personal with 63 character passphrase What else can or should I do? Should I disable SSID? Change any other settings? Also the wireless band is set to 2.4 GHz vs. 5GHz. Any benefits with going to 5? Network mode is set to mixed, I assume this is ok as the default. Channel width is set tp 20Mhz vs. the option of 20 or 40. What are the pros/cons of changing this? As for the channel, its set to auto. Im running firmwarm version v1.0.03 from Linksys. Looks like this is the newest so I assume that its fine. If you need more information please let me know. Just looking to make sure things are secure enough, and if there is anything I should do to lock it down more, and/or gain better performance. As for wireless devices connected to it, currently its just one laptop and my android phone. Thanks! P.S. Should I disable UPnP?
Check out this thread for some info on WiFi security: https://www.wilderssecurity.com/showthread.php?t=272327 99% of your wireless network security comes from this: "Enabled WPA2 Personal with 63 character passphrase". Changing the admin password is of course a good thing, too, however that is a protection for LAN side access not the wireless side. (If your WPA2 key is secure then no outsiders on the wireless side can even get to the admin login screen, assuming you even allow WAN side admin mgmt which generally is disabled by default now a days. But, LAN side router mgmt is protected only by a strong admin password.) Other than that, security is not enhanced by any of the other things that people online too frequently recommend doing, such as turning off SSID broadcast or MAC address filtering. The broadcast bands, channel configs and so on are mostly about getting a good and strong signal across whatever distance you want it to operate on. If you are getting good signal strength and transfer rates to all your devices within the range you operate them, then you are probably fine with whatever settings you already have. UPnP is really about usability. It is only helpful if you have applications that are setup to communicate with the router for automatic access and configuration changes. If you don't, then it'll never be accessed. Again, it is not a risk to unknown users on the wireless side because they can't get past the WPA2 protection.
Thanks for the response! I did change the admin password (sorry I forgot to mention that). Believe it or not I'm kinda new to wireless and just wanted to make sure that I have it locked down properly. As for broadcast bands and channel configs that's a good question. I noticed last night (from upstairs mind you) that the speeds were pretty whacked out when I was running speed tests from speakeasy. For a few minutes, I was getting decent speeds like 15\4 which I felt was good. Then it would drop down to about 4\4. This was with the laptop sitting in the same spot. Is this normal for wireless? I could see some varying degree of speeds but not this much. Thanks!
