Results 1 to 9 of 9

Thread: Securing a wired home network

  1. #1

    Question Securing a wired home network

    Hi guys

    I've been a lurker here for some time just basically browsing the forums but now I need to ask for your advice with regards to my (fanfare) newly created home network !

    Basically I have two PCs at home now connected via Ethernet cables to a Linksys router. I want to set up the PCs so that they can share files and an internet connection. Whilst I'm not completely incompetent when it comes to securing an individual PC (As I'm a regular reader I'm very much aware of the important of patches, application updates, using software to remove malware and spyware etc), I'm concsiously incompetent when it comes to network security.

    I wondered if you guys would be able to help me compile a tick list of things that I need to ensure I look at in order to feel comfortable that my network has the level of protection appropriate. Can anyone give me a "starter for ten" as Bamber Gascoigne might have once said ?

    Cheers guys

    Dom

    PS - I forgot to add that both PCs are running Windows, one is running XP Pro, the other XP Home. One uses Zone Alarm Personal Firewall and AVG anti virus, the other has a version of McAffee's personal firewall/antivirus bundle, although I'm not sure what version it is. I do know that all of the apps are updated.

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    I dont feel like making the whole list right now, but I'll do some prodding to get things moving along.

    First Question, does your linksys router have wi-fi? Is the router still running the default settings that it was shipped with. Have you changed the settings to open up any internet facing services? What model is the router? Are your PCs fully up-to-date in Microsoft's eyes? I'll start with that for now.
    -NeuTron

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Step 1. change the default user name and password for the router
    step 2. Use static IPs in the 10.X.X.X range instead of the default 192.X.X.X
    Step 3. Only allow the 2 IPs that you set to be active (do not make these IPS X.X.X.2 and . 3)
    Step 4. make sure BOTH machines are fully patched and have an active AV program

    if it is wireless, let me know. I have a mini tut. on how to secure wireless if you would like.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Uhm, not to undermine my colleagues, but can you even do this? Is it for sure a router? As in it has a WAN port and a few LAN ports? You didn't give model #'s or anything, and that is a mistake a lot of people make.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Posts
    1
    Hi domtheboy,

    First and foremost if you are running a Wireless router... and not using it, then see if there is a option to turn it off. Else turn on WPA encryption even if you don't have a wireless computer.

    Also turn of the DHCP server on the router. Stick to manual I.P addresses. A SPI firewall on the router is sort of a standard nowadays coz it gives an added security blanket.

    AND..........You need to follow a security policy and visit only trusted ZONES....

    Hope that's useful
    Jateen

  6. #6
    Hi guys

    Thanks for your initial posts - I'm writing from work at the moment and I can't recall the exact model of the router, I know it is a Linksys BEFR series model, I think it may be the BEFSR41 model found here:

    http://www.linksys.com/products/prod...id=29&prid=561

    I am certain however that it does not incorporate a wireless facility, the reason I am certain is that the model I chose was much cheaper than some of the other options principally because it will only allow you to connect up to 4 pc's via a wired network.

    I can confirm the router is running with it's deafult settings as I have not yet made any alterations to the configuration. I can also confirm that both machines are fully patched as of yesterday and are both running an up to date A/V program. Both also have firewalls, although I did disable these at one point whilst setting up the network - I will need to re-enable both of these also but in a way that will not interefere with connectivity between the two.

    Hope this info is useful !

    Thanks

    Dominic

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    http://www.antionline.com/fight-back...able_Modem.php

    This might help. The FightBack directory has a lot of decent articles.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    My general policy with network security is that the network will only be as strong as the weakest computer. If you keep your computers locked down, your netowkr will be pretty decent. Just be sure to do as I said before and change that username and password on your router from the default, use a strong password, and keep the firmware up to date.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  9. #9
    im not sure if your interested but there are single box firewalls you can make if you have a extra old machine at home, some good single box firewall programs are www.smoothwall.org and m0n0 firewall (google it) those are zeroes in m0n0. you get a older box with two net cards burn the cd for the firewall and can remotely watch it from anywhere, i have smoothwall and havent tried m0n0 yet but its run from freebsd and smoothwall is linux. also about the wireless security, there is pretty much no way to stop against wireless attacks unless you dont have it at all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •