PDA

View Full Version here: : Router security


GeoffW1
05-09-2013, 10:18 AM
Hi,

All this stuff has been said before, but this newsletter is still a worthy read (it is safe)

https://windowssecrets.com/newsletter/ways-to-secure-a-router-and-other-helpful-tips/

Cheers

jase
06-09-2013, 12:54 PM
Interesting statement around WPS. Recent equipment I purchased requires physical access to the device to trigger WPS negotiation. i.e. you have to press a button in order to trigger the wireless devices (routers, bridges, whatever) to peer. From the tests I performed unless the button is pressed, the device ignores any WPS negotiation packets from peering requested devices. In any case, turn off WPS anyway. Its just a lazy way of connecting to the network if you've forgotten your SSID and WPA2 credentials.

Hidding the SSID is a security by obscurity approach that is flawed with the plethora of tools available. Android tools such as WiFinder, Fing, etc make it easy to discover networks.

multiweb
06-09-2013, 01:03 PM
+1. WPS is a whole can of worms. Best thing to do is the following:

1_ use WPA2.
2_ don't broadcast SSID (do it if you can - everything helps).
3_ Use MAC addresses and restrict access.

You shouldn't have any issue then #3 is the most secure way to lock everything to known devices with your wireless range and it's dead easy to do.

killswitch
06-09-2013, 04:04 PM
WPS and uPnP have been known to be exploited so careful with these. Also WPA*1 has been cracked by the japanese a couple of years ago.



Do not depend on mac filtering alone. Its very easy to spoof a mac address. An adapters mac address on a windows PC can actually be changed in the registry :lol:

multiweb
06-09-2013, 04:10 PM
Ouch... nasty. I wasn't aware of this. :eyepop: Oh well, a strong pwd still stands in that case. :) So to spoof a MAC address you'd need to know one. Is there a way to find that out as well from an existing established connection like reading a SSID?

killswitch
06-09-2013, 06:22 PM
Yes a packet sniffer could easily pick it up. The Mac address is purposely stored on the outer encapsulation layer of a packet which isn't encrypted.

Also another beware, if you see a wifi access point named similar to yours but on a different security mode, do NOT connect to it at all, it is a trap.

tlgerdes
06-09-2013, 08:33 PM
Put it into perspective. What information do you have worth stealing? People don't go wardriving anymore, that is so yesterday :lol:

WPA2 with a nice passphrase is enough to keep people out. Anything else is just annoying when people come to visit.

Any more difficult and the people who want your info will knock on your front door with a gun in their hand.

Barrykgerdes
07-09-2013, 05:01 AM
Trevor has a good point. What have you got that is worth stealing.

I can't see why so many are paranoid about their WIFI security. I use a simple mac address and from experiments that I have carried out my router can't see most new computers further away than 50 metres. I then often need to enter the mac address manually before they can get in..

If you do manage to get into my system (and also my server) I am sure you will have the same trouble as me looking for specific items that I can never find and know roughly where they are. I don't store passwords, Credit card details, banking details etc on my computer.

I also have a second back up system that I use at Wiruna (or if the home system stops working). Most who come to the house at Wiruna already have the the access key. If you don't here it is 1002211747, Be my guest! Of course I need to be in range of wireless internet and the router needs to be turned on.

multiweb
07-09-2013, 10:40 AM
Well email passwords for one thing. I believe that a lot of people still don't use SSL when sending and if you're logged into a network you can figure out people email username and pwd. That much I know how to do. That could be a security problem IMHO.

GeoffW1
07-09-2013, 10:43 AM
If we use Google Chrome we do :rofl:

http://www.theguardian.com/technology/2013/aug/13/chrome-google

But you meant Barry I know, that you don't elect to "Save my password on this site" or "Keep me signed in" etc

Cheers

Barrykgerdes
07-09-2013, 11:49 AM
I should have said except my email and forum passwords. That saves a lot of problems of memory. If you can log onto these good for you. You can send as much spam as you like from them.

I don't use google chrome.

Security only keeps the good guy's out. I don't put anything on the computer that could cause problems if compromised.

Barry