router vs software firewall

Discussion in 'other firewalls' started by Siamese Dream, Jan 16, 2014.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Uhm...

    I'm not quite sure if software-based protections are reliable to protect your hardware, router in this case. I'd say it's better to harden the router itself. Hide SSID, use AES, and configure/disable other things that might become the possible threatgates, etc. There are more you can get from the more expert members. Digging older threads might give you more info.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,081
    Location:
    USA
    This thread motivated me to check the default settings of my new router which I discovered are a mixed bag in terms of security.

    1. UPnP was ON, however info on the web says that not all implementations are at risk. There's a test that (supposedly) determines whether or not your router's iteration of UPnP is vulnerable here:

    http://upnp-check.rapid7.com/

    This test says my router is not "discoverable" so I've left UPnP on the for moment, but I'd like to hear the pros & cons of having it On/Off.

    2. The WPS PIN was ON (it's now off).

    3. WPA2 - PSK [AES] was ON

    4. SSID was ON

    There's info on the web stating that hiding the SSID doesn't improve security much since someone with a little knowledge can still find it. It would discourage the average person though who doesn't know how to do it.

    http://www.howtogeek.com/howto/2865...hiding-your-wireless-ssid-really-more-secure/
     
    Last edited: Jan 31, 2014
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Suggest you replace that [noparse]http://upnp-check.rapid7.com/results...[/noparse] link with this one: http://upnp-check.rapid7.com/. At the later page I notice: "This service is only suitable for identifying whether your UPnP is exposed to the internet". Looks as though it tests for WAN side access. LAN side access would also be of concern unless you've established that the level of authentication in your arrangement is satisfactory to you.

    Better than counting sheep...
    https://en.wikipedia.org/wiki/Universal_Plug_and_Play
     
    Last edited: Jan 31, 2014
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,081
    Location:
    USA
    Thanks for the heads up about my incorrect link to the UPnP test site (now correct). What is likely to happen if UPnP is disabled in a home router? What support does the protocol provide to new devices and is that support needed after they are connected?
     
    Last edited: Jan 31, 2014
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    In a networking context, I'm not a fan of devices auto discovering each other, auto exchanging information about their capabilities/config, auto allowing other devices to modify their configuration, etc (ARP and sometimes DHCP exceptions). I like the human in the loop, manual configuration, device-specific login credentials required to access or change configuration info, type pattern. You need to play with something to really understand it, and I haven't done so (with UPnP). So if you read up and do some experimentation, I'm certain you'll arrive at a better understanding than I can give you. Thus the previous starter link. Having said that...

    I think this would depend on what options you have and use to control it, and what UPnP driven features you were/are trying to use. If you fully disable it, I suspect that would prevent UPnP based software from acquiring and displaying some detailed information about the device. I'd look for places where network device information is displayed and see how that changes. If you can enable UPnP while preventing changes made through UPnP, I suspect the discover and read operations would function properly while protecting the device from UPnP based modifications. If you have a device/program that is punching holes in a firewall via UPnP, and I doubt everyone will, breaking the mechanism should cause a network connectivity issue of some sort. UPnP is used to access media servers, so if your router is configured to be one perhaps you'll run into problems there depending on what you disable.

    It seems possible that UPnP would be used for one-time-only discovery and config purposes, but I don't think I would count on that.

    FWIW, I have some links to UPnP test tools (which I never played with, perhaps there are better ones out there):

    UPnP Tester
    http://www.markgillespie.co.uk/?page_id=18 (note comment regarding administrator privileges)

    Universal Plug-and-Play Tester
    http://noeld.com/programs.asp?cat=dstools (scroll down)

    UPnP-Inspector
    http://coherence.beebits.net/wiki/UPnP-Inspector

    Maybe you can explore and let us know what you learn :)
     
    Last edited: Feb 1, 2014
  6. guest

    guest Guest

    Yeah, but I just don't want my SSID appeared in other people's computers. Just if my neighbours do the same. A long list of available networks is kinda annoying. :p
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Another draw back of hiding it is that users will not know that a channels is already used by X number of people and then this may impact you. So, to be visible is actually beneficial especially in WIFI polluted areas. If they know you they will avoid you :D
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,081
    Location:
    USA
    That would be true for people who actually know that there are wifi channels and how to determine which ones are being used in their area.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    That's the first troubleshooting step anyone (e.g. support, user guides) give when dealing with WIFI issues or low signal. So, pretty common... Unfortunately with this idea of hiding SSID to improve protection is not always easy to implement. :)
     
  10. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    don't worry to being hacked, i've used internet for maybe over 10 years and really begging hackers to hack my pc, and i even made some very angry and nothing nothing has happend for over 10 years.

    I've only used Router Firewall and none on my PC.
    So it's just paranoia, nobody will hack you if you don't give the hackers the right to hack you, and that can be done maybe they sent you a file and you open it, or else then can NEVER hack you. It's just rubbish.
     
  11. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    :thumb: Agree! I just use a NetGear router,never an issue.
     
  12. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Software and so called hardware firewalls should be used together.
    With IP v6 NAT is useless.All the PC-s in the LAN are accessible/visible so a software firewall is needed on the PC-s.

    How would you know.
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    I agree.:thumb:
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you're using an external DSL or cable modem, you have a network. Unless your modem is set to pass through (most are not) you're using NAT (Network Address Translation) which also functions as an inbound firewall. Most cable and DSL modems are combined devices that have a basic firewall.
     
  15. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia

    NAT is useless in IP v6 i ve heard ,i may be wrong.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.