Question about firewalls

Discussion in 'other firewalls' started by Mike6080919395, Jul 21, 2011.

Thread Status:
Not open for further replies.
  1. Mike6080919395

    Mike6080919395 Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    41
    I have an N600 router which I believe has a built in firewall, but what I want to know is how safe are the defaults on this router so long as I disable SSID broadcast, change the router password, enable mac address matching, and the wifi password WPA2-PSK, and limit the overall wifi power level to keep access limited by distance.

    My next question is whether its worth even keeping windows 7 firewall on with a router being installed on the network?

    Finally I want to know if there is a way to remove all previous SSID names what were created from old wifi routers when I created new networks, then I reset the router to defaults. I have about 6 old SSID names still showing up and I fear that if one is open its a direct access point. Eventhough I have reset the router and assigned brand new settings. I would feel much better if those SSID's weren't showing up under available wifi connections anymore. For some reason those SSID's are still showing up even after multiple resets.
     
    Last edited: Jul 21, 2011
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    From what you mentioned: don't bother with disabling ssid, in fact don't disable it. I has no bearing whatsoever on router security. Change router password, enable WPA2 with a complex and long passcode (over 20 chars). The rest is neither here nor there in terms of security.

    Personally I'd keep Win fw on

    Where are those multiple ssid showing? Not on router
     
  3. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I recently did some research on this subject as well as I set up a wireless network. I concur with Cudni, do not disable SSID broadcast. Anybody that wants to sniff it can do so quite easily anyway, and it can actually make you more vulnerable to man-in-the-middle attacks because your computer/adapter is continuously searching for this broadcast, kind of like asking "where you at"?

    IMO, make a strong WPA2 password, 63-64 digits long, and keep it on a piece of paper in a safe place in case you ever need it. You can check out "perfect passwords" on GRC if you'd like more information regarding this.

    I personally do the same with my router password, make it very long and keep it written down.

    I saw much debate about how useful MAC address filtering is. Many say it's pretty moot with a strong WPA2 key, and that if somebody gets by the encryption they'd quite easily bypass this as well. Sounds logical to me, but the way I see it, it certainly doesn't hurt, so why not do it?

    If you can change your username to something other than the default (usually "admin"), do that too. But many routers cannot do it.

    There may be a setting in there for RIP direction, listening, ect... I forget exactly what it was called. But disable that too if it's there.

    Change your router IP address to something other than 192.168.1.1 This only helps against people with physical access to your computer, in which case they certainly couldn't guess your PW anyway, rendering it moot, but hey... "layers". But keep it in the 192.168.x.x range, as they are private IP's. Don't just make it something random.

    On XP Pro I also select "Access point (infrastructure) networks only", under the advanced settings, "wireless networks" tab of your LAN properties. I also de-select "Connect even if this network is not broadcasting". Not sure what the equivalent settings are in 7?

    I have mine set up to auto-connect. I saw someone say that it's more secure to connect manually every time, but I disagree. It seems to again cause your computer/adapter to search for the broadcast, potentially making you more vulnerable to man-in-the-middle attacks. And sometimes it doesn't assign a network address to me until I restart my computer if I do this.

    And if you have any preferred DNS servers go ahead and insert them in there. For example, Comodo has what they call "Secure DNS", and gives your 2 DNS server addresses to use.

    That's all I can come up with at the time. Most of it is probably rendered moot due to a strong WPA2 key + login password, but again, it can only help not hurt so why not spend a minute and just do it?
     
    Last edited: Jul 22, 2011
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Keeping Windows Firewall enabled can help in security, especially with Advanced settings (outbound control). Routers aren't perfect, and may have holes. You can use different firewall settings on each computer. Also, it barely uses any resources and has no compatibility issues with hardware firewalls.
     
  5. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Use WPA-PSK mode with a random key. Don’t use words in the dictionary or a variation of them because they can easily be cracked.
    "MAC filtering" and "SSID" are the two of the biggest myths in wireless LAN security.
     
  6. Mike6080919395

    Mike6080919395 Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    41
    Thank you so much for all of the help. I do have a few more questions though mainly concerning windows 7 advanced control specificly for MBAM and Avast Free

    What are the rules that I should setup if I am using MBAM and Avast while windows 7 firewall is in block all mode for anything without rules. It seems like avast has alot of executables in the primary avast folder. I'm not sure which require a rule and which of them don't. I don't want to open uneccessary ports or programs as that would leave my system open.

    Finally I have a question on passcodes:
    I normally just use a random password generator about 8 characters, which I have been told is pretty secure. Is alot of characters really needed when it comes to routers and wifi? How fast can someone break thru a completely random passcode created thru a random password generator using 8 characters.
     
Loading...
Thread Status:
Not open for further replies.