Sercuring my wireless network.

[Nokia]

Ok, I have read the tut's on this site for advice on how to secure and setup my wireless network and this is what I have done so far. Hopefully people can point me in the right direction if I have gone wrong.

I am pretty new to networking as far as the actual bits of hardawre and their respective jobs go. I am a A+ PC engineer guy and only have a very basic understanding of networking.

Heres what I have done: ( all this is for a home network not office)

I have 3 home made PC's 1 sony VIAO laptop and a laptop that I have knocked up myself, all are running Win xp home except for one desktop that has win xp pro.

As a temporary solution before now I had to unplug my adsl modem and connect it to each machine as and when I wanted it to have internet acsess.

Yesterday I bought a Belkin ADSL modem with a built in wireless router, after a lengthy discussion with the guy in the shop I found out what a router does (kind of)

I have set it up with just my VIAO for now. I have a Linksys wireless pc card which as I understand it talks to the wireless router which talks to the adsl modem which talks to my ISP which gets me online??

Security measure I have taken so far are to:

Change the password on the router,
Change the SSID,
Stopped the router from broardcasting the SSID,
Enabled 128 bit WEP,
Disabled net bios over tcp/ip (on my laptop)
Enabled the firewall,
Blocked incoming ICMP,
Set it so that only a machine with my IP addy can logon to the router and make changes,
Set it so that it will only allow internet acsess to someone with my MAC address.

The way I look at it is the weak part of it is the actual wireless link between my laptop and the router, however I live on an army base not a resedential area so I dont think I need to worry about it this too much.

My main concern is secuing the router from acsess from the internet, I ran LanGuard against it and it came up with 48 CGI abuses.
I was able to exploit 8 of these myself to gain acsess to the router config page!

It also said that it was running a http proxy on port 8080, [glowpurple]why would it need to run this?[/glowpurple]

It said it was running an ftpserver, luckily its not annonomous but I cant find anywhere that mentions this feature in the config page so I cant turn it off[glowpurple](does it need to run this to function properly)[/glowpurple]
Its running apache 0.6.5 web server [glowpurple](why would it need to do this)[/glowpurple]

Its also running SNMP, using the SNMP walk feature of languard I was able to get all the information I would need to do all the things to my network that I dont want anyone to do!!
[glowpurple]Could someone explain what SNMP is[/glowpurple] (i know what it stands for but thats about it) [glowpurple]and if I can turn it off or atleast stop it giving away so much information.[/glowpurple]

Whaqt i am not sure of is, obviously I am giving Languard all the nesessery permissions the get acsess to my network through my firewall so would this turn up different info that someone who is out side my network scanning in to it?

Could anyone suggest any other way of securing my routerfrom internet attacks??

IP addresses

The way I understand it now is that the IP addy my laptop has now is just a local one to get me talking to the router (is this right), the router also has an IP addy that i use to log onto it to configure it and such(??) but it also gets another IP from my ISP to let me on the internet(??) so insted of assigning me an IP addy my isp now assigns it to the router,[glowpurple]is this right??. [/glowpurple] If it is there a way of telling what the IP that my isp has assigned is without going to the router config page(???) I have tried ipconfig /all from the cmd prompt but it just gives me the local ip's that I have set!.

Sorry it quite a long post but as you can appreciate it would prob take a while googleing all the info I need

[D0pp139an93r]

I don't know much about your Belkin Modem/router contraption, but there is most likely an option to disable remote administration. This should solve your major security hole, ie remote administration.

I personally would have gone with a modem (whatever brand) and a nice Linksys router. I have found Linksys to be very good in terms of stability, reliability, and security.

Other than that it sounds like you have done an excellent job on the router (Does it have the ability to do anything other than WEP?) Now it is time to start on the PC's. Stop any unnecessary service, make sure everything is patched, and never use an Administrator account (Unless necessary) on the XP Pro box.

I'm sure that more will follow...

Have a nice day.



Hmmm. I seem to be in an unusually good mood..... Weird...


EDIT: The wireless part is not as big of a security problem as everyone says it is, as long as you read the logs, and make sure it can't be reached from the street or something, you are pretty much covered. Watch out for the neighbors though...

[CXGJarrod]

Did you run Languard on your own IP address? (Scanning the machine that you are scanning from) If so, that will not work, because you are not attacking your computer from the outside world. (and so not going through the firewall) Also, scanning the router from the "inside" will not show you the same results as if someone scanned you from the net. Have you downloaded all the latest firmware from Belkin for the router? What model number of router is it?

[Nokia]

No, I ran languard guard against the router not my laptop. Thats what i was wondering, i was'nt sure if i would get the same results scanning my router from inside the network as opposed to out side of it, would there be a big difference in the results do you think?

[D0pp139an93r]

[glowpurple]DAMN SKIPPY THERE'S A DIFFERENCE! [/glowpurple]



Yes, it does matter. Scan from the outside next time.

[Ghost_25inf]

(Its also running SNMP, using the SNMP walk feature of languard I was able to get all the information I would need to do all the things to my network that I dont want anyone to do!!
Could someone explain what SNMP is )

Short for Simple Network Management Protocol, a set of protocols for managing complex networks. The first versions of SNMP were developed in the early 80s. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters.

Sounds to me that you are over parinoid, first off if someone is to find your router they are going to need to find out the internal IPs running, and if you changed the default IP (192.168.1.1) to something different like 10.51.0.1 with a subnet mask of a class C address you have given the hackers a even harder task of finding the correct ip and subnet mask.

I would turn off the FTP unless u use it for something.

Port 8080 is for the internet explorer u see when you send data it goes out on port 80 but when informaiton is sent back I beleive it comes back in on port 8080 http://grc.com/port_8080.htm

[Nokia]

When i was using the snmp walk feature i was able to get a list of all the internal IP's (well there is only 1 at the mo, but there will be more)
This was why i was quite alarmed but maybe it was because i was scanning from the inside as D0pp139an93r said theres a darn skippy difference!

[CXGJarrod]

Originally posted here by Ghost_25inf
Sounds to me that you are over parinoid, first off if someone is to find your router they are going to need to find out the internal IPs running, and if you changed the default IP (192.168.1.1) to something different like 10.51.0.1 with a subnet mask of a class C address you have given the hackers a even harder task of finding the correct ip and subnet mask.

I would turn off the FTP unless u use it for something.

[/url]

The 192.168.0.1 address range is what Dlink routers use as the default. The FTP service was only running because he scanned the DLINK router. (Which probably has the FTP enabled for updates)

Do you have remote administration turned off? (Most do this by default now, but some do not)

[Ghost_25inf]

The 192.168.0.1 address range is what Dlink routers use as the default. The FTP service was only running because he scanned the DLINK router. (Which probably has the FTP enabled for updates)

Linksys routers default ip is also 192.168.1.1 and so is US Robotics but thats not the point I wasnt tryin to tell him what his default was I was nearly explaining that he should change his default ip address to something different. If FTP was scanned internally then it will show up. but if he sets his updates to manual it wont show. Right?

[Nokia]

Ive turned auto updating off and disabled the remote managment and rescanned, ftp still showed up, there isnt an option to turn this off in the config screen so i presume it is a built in thing for firmware updates etc???

I connect through my browser to the router by typing the ip into the address bar, is this only available to a computer on my network or can it be done from anywere on the internet?