router security

NoOp glgxg at sbcglobal.net
Thu May 28 18:14:49 UTC 2009 

On 05/28/2009 10:43 AM, Robert Holtzman wrote:
> On Sun, 24 May 2009, NoOp wrote:
> 
>> On 05/24/2009 01:13 PM, Robert Holtzman wrote:
>>> On Fri, 22 May 2009, NoOp wrote:
>> ...
>>>> 7. Assign Static IP Addresses to Devices
>>>> [excellent advise]
>> ...
>>>
>>> I already have most everything on your list implemented with the
>>> exception of #'s 3,5,and 7. 3 and 5, as you observed, give you very
>>> little, if anything. Being a noob with networks, I don't know how to
>>> accomplish #7. Any pointers/links/docs etc?
>>
>> This is setup both in your router and your client (system). Please
>> advise which router(s) you are using.
> 
> It's a Linksys WRT54Gl.

So...
http://ui.linksys.com/files/WRT54GL/4.30.0/Setup.htm
Set your dhcp's to start at 110 (you can pick something different or
keep the 100, but I use 110 for the example) as it's easy to remember my
statics are 100-109, and dhcp are 110-120. Reduce the number of dhcp
users to something reasonable, like 5 or 10 max.

 I also have been running wicd.

In wicd, set your IP to 192.168.1.101 (example) using the advanced
settings: http://wicd.sourceforge.net/screenshot.php
- Use Static IP's
  - 192.168.1.101
  - 255.255.255.0
  - 192.168.1.1
- Use Static DNS
  - 192.168.1.1


>> If you have a linksys router, the firewall in that router should be
>> sufficient when connected to your home network via that router. While
>> roaming Firestarter might be a good idea, but I've only tested it once
>> or twice. So I don't know enough about it to help. You might have a look at:
>> https://help.ubuntu.com/community/Firestarter
>> to see if that helps.
> 
> I have the router firewall enabled and at present have it blocking ftp 
> and telnet. I'll play with it some more.

Use these settings:
http://ui.linksys.com/files/WRT54GL/4.30.0/Security.htm
http://ui.linksys.com/files/WRT54GL/4.30.0/WirelessWPA2.htm

If you're paranoid, you can use Wireless Mac Filters, etc:
http://ui.linksys.com/files/WRT54GL/4.30.0/Wireless-MAC-Filter.htm

The WRT54GL has many security features. Keep your firmware updated and
RTM. Use the links above to experiment with how the settings work - that
way you won't brick your actual router :-)  Check the logs:
http://ui.linksys.com/files/WRT54GL/4.30.0/Admin-Log.htm
regularly. Note: the 'more...' buttons work, so you can also easily read
the added info.

> 
> It dawned on me that the firestarter problem isn't really a problem. 
> Even if it ran on the laptop with the desktop offline, the desktop 
> would be vulnerable as soon as I connected it.
> 
> I was wondering if wpa was cracked and the router breached, would the 
> firewall(s) be bypassed (or am I being *too* paranoid)?
> 
> I've also been considering forgetting about wireless and going to a 
> crossover cable or a hard wired non-wireless router. Loss of roaming 
> wouldn't be a problem and the laptop would only be used in one or two 
> locations in the house. It seems that would give the same security as 
> the present hardwired desktop. Opinions?

Nah. Hardwired is good (all of my systems are with the exception of the
laptops), but wireless is just fine if you just pay attention to your
security settings.

More information about the ubuntu-users mailing list