router security

scott redhowlingwolves at nc.rr.com
Sun May 24 23:20:23 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Holtzman wrote:
> On Fri, 22 May 2009, NoOp wrote:
> 
>> On 05/22/2009 04:53 PM, Robert Holtzman wrote:
>>> I'm running a Linksys wireless router with wpa encryption for my
>>> laptop and a desktop is hardwired into it. I'm wondering how
>>> secure the wired connection is in as much as wireless isn't
>>> involved. It seems as though the wired connection wouldn't be
>>> secure if the router got cracked. The router has a 64 hex character
>>> passphrase.
>>>
>>> Anyone knowledgeable have any thoughts on this?
>>>
>> In addition to what has already been posted: I think that simple common
>> sense security actions will keep you safe for the time being.
>>
>> For simplicity sake:
>> http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
>> My comments added to the titles.
>>
>> 1. Change Default Administrator Passwords (and Usernames)
>> [you'd be surprised how many people neglect this simple step]
>> 2. Turn on (Compatible) WPA / WEP Encryption
>> [whatever you do, don't touch WEP and *only* use WPA]
>> 3. Change the Default SSID
>> [again a simple step - not really much use IMO but easy to do]
>> 5. Disable SSID Broadcast
>> [won't do much of anything as a cracker will find you anyway]
>> 6. Do Not Auto-Connect to Open Wi-Fi Networks
>> [goes without commenting]
>> 7. Assign Static IP Addresses to Devices
>> [excellent advise]
>> 8. Enable Firewalls On Each Computer and the Router
>> [goes without commenting]
>> 9. Position the Router or Access Point Safely
>> [tin hats... but not really a bad suggestion]
>> 10. Turn Off the Network During Extended Periods of Non-Use
>> [execellent suggestion -- don't leave home for vacation with it on]
>>
>> 11. Follow info in https://help.ubuntu.com/community/Security
>> 12. Look into changing default ports that you leave open for services
>> such as vnc, ssh, etc., it won't keep a determined cracker out, but it
>> will make it harder for them.
>> 13. Keep the firmware in your router up-to-date & make a habit of
>> checking the router logs on a regular basis. Also make sure that you
>> bookmark and check the router vendor forums, support sections, and
>> update pages, and check them on a regular basis.
>> 14. Be security conscious... sounds silly doesn't it? Don't be paranoid,
>> but just think of your network as an open house invitation for your home
>> advertised on craigslist or ebay. Once advertised, someone is liable to
>> test the locks on the front door, the back door, windows, etc. Just as
>> you'd take the most basic measures to protect your house and your
>> personal security, do the same for your network.
>> - Don't advertise too much
>> - Secure the locks that you have and add more if needed. Test them on a
>> regular basis
>> - Close windows & doors if you are not using them & don't leave the
>> garage door open so that anyone passing by can see from the street
>> - Keep in touch with local crime, neighorhood watch, and the local
>> police (remember this part is analogous to computer security)
> 
> I already have most everything on your list implemented with the 
> exception of #'s 3,5,and 7. 3 and 5, as you observed, give you very 
> little, if anything. Being a noob with networks, I don't know how to 
> accomplish #7. Any pointers/links/docs etc?
> 
> The only real problem is the firewall. I use Firestarter and if I try to 
> run it on the laptop with the desktop connection shut down Firestarter 
> refuses to start. The error message is
> 
> The device eth0 is not ready,
> Please check your network device settings and make sure your
> internet connection is active.
> 
> I sent an email to Firestarter support but it's too soon for a reply. 
> Again eth0 being offline is intentional, at least until I research 
> fail2ban and iptables further. Any other thoughts welcome.
> 
> Thanks again for your time.
> 
Firestarter is a simple gui app for IPTables. If you want a pre-written,
well thought out IPTables, try Arno-IPTables-Firewall. It's in the
repos. You can learn a lot about how IPTables works just by examining
his configuration.

Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoZ1jAACgkQFQICCHwe04In1ACfUUwmt3B8vhAzPZL7cNKbYYG8
9bQAoJzRe13tOdN9bi8zBG3BbV6qKy0B
=D0H5
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list