Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home network focused on security


  • Please log in to reply
8 replies to this topic

#1 tempusrevolutio

tempusrevolutio

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 25 July 2018 - 05:26 PM

I am trying to figure out how to set up a home network to optimize my security. I had an incident about 6 months back where it seemed like someone was connecting to my network and infected every computer and possibly our phones (I couldn't pin point anything for the phones but they all had issues for awhile). All the computers started running slow, registry errors caused two computers to fail to load the OS, tons of computer bugs, and various malwares/trojans/etc I had to remove pretty much daily. I replaced our linksys modem and router 4 times and now have a modem/router combo we are renting from Xfinity because I can swap it out whenever I want and that was getting expensive (I know they are terrible I just can't justify buying a new set up until I know I'm in the clear), I set up the new router with a unique SSID and password and blocked/disabled everything I can in the settings and set firewalls to maximum, replaced all the hard drives in the computers and new OS's (didn't reload any of the backups in case they had a virus or something in there), and changed all my account passwords and logins. 

 

Now I am to the point that I want to lock down our network as securely as a residential home can be. I've thought about setting up a server and using that but idk the benefits or disadvantages of that, setting up a UniFi to segregate our connected devices, getting a VPN I just don't know which one to get, but idk what else I can do or should do. I would love to use the WPA3 that is coming out but it isn't released yet. I've run netstat commands in the command prompt and to me I see some fishy IP addresses. I've had GeekSquad out and they were useless and a private company an IT guy has and in his short 1 hr look he didn't find too much other than a fishy IP address he couldn't figure out.

 

What suggestions do you have for me to set up my network to make it as secure as I can? What is your set up? I am willing to spend whatever it takes to get this done because I am wasting too much money and time as it is. My network skills are just slightly above the average user but as soon as technical talk starts coming in I start to lose comprehension. Any advice would be appreciated, thanks!



BC AdBot (Login to Remove)

 


#2 Replicator

Replicator

  • Members
  • 277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:12:45 AM

Posted 25 July 2018 - 10:27 PM

 All the computers started running slow, registry errors caused two computers to fail to load the OS, tons of computer bugs, and various malwares/trojans/etc I had to remove pretty much daily.

 

This is pretty much your issue right here!

Someone on your network is visiting websites/downloading from websites or clicking on emails that they shouldn't be, thus allowing these malicious programs access to perform the damage your experiencing.

 

No amount of 'hardening' your network security will protect you from this.

 

The whole purpose of securing a wifi network is to deflect others from the outside (WAN) gaining access to the inside (LAN).

If your contracting malware through 'poor' online habits, then your effectively giving the bad guys access to whatever is running inside your network.

 

How is this malware that your having to clean, gaining access to your system in your opinion?


The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#3 tempusrevolutio

tempusrevolutio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 25 July 2018 - 11:26 PM

Initially I think it was from a Trojan that I got from a download on Github. Bitdefender that I was using at the time caught it right as the download happened and killed the download, so I did a few scans and everything was clean as far as I could tell. But nothing happened until about 4 months later and all computers on the network started losing admin privileges, then downloads and updates quit working and then we couldn't connect them to the internet (all of this was independent on each computer but it was the same effects, just at different rates). I don't know why there was the 4 month gap before anything started happening unless it was doing whatever in the background to establish itself or something, but my scans never found anything until this point. I don't think anyone here goes to any shady sites, I would be going to the shadiest ones in the house but that's still rare for me and I don't normally use Github (not that it's shady but there is some shady stuff on there, obviously). Everyone else is pretty much strictly Google, YouTube, Facebook, and Instagram.

 

Right now I feel like our systems are pretty much good to go and we are just dealing with the damage that was done, me in particular because no one else used a computer during that period until I got rid of it. But I've been learning a lot about all of this, because I knew nothing to begin with, and when I use netstat I don't really understand it entirely but I feel like something isn't right.

 

Long story short. I think initially it was linked to that Trojan that was blocked. Like it managed to connect to something and send out our gateway address out and then we were in a man-in-the-middle kind of situation. That was the best I could come up with.

 

I just want to prevent anything like that from happening again and if it is still here just hanging out in the background I want to close off however he's connecting to me and kick him out.



#4 Nunos

Nunos

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 28 July 2018 - 12:54 AM

On the cheap I would start by configuring the router to use OpenDNS sign up for the free home user account and block everything that you like in the settings page. Then set the pc's to all obtain their DNS from the router.

 

If you have more resources then the next step I would consider is a Next Generation Gateway Firewall. This can be SonicWALL, WatchGuard, or you could build your own out of an old PC with two network interface cards and Untangle Firewall. These devices depend on a subscription for various services like scanning HTTPS traffic, Sandboxing, Advanced Threat Protection, and say ad blocking. The value to this is you get to scan the incoming traffic before it reaches your pc's and then you can get a second opinion from the AV on the pc's. Downsides are a steep learning curve and expense.

 

One thing to note as more and more sites become encrypted, thats the httpS sites, the malware authors have begun taking advantage of encrypting their payloads affectively bypassing scanning. This makes a device like the SonicWALL's and WatchGuard's a better candidate for decrypting and scanning the traffic because they use processors that are purpose built unlike a pc that you turn into a router. 



#5 Replicator

Replicator

  • Members
  • 277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:12:45 AM

Posted 28 July 2018 - 08:24 AM

If you already have an infection thats placed a payload on your system that can communicate to a server, none of this means squat Nunos!

 

To secure a network all you need to do is utilize WPA2 on the gateway with a secure (long) password.

 

No one would brute force this in a million years.

 

You dont need software bullcrap like Sonicwall or Watchguard, what you need is education so as to not let infections in!


Edited by Replicator, 28 July 2018 - 08:25 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#6 Nunos

Nunos

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 28 July 2018 - 10:52 AM

He says it is already clean above and that he would like to do more even suggested getting a server and or a vpn. WPA2 and a long password is just one layer in layering security. 

 

Appliances and software like WatchGuard and SonicWALL work great and protect people so that the other people behind the network don't have to stop what they are doing in their lives and learn network security. If you don't like other peoples suggestions you are free to ignore them you don't have to attack them.


Edited by Nunos, 28 July 2018 - 10:52 AM.


#7 Replicator

Replicator

  • Members
  • 277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:12:45 AM

Posted 28 July 2018 - 11:35 AM

Im sorry, my bad, I didnt know that software programs would solve all my issues with security.

 

Hey, do you think you could recommend one that picks next weeks lotto numbers?


Edited by Replicator, 28 July 2018 - 11:37 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 


#8 tempusrevolutio

tempusrevolutio
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 July 2018 - 03:45 PM

Thanks for the advice Nunos, I'll give those a try! You're right though, I'm just trying to harden my security. And I appreciate the advice Replicator, I have a unique WPA2 set up so I'm good there. I get that I can't lock down my network so it's impermeable but if I can make it more difficult in to breach than 90% or so of home networks I wouldn't be worth someone's time to try to hack and they'd just get the easy picking networks, ideally anyways. I know you were joking but a friend and I actually did make a program to predict lotto numbers actually, but it's not very accurate. Let me know and I can send you the code!

#9 Replicator

Replicator

  • Members
  • 277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Dark Basement
  • Local time:12:45 AM

Posted 30 July 2018 - 08:10 AM

Hehe cool, sounds good. :thumbup2:

 

Hide your SSID also, no need to broadcast it across the air to others who are not invited.

Set your networks connected devices to "Connect even when not broadcasting" so your desired systems will still have access when broadcast packets are sent from their NIC's.

 

It should show on a network scan that anyone performs as "hidden" so no extra info is divulged to enable footprinting of this area!

 

Set your hardware firewall configs (router) to include a DMZ at your gateway's local IP.

Enable SPI on IPv4 / Enable Anti-spoof Checking and IPv6 Simple Security, if you utilize IPv6.

 

If your router supports it, enable PPTP, IPSec, RTSP and SIP.

 

This coupled with a strong WPA2 password is all you should need, its worked well for me for years!

 

Remember, software developers want you to pay for their wares, they will always boast how good they are and they also expect your security information configs to be sent back to their servers for analysis WTF?.......most of them are garbage, but then its your choice!

 

Cheers :)


Edited by Replicator, 31 July 2018 - 07:10 AM.

The quieter you become, the more you are able to hear!
CEH, CISSP @ WhiteHat Computers Pty Ltd

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users