dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
13
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to norwegian

MVM

to norwegian

Re: Router security

said by norwegian:

There seems to be a few areas of concern for any network that is relevant now.

1. ARP
2. File sharing
3. Exploits
4. Infection

There maybe more, but these would have to be the initial concerns?

1. not with the level of configuration of gear that is available at the local electronics shop.
You're basically looking at stuff like Dynamic ARP Inspection, 'sticky' MAC addresses, (private) VLANs,
and a few other things that are not available at the consumer level, and at the Enterprise level is
in the neighborhood of $10K or more

Points 2 to 4 I'll leave to other ppl that have already posted.
said by norwegian:

So I tried a discussion in hopes I could view or review protocols to help understand more generally about setting up networks securely from starting with locking down a router and using it to it's full potential.

Here's my breakdown of security from a network-view

Layer 1 / Physical : no physical access to the router / cables, console / remote access disabled
Layer 2 / Logical : see my point above, but it goes back to knowing WHO and WHAT is on the LAN, especially that
pesky "unknown computer" in Windows Network Neighborhood"
Layer 3 / Network : alittle more involved, unless you have a very customizable rig / setup.
Layer 4 / Transport : also alittle more involved, but basically knowing WHAT programs / traffic is running around the
network, both INbound and OUTbound. Some basic stuff would be knowning commands like 'netstat,' etc.
Layer 5 - 7 : Application : As others have said, up-to-date system and patches, anti-virus, anti-malware, etc.
maintaining current backups, strong passwords and the like, AND MAINTAINING LOGS of what's going on.

My 00000010bits

Regards

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller

Premium Member

said by HELLFIRE:

1. not with the level of configuration of gear that is available at the local electronics shop.
You're basically looking at stuff like Dynamic ARP Inspection,

You can do Dynamic ARP inspection for free.

Anon users
@anonymouse.org

Anon users

Anon

change AP name
hidden SSID
use ONLY WPA2-PSK with AES
Turn off remote port admin
Turn off WIfi Admin

No that's the trick...
Save your settings in Admin menu (settings.bin) in your computer, THEN
TURN OFF ALL ADMIN login options (no login even in plugin LAN port)!!!

All is left for 'break-in' to tamper your setting is RESET BUTTON , but after reset, you can notice your wifi won't work, (wrong AP name, wrong SSID & wrong WPA2 password), the ALARM is rang