Yes. I have my own router, and my ISP's modem. And no, it's not a hard task.
I guess my problem is:
Modem is broken, invested in an all in one - Bob2
I have an old modem Netcomm 4+ replaced with Dlink (started playing up) to work with. I also have a Belkin wireless router and a plain router.
Maybe I need to revisit using the old gear or turning off the wireless in Bob2 and making it a bridge to the next router. Bit of playing around but might be worth looking at.
Whether it stops the beeps who knows, but this Bob2 modem/wireless router does have a beep no other hardware had. Guess I need to test electrical currents to see if there is an issue for the hardware there. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
BTW this whole thread has got me thinking about what devices I have on wi-fi. With a little bit of work (hardware + firewall setup) I could make some of them hardwired (cabled). That'd just decrease the probability that they could be reached. -- Don't feed trolls--it only makes them grow!
Yeah, everything I've read says that hiding SSID is useless. I have done it only to keep casual users from trying to connect, but that probably just ensures that the only attempts will be malicious or non-casual. The router wifi is secured anyway with a strong password in WPA2 and also the administrator name and password are unique and remote administration is disabled. There's really no need for remote administration for most people, anyway, is there?
The key remains LAN access, doesn't it. How does one log onto the LAN, users and user levels, passwords, etc? If it is easy to log onto the LAN locally, then once the wifi connection and strong password are known, logging onto the LAN will also be easy, won't it? -- It is easier for a camel to put on a bikini than an old man to thread a needle.
I have a really old D-Link at home that is not wireless, so I don't have to worry about that one, at least when it comes to WPS. I have verified that the wireless router at an office I have some responsibility for is not vulnerable to that attack because it does not support WPS. -- It is easier for a camel to put on a bikini than an old man to thread a needle.
I suggest investigating VLANs as a possible security feature. It essentially lets you define specific paths between specific points and a trunk connection to border routers or shared printers. Since VLAN switches provide layer 2 data link level switching, they are impervious to many of the LAN side malware spreading exploits extant today.
Configuration isn't a trivial matter, but once it's set up, it's low maintenance.
Here's a couple of educational links to review the subject;
Do I understand you to mean that the smartphones, etc., do not have WPA2 enterprise support? I think that must be true, as I have not seen that available in smartphones that I allowed. They do support WPA2 (non-enterprise). -- It is easier for a camel to put on a bikini than an old man to thread a needle.
OK, that's what I thought. The router I have dealt with in this situation can support VLAN and also WPA2-Enterprise, but all those smartphones don't understand WPA2-Enterprise.
I wonder whether you can use WPA2-Enterprise mixed and it would work with the smartphones? I have not tested this. After some checking, I think this probably would not work, either. I also found some commentary about WPA2-Enterprise and Apple iOS5 having issues with connecting. -- It is easier for a camel to put on a bikini than an old man to thread a needle.
There seems to be a few areas of concern for any network that is relevant now.
1. ARP 2. File sharing 3. Exploits 4. Infection
There maybe more, but these would have to be the initial concerns?
1. not with the level of configuration of gear that is available at the local electronics shop. You're basically looking at stuff like Dynamic ARP Inspection, 'sticky' MAC addresses, (private) VLANs, and a few other things that are not available at the consumer level, and at the Enterprise level is in the neighborhood of $10K or more
Points 2 to 4 I'll leave to other ppl that have already posted.
So I tried a discussion in hopes I could view or review protocols to help understand more generally about setting up networks securely from starting with locking down a router and using it to it's full potential.
Here's my breakdown of security from a network-view
Layer 1 / Physical : no physical access to the router / cables, console / remote access disabled Layer 2 / Logical : see my point above, but it goes back to knowing WHO and WHAT is on the LAN, especially that pesky "unknown computer" in Windows Network Neighborhood" Layer 3 / Network : alittle more involved, unless you have a very customizable rig / setup. Layer 4 / Transport : also alittle more involved, but basically knowing WHAT programs / traffic is running around the network, both INbound and OUTbound. Some basic stuff would be knowning commands like 'netstat,' etc. Layer 5 - 7 : Application : As others have said, up-to-date system and patches, anti-virus, anti-malware, etc. maintaining current backups, strong passwords and the like, AND MAINTAINING LOGS of what's going on.
1. not with the level of configuration of gear that is available at the local electronics shop. You're basically looking at stuff like Dynamic ARP Inspection,
You can do Dynamic ARP inspection for free. -- Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999
In any network it is by nature weaker from the inside. on home routers it is that they trust all from the inside many times and there is always the ability from the inside if one has physical access to set it back to factory.
I have always seen network security as working exactly like building security. Once you get access via some method or person inside the initial barriers your job has become many times easier because buildings like networks use the outer walls as their primary line of defense. Once passed that primary wall a skilled hacker will be able to find weaker sub systems that can lead to the main system. -- [65 Arcanist]Filan(High Elf) Zone: Broadband Reports