Monday, 28 August 2017

security - How to properly secure a wireless home network


I'm soon going to be setting up a wireless network for me and some buddies and (hopefully) making it secure. I have some questions and concerns regarding this and figured someone here could give me a hand and steer me in the right direction.




  • I have a WRT55AG (version 2) loaded with the factory firmware. I've heard that it's possible to load your own firmware onto routers like these. Is it worth it? What can be achieved with it?




  • I was wondering what kind of security I should use on my wireless. Ideally I would want all devices to be 'accepted', but I'm not sure how to accomplish this. I'm guessing it has something to do with MAC addresses, but I don't know the first thing about them. It would be great that ALONG WITH encryption (I'm told WPA2 is the best), every device would need to be added to a list of some sort before even being able to access the AP.




  • Another feature I was thinking of would be completely hiding my wireless from showing up on other people's computer. Is this possible (like an SSID broadcast thing). Is it worth the trouble?




  • One more option I was looking to implement would be bandwidth calculators. Ideally something in the router to measure the amount of bandwidth being used and how much has been used for that month (this has to do with bills and limits, obviously). Is it possible to throttle down speed when a certain limit is reached?




These are alot of points but I was hoping someone who has more knowledge than me in this subject could give me a hand and a few pointers. Hopefully all this is possible and I'm not dreaming :)



Answer



Ok I'll address the points that I can: Yes it is possible to upgrade, or change the firmware on your router to another type. In doing so you will gain access to a far greater set of settings that you wouldn't already have on the factory firmware. Have a look at this article for a good idea of how to do it using DD-WRT: http://www.howtogeek.com/56612/turn-your-home-router-into-a-super-powered-router-with-dd-wrt/


WPA2 is a great encryption method which basically lets anyone who knows your passphrase connect. What you are also talking about is MAC address filtering which basically adds another layer of security to the connection meaning that if you add MAC filtering to the connection then although you know the passphrase if your MAC address is not in the table you won't be able to connect. A MAC address is just basically unique identifier associated to a specific piece of hardware. You would need to know the devices MAC address before they could connect as you would have to add it to the table in the router's security settings section.


Turning off your SSID is easily possible. That way your network would not show up when a computer or device scans for available networks. People trying to connect would have to do so manually having to enter your SSID name in the connect to dialogue box. Is it worth it? Well it is just another layer of security so yes if that is what you want. Bear in mind though that any serious hacker worth their salt could bypass this without much effort.


Bandwidth calculators. If you want this then that pretty much makes the decision about point 1 for you. You will need to change the firmware on the router if you want this functionality.


I would have a read of that article above and then decide if you are comfortable doing what it suggests. Good Luck.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...