Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home network and security


  • Please log in to reply
4 replies to this topic

#1 youronlysin

youronlysin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Williamsburg, VA.
  • Local time:03:20 PM

Posted 02 April 2011 - 11:42 AM

Hey everyone. First of all, thanks to all the people here that offer their time and help for free.

While still suffering from malware issues on my main desktop pc, Id like to get things cleaned up and safe on my home network. The infected PC is being handled in another thread here.

My home network consists of a cable modem fed to a TP-Link wired/wireless router. My main desktop PC is wired direct to the TP-link while my laptop and another desktop upstairs connect wirelessly. I'd like to get my network secured fairly well yet still allow some browsing freedom. The wireless portion is encrypted, but I am not real familiar with adjusting any of the settings in the router to keep the entire network a little safer from internet baddies. I just started using the hp-hosts file so hopefully I'm on the right track. I have everything set up to receive ip addresses automatically from the router, but I hear its best to use static ips for safety. I know there are a lot of general guides to setting up a secure/effective home network, but does anyone recommend something in particular?

BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:04:20 PM

Posted 02 April 2011 - 01:49 PM

What model number router do you have? We will need to see what it supports. You should have the highest encryption turned on WPAv1 with addons (TKIP) or WPAv2 (depends on what your router supports) You should use a Key generator to create the Encryption key these use special characters that are hard to create on your own. Depending on the router you can create a set-up disc or USB to copy the settings to each host. You can enable MAC address filtering (MAC address can be cloned though). You can also Use port filtering to block incoming traffic. Turn OFF SSID so your network isn't readily visible to other computers and change the SSID to something unusual but something you will recognize. Each wireless host will need to know the SSID before its turned off (or you need to assign it) otherwise they wont see your network. Change the default address for the router log in (usually 192.168.1.1) and change the default password. You can also change your network address from the standard 192.168.1.0 to anything from 192.0.0.0 to 223.255.255.255 that's the range for Class C private network. Statically assign each host with its ip address and configure the router to only allow enough connections to cover your network. Anything can be hacked it just takes longer the more security you have installed. Its far easier to move onto a network less secure then to hang around hacking each protocol.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 youronlysin

youronlysin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Williamsburg, VA.
  • Local time:03:20 PM

Posted 02 April 2011 - 03:09 PM

The router is a TP-Link TL-WR841N. Its currently set to WPA2 encryption but I am not using a key for each host. DHCP is enabled and SSID is also enabled. I can change those easy enough...Thanks for the reply!

#4 youronlysin

youronlysin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Williamsburg, VA.
  • Local time:03:20 PM

Posted 03 April 2011 - 08:03 AM

These particular security measures are more tuned to keep someone from getting on the network from outside, correct? Are there any other measures that are typically taken within the router that help secure the network from spyware/malware/viruses, or are those handled primarily at each host by means of software?

#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:04:20 PM

Posted 03 April 2011 - 02:39 PM

Port filtering can help with blocking a Virus from accessing the internet. To keep computers from being infected its usually handled on the host machine with AV and other software such as Sandboxie for Firefox and IE and No Script for Firefox.

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users