setting up security on Netgear N300 wifi router

I setup a new Netgear N300 router and gave my business the defaults...basically nothing.  I need some assistance as far as setting up some type of security on this thing.  I turned on the wifi which comes predefined with a key, no problem there, but I wanted to know what else I can setup on the wired section.
vulture71Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick TallaricoDecision Support and Systems AnalystCommented:
What firmware are you running?  There is an updated version that has a different interface than the older version.
0
vulture71Author Commented:
Not really sure, I left the client side already.  

Can you tell me in general?
0
vulture71Author Commented:
Hello stpmt11,

I just upgraded my N300 router to version:  V1.1.1.72.  What other security features can I use?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

David Johnson, CD, MVPOwnerCommented:
setup the wireless with wpa2
you  may want to restrict the mac addresses that can access it
TURN OFF or DISABLE QSS it is broken easier than WEP to gain access.
change the administrator name and password from the defaults.
change the SSID from the defaults. Mine is "RCMP_SECURITY_VAN"
0
Darr247Commented:
Which model do you have, specifically?
I searched on netgear's website for "N300" and when the list got to a dozen different models I stopped trying to narrow it down without asking.

WNXR2000
DGNB2100
WNB2100
WNR2200
DGN2200
DGN2200M
WNA3100
WNA3100M
DGND3300
DGN3500
WNR3500
WNR3500L

I use WPA2/AES on the main and guest SSIDs of my WNR3500L running SamKnows firmware, without any problems.

Netgear assumes if the person has physical access to the router so they can plug in a network cable to it, they're supposed to be able to have network access.
What kind of restrictions were you hoping to make on the wired ports?  
You could always epoxy the LAN ports closed... that would secure them.
0
btanExec ConsultantCommented:
Minimally go for wpa2/psk and use not broadcast ssid where possible to avoid unnecessary snooping and attempt to break system via bruorce. This especially if you are allowingcontractor into the wlan as well or public facing. It can be a bridge point into corporate lan, so do segregate these two lan physically if possible through single switch vlan since there is allowing config to vlan hop or bridge.

Have access control list configured to allow trusted and known MAC address for authentication reach. To avoid rogue devices or ap attempting bridge to our ap. Kind of whitelisting. Also change all default admin and user account esp when they can be found easily in admin guide public available.

Some netgear links....also need user security savvy as well

 http://support.netgear.com/app/answers/detail/a_id/112/~/secure-your-wireless-network%3A-wpa%2Fwpa2-(recommended)
 http://support.netgear.com/app/answers/detail/a_id/13112
 http://support.netgear.com/app/answers/detail/a_id/1104/~/guide-to-internet-security
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Darr247Commented:
In my opinion, not broadcasting the SSID just makes it a more-attractive target for hackers.
Then they'll spend days brute forcing the WPA2 security 4 times per minute, because the 'hidden' SSID can be sniffed when authorized users connect to it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.