Solved

How to configure my wired and wireless securely?

Posted on 2015-01-28
6
178 Views
Last Modified: 2015-03-04
I currently have a network setup in my home.  I have several Win7 pro machines,  two printers and a NAS where I store all my converted LP’s and cassette  (about 4Tb’s) connective CAT5 to my switch.  On occasion I connect my wife’s and my laptops wirelessly.  (I have a 2Gb connection with my ISP).

I have been trying to secure my network and wireless connections:   I have been using DHCP via my wireless router to assign IP address to my devices,  but I have been reading articles and a few articles in the local papers where Hackers (have and can infiltrate wireless networks).  Thus I have started to:

1.      Turn off my wireless network when not using it.
2.       Allow access only via MAC addresses
3.      Use WPA-2 encryption
4.      Disable broadcasting of my SSID
5.      *trying to determine how to disable ports that I don’t need open.

However,  I am confused as to how to reset/restructure my network  --  without the wireless router ON.  In particular  --  using my switch with the direct connection from my ISP  --  it would seem that I’m exposing my network devices  (should I have a filter, buffer, firewall  or another type of protection device)?  My intention to protect my computers and other devices  --  however have enjoy a speedy internet connections.  

Is there a means by which  --  I can setup my network  (using 192.168.0.0  or private addressing and yet once I power up my wireless router that my wireless devices can access my wired network devices and storage?
0
Comment
Question by:misterd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 96

Expert Comment

by:Experienced Member
ID: 40576163
If you need absolute security, all you can do is turn everything off.

To be reasonable, WPA-2 or greater with very strong passwords (mine is about 30 characters long with special characters) will defeat drive by hackers. Someone would have to sit outside your dwelling for a long time to break this. And you need to be worth breaking into.

Also secure your computers with user names and strong passwords with special characters. This prevents people from logging on if they do break in.

Finally do NOT go to dodgy sites. At the 99% level, people are NOT hapless victims. You invite viruses in and that has nothing to do with the security above.

In short it is very easy to secure yourself very well. I have never been hacked and my desktop has been running connected to the internet for over 10 years.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40577401
The way home networks get attacked is if they are easy targets. Patch the WiFi's OS when possible, there are often hardcoded backdoors or bugs/flaws that allow for an easy take over.
http://www.scmagazine.com/black-hat-researchers-take-over-linksys-router-with-simple-javascript/article/252521/
http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers
The bottom line, use WPA2, don't worry about the SSID broadcast, it's not really hidden if you look promiscuously, and using MAC address auth is a good way to shore up the defenses locally. Turn off access to the remote management if you can, I use DD-WRT on my routers, and it allows you to only have access to the GUI if your going over the 4 wired ports if you choose. In your home, the wired part should be secure, you can always do more, but they have to get in through the cable modem and then your wifi first. Well that's not 100% true, someone can download and execute something that gives an attacker a backdoor, so make sure you have backups, perhaps turn off your NAS unless your using it. CryptoLocker and it's ilk could cost you if you don't.
Use the GRC Shields up test to see what port are open to your home from an attackers perspective, and see if there are any you can close.
-rich
0
 

Author Comment

by:misterd
ID: 40616900
I was hoping to receive something more than I have already done: changed the paraphrase 40 characters, changed the SSID, ENABLED ENCRYPTION, use mac filtering, upgraded my router’s firmware.

like what I found from my continued research:  If "serious about wireless security" only use the wireless device as an "access point"  -  disable the DHCP for the router, next install/use a server for (DNS and DCHP) and a modern switch.   Using static IP addresses on home networks gives somewhat better protection against network security problems than does DHCP address assignment.

My investigations have shown that it "depends on how serious a person is about "security".   The way I have been approaching this was:  having my NAS always available,  the wireless --  I COULD turn off,  (however for long period of time where I KNOW that is not going to be used  (shut it down);  but I do like the server and Wireless router ONLY as an access point better.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 96

Expert Comment

by:Experienced Member
ID: 40616913
but I do like the server and Wireless router ONLY as an access point better.  <--- I think you can safely leave Wi-Fi on but you just need to secure it very well. I leave my Wi-Fi on all the time without issue.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 40617165
Static IP's add nothing, you can assign your own IP, if you get past the password/phrase.
40-Character is nice and all, but you'll be fine with half that using wpa2. Some wifi OS's allow you to control who can see who as well, you can keep other clients from communicating with other wifi clients, and or make exceptions.
http://www.dd-wrt.com/wiki/index.php/Advanced_wireless_settings#AP_Isolation
The basics are very applicable, and you do not have to be super paranoid unless you data is that valuable. If it is, use wired instead. Perhaps you have a wifi still, but the only access to your NAS is through you RDP'ing into a windows machine, or being physically present at the machine. Some WIFI's allow you to have two SSID's, use one for guest and the other for your more critical information.
Have proper backups of whatever data is important, and use the tried and true wifi best practices.
Here's my paranoia settings:
Wifi management can only be reached by WIRED clients.
WPA2-TKIP using PreSharedKey
802.1x Mac address restrictions on SOME hosts...
AP Isolation for SOME hosts.
SSID = Broadcast
DHCP = Enabled
The host's that are on Wifi have their own firewall settings and security controls as well.
-rich
0
 

Author Closing Comment

by:misterd
ID: 40645253
I am very paranoid about my data (military info diggers)  very little trust.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question