1. #1
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,837

    Any Tips for Security Home Wi-Fi Router?

    I just finished reading an article where a SWAT team raided the wrong house due to an open WiFi network. The actual target was another house on the same street.

    With the police empowered to act as they did in the situation of the article, I thought it would be helpful to our members if the "Networking Experts" would share some tips on securing their Wi-Fi router.

    ~~~~~~~~~~~~~~

    (For those interested: SWAT team throws flashbangs, raids wrong home due to open WiFi network)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    2xg's Avatar
    Join Date
    Apr 2012
    Location
    SoCal
    Posts
    336
    Blog Entries
    13

    Re: Any Tips for Security Home Wi-Fi Router?

    It is risky to leave your wireless network unprotected especially if you have critical information (financial, credit cards, bank accounts, etc..) stored in your home computers. If you live in a location thatís not very crowded you may opt not encrypting your network or go for a low network security if you wish or NO... personally it is still best to secure your network whether you live in a busy location or not . How about those network devices (computers and gaming consoles) that donít support WPA2? This can be a big issue; it will be smart to buy new wireless network adapters for those devices that doesn't support WPA2 so that they can handshake with your router and utilize the highest network security.

    Definitely use WPA2 for your wireless network. Both WEP and WPA have been hacked and it will only take minutes to hours to do this. WPA2 can also be hacked but it takes longer - days or weeks for someone to bypass to your network. If you have an older wireless router that doesnít support WPA2, you should consider replacing it since routers now have become very affordable.

    Also, Itís always best to use complex passphrases. Tips for creating strong Passwords and Passphrases.
    http://windows.microsoft.com/en-us/w...nd-passphrases

    Modern routers also support Guest Network - you may create a separate SSID(wireless network name) or multiple SSIDs for your Guests, make sure that you do not enable the LAN access from your routerís setting to prevent your Guests accessing your network files.

    For Home and Small Businesses, it will be best to invest and if you can afford to buy a Security Device (in addition to your routerís security features) e.gÖ. Sonicwall or Fortinet. It will be worth every penny and will protect your investments; rest assured that your network will be protected.

    Hope this helps, this is my honest opinion on securing your wireless networks, others may have a different feedback.
    Last edited by 2xg; 06-30-2012 at 02:54 PM. Reason: Changed Font
    JMH and Corrine say thanks for this.


  3. #3
    TheCyberMan's Avatar
    Join Date
    May 2012
    Location
    The Cyberverse
    Posts
    147
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        Compaq 6715B
      • Motherboard:
        HP30C2
      • CPU:
        AMD Turion 64x2 MT TL-64 2.2Ghz
      • Memory:
        SoDimm DDR2 PC2-5300(333Mhz) 4GB
      • Graphics:
        ATI Radeon(IGP) X1250 128Mb
      • Sound Card:
        SoundMax Integrated digital Audio HD audio USB audio
      • Hard Drives:
        FUJITSU MJA2500BH G2 Sata 3.0Gb/s 500GB
      • Disk Drives:
        Optiarc DVD RW AD-7560A ATA Device
      • Power Supply:
        N/A
      • Case:
        N/a
      • Cooling:
        HP Laptop cooling
      • Display:
        Generic PnP Monitor
      • Operating System:
        Windows 7 Ultimatex64 SP1

    Re: Any Tips for Security Home Wi-Fi Router?

    In addition to 2xg's advice users should use Wireless MAC address filtering also to restrict what devices can connect to the router.

    Remove any checkmarks for responding to WAN pings especially with UPNP in mind it can allow an attacker to map your internal network.

    If you have the benefit of a radius server on your network, enhance your encryption level to WPA2 Enterprise and use it to authenticate users before connecting to the network either using username or password or digital certificates. Digital certificates can be used to authenticate routers as well so no rogues get onto the network although these functions are usally found on UTM's such as sonicwall, cisco and Fortinet hardware security devices not home routers.

    These UTM's also provide anti-virus, spyware, IPS and DNS binding, Mac address spoofing, Arp poisoning protection.

    UPNP is not supported at all by default.

    Netbios requests should not be allowed from the internet either this is another way to open up your network to be mapped and used for an attack.

    Reverse DNS should not be allowed as this is used to retrieve machine names.

    Another advantage of the UTM is they have highly configurable firewalls and NAT so restricting services is easy you only allow the neccessry services thru the firewall and discard or deny everything else.

    You can drill down the rules to suit.

    Now home routers do not have the advanced features of the UTM's so restricting certain services will be difficult that come in from the internet unless you are proficient in using the cmd line of the router but can be a minefield.

    Wi-fi is just one component.

    Shields up is a good site for testing what services and ports are listening on the router and computers.
    https://www.grc.com/x/ne.dll?bh0bkyd2

    Hope this helps.

    Edit: Never disable or turn off any security features on the router especially the firewall as this will reduce your security significantly.
    Corrine says thanks for this.

  4. #4

    Join Date
    Apr 2012
    Posts
    207

    Re: Any Tips for Security Home Wi-Fi Router?

    Just passed all shields tests.

  5. #5
    GZ's Avatar
    Join Date
    Apr 2012
    Location
    New Jersey
    Posts
    1,923
    • specs System Specs
      • Manufacturer:
        GZ Technologies LLC
      • Model Number:
        Phenom-INAL
      • Motherboard:
        ASUS M5A97-EVO
      • CPU:
        AMD PhenomII x6 (1100T)
      • Memory:
        16GB Kingston Hyper-X blu PC3-12800
      • Graphics:
        XFX Radeon HD6770
      • Sound Card:
        Realtek ALC892
      • Hard Drives:
        500GB WD Caviar Black / 1TB WD Caviar Black / 1TB Seagate / 500GB Hitachi
      • Disk Drives:
        HP DVD 1270i SATA DVD RW
      • Power Supply:
        Corsair 850TX
      • Case:
        Antec 300
      • Cooling:
        Coolermaster V8 / 2x 12CM intake / 1x 12CM rear exhaust / 1x 14CM top exhaust
      • Display:
        Acer 23in 1920x1080 / Acer 20in
      • Operating System:
        Microsoft Windows 8 Professional x64

    Re: Any Tips for Security Home Wi-Fi Router?

    One last thing that you can do with most modern routers... Uncheck the option to "Broadcast SSID"... If the SSID isn't broadcast, then the network will not be "seen" by most devices. Anyone trying to connect to the network will need to enter the routers SSID as well as the passphrase.

    Also, if you live in a densely populated area, it may be a good idea to change the passphrase occasionally...

    "Among the tales of sorrow and of ruin that come down to us from the darkness of those days there are yet some in which amid weeping there is joy and under the shadow of death light that endures."

    J.R.R. Tolkien - The Silmarillion

  6. #6
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Any Tips for Security Home Wi-Fi Router?

    Quote Originally Posted by 2xg View Post
    It is risky to leave your wireless network unprotected especially if you have critical information (financial, credit cards, bank accounts, etc..) stored in your home computers. If you live in a location thatís not very crowded you may opt not encrypting your network or go for a low network security if you wish or NO... personally it is still best to secure your network whether you live in a busy location or not . How about those network devices (computers and gaming consoles) that donít support WPA2? This can be a big issue; it will be smart to buy new wireless network adapters for those devices that doesn't support WPA2 so that they can handshake with your router and utilize the highest network security.

    Definitely use WPA2 for your wireless network. Both WEP and WPA have been hacked and it will only take minutes to hours to do this. WPA2 can also be hacked but it takes longer - days or weeks for someone to bypass to your network. If you have an older wireless router that doesnít support WPA2, you should consider replacing it since routers now have become very affordable.

    Also, Itís always best to use complex passphrases. Tips for creating strong Passwords and Passphrases.
    Tips for creating strong passwords and passphrases

    Modern routers also support Guest Network - you may create a separate SSID(wireless network name) or multiple SSIDs for your Guests, make sure that you do not enable the LAN access from your routerís setting to prevent your Guests accessing your network files.

    For Home and Small Businesses, it will be best to invest and if you can afford to buy a Security Device (in addition to your routerís security features) e.gÖ. Sonicwall or Fortinet. It will be worth every penny and will protect your investments; rest assured that your network will be protected.

    Hope this helps, this is my honest opinion on securing your wireless networks, others may have a different feedback.
    I've been brought to this thread from a spam post lol, but not necessarily, WPA2 can be cracked in a meer few minutes actually. Rainbow tables will make sure of that. If you're doing anything that requires some level of privacy for your own safety and security, use a wired network connection via LAN. Don't use WiFi period in my opinion. The kind of security has been proven to hardly matter that much, some routers enable extra safeguards I believe, but I still don't do any banking on my WiFi.

    If more people had any idea lol...

    Quote Originally Posted by TheCyberMan View Post
    UPNP is not supported at all by default.
    What do you mean? For a router? Mine was configured with UPNP enabled when I first hooked it up from what I can remember. Unless you mean something different... I was port forwarding my web server storage device connected to a personal cloud service automatically with UPNP a few months back I believe, but I didn't have to enable it manually.

    Quote Originally Posted by GZ View Post
    One last thing that you can do with most modern routers... Uncheck the option to "Broadcast SSID"... If the SSID isn't broadcast, then the network will not be "seen" by most devices. Anyone trying to connect to the network will need to enter the routers SSID as well as the passphrase.

    Also, if you live in a densely populated area, it may be a good idea to change the passphrase occasionally...
    "Most" is a critical keyword here :)
    Last edited by AceInfinity; 02-12-2013 at 04:03 AM.
    Automation Programmer
    Microsoft MVP [2012 - 2018]

  7. #7
    TheCyberMan's Avatar
    Join Date
    May 2012
    Location
    The Cyberverse
    Posts
    147
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        Compaq 6715B
      • Motherboard:
        HP30C2
      • CPU:
        AMD Turion 64x2 MT TL-64 2.2Ghz
      • Memory:
        SoDimm DDR2 PC2-5300(333Mhz) 4GB
      • Graphics:
        ATI Radeon(IGP) X1250 128Mb
      • Sound Card:
        SoundMax Integrated digital Audio HD audio USB audio
      • Hard Drives:
        FUJITSU MJA2500BH G2 Sata 3.0Gb/s 500GB
      • Disk Drives:
        Optiarc DVD RW AD-7560A ATA Device
      • Power Supply:
        N/A
      • Case:
        N/a
      • Cooling:
        HP Laptop cooling
      • Display:
        Generic PnP Monitor
      • Operating System:
        Windows 7 Ultimatex64 SP1

    Re: Any Tips for Security Home Wi-Fi Router?

    What do you mean? For a router? Mine was configured with UPNP enabled when I first hooked it up from what I can remember. Unless you mean something different... I was port forwarding my web server storage device connected to a personal cloud service automatically with UPNP a few months back I believe, but I didn't have to enable it manually.
    You have a sonicwall , Fortinet or similar UTM?

  8. #8
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Any Tips for Security Home Wi-Fi Router?

    Quote Originally Posted by TheCyberMan View Post
    What do you mean? For a router? Mine was configured with UPNP enabled when I first hooked it up from what I can remember. Unless you mean something different... I was port forwarding my web server storage device connected to a personal cloud service automatically with UPNP a few months back I believe, but I didn't have to enable it manually.
    You have a sonicwall , Fortinet or similar UTM?
    Not that I know of? lol, I was just curious as to what you meant. I have a brand new gigabit netgear, and I swapped out my cat5 with a cat6 shielded line a few months ago. You're the networking expert, it's not my thing. I can do all the electronics side, and the programming side of it, but concept wise, it's definitely not my cup of tea.
    Automation Programmer
    Microsoft MVP [2012 - 2018]

  9. #9
    TheCyberMan's Avatar
    Join Date
    May 2012
    Location
    The Cyberverse
    Posts
    147
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        Compaq 6715B
      • Motherboard:
        HP30C2
      • CPU:
        AMD Turion 64x2 MT TL-64 2.2Ghz
      • Memory:
        SoDimm DDR2 PC2-5300(333Mhz) 4GB
      • Graphics:
        ATI Radeon(IGP) X1250 128Mb
      • Sound Card:
        SoundMax Integrated digital Audio HD audio USB audio
      • Hard Drives:
        FUJITSU MJA2500BH G2 Sata 3.0Gb/s 500GB
      • Disk Drives:
        Optiarc DVD RW AD-7560A ATA Device
      • Power Supply:
        N/A
      • Case:
        N/a
      • Cooling:
        HP Laptop cooling
      • Display:
        Generic PnP Monitor
      • Operating System:
        Windows 7 Ultimatex64 SP1

    Re: Any Tips for Security Home Wi-Fi Router?

    Yes home routers have UPNP enabled by default although it is best to disable WAN ping respond so a potential attacker is not able to map your network. Yours is not a utm device by the sound of it but without knowing the model cannot confirm so does not apply.

    If you look at my post i was referring to a unfied threat management(utm) which does not support UPNP by default and does not have a UPNP checkmark box.

    On a utm you would have to use NAT policy rules and firewall rules to forward UPNP ports and netbios services from WAN side.

    NAT rule:

    Source: Any
    Translated source: Original
    Destination: WAN IP address
    Translated Destination: Private IP address
    Service: Netbios
    Translated service: original

    So firewall rule from WAN to LAN may look like this:

    Service: Netbios
    Source: Any(can be drilled down to mac address of connecting source)
    Destination: WAN IP address

    The NAT policy forwards to the actual machine ip address.

    Lan side you forward netbios using a firewall rule any to any on same subnet.

    For devices on a different subnet you use an app named Ip helper and forward netbios from one subnet to another.

    For example you have a Lan subnet 192.168.1.0/24 on XO port and want to allow sharing and network neighboorhood characteristics with another subnet on 192.168.2.0/24 on X2 port.

    You set Ip helper to forward netbios from X0 port to X2 port and vice versa.

    Then create firewall rule to forward netbios from machine x(XO) to machine y(X2) and vice versa, or a group of machines on each of those ports.

    You may or may not get this but may have a little more understanding.

    With a home router you do not have to do this all you do is create the portforwarding rule from WAN to LAN and NAT and firewall is taken care of the rules with NAT and firewall are created for you.
    AceInfinity says thanks for this.

  10. #10
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Any Tips for Security Home Wi-Fi Router?

    I know what UTM is, I just don't believe I have it... All the stuff you talked about, some I do not know, some I vaguely remember. But the kind of networking I do is more protocol based, and dealing with OpenSSL, IRC, FTP etc... Thanks for the information though, it was appreciated
    Automation Programmer
    Microsoft MVP [2012 - 2018]

  11. #11
    TheCyberMan's Avatar
    Join Date
    May 2012
    Location
    The Cyberverse
    Posts
    147
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        Compaq 6715B
      • Motherboard:
        HP30C2
      • CPU:
        AMD Turion 64x2 MT TL-64 2.2Ghz
      • Memory:
        SoDimm DDR2 PC2-5300(333Mhz) 4GB
      • Graphics:
        ATI Radeon(IGP) X1250 128Mb
      • Sound Card:
        SoundMax Integrated digital Audio HD audio USB audio
      • Hard Drives:
        FUJITSU MJA2500BH G2 Sata 3.0Gb/s 500GB
      • Disk Drives:
        Optiarc DVD RW AD-7560A ATA Device
      • Power Supply:
        N/A
      • Case:
        N/a
      • Cooling:
        HP Laptop cooling
      • Display:
        Generic PnP Monitor
      • Operating System:
        Windows 7 Ultimatex64 SP1

    Re: Any Tips for Security Home Wi-Fi Router?

    No problem Ace you are welcome.
    AceInfinity says thanks for this.

Similar Threads

  1. Replies: 0
    Last Post: 02-08-2013, 04:41 PM
  2. Can a router be infected with malware?
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 12-25-2012, 09:04 PM
  3. Replies: 0
    Last Post: 09-20-2012, 11:01 PM
  4. Replies: 0
    Last Post: 07-14-2012, 05:30 AM
  5. Replies: 2
    Last Post: 05-19-2012, 03:07 PM

Log in

Log in