newbie - how to improve my network security

L

loire_laguna

n00b
Joined
Jan 20, 2005
Messages
15
I am looking for advice on how to improve my network's security. I surf the web, youtube, etc. and I download files via usenet on a SSL connection. Most importantly is my overall data protection and the fact that I use online banking.

I don't have alot of money, but my main requirements are a GUI to manager whatever device is suggested.

I am not new to computers, many years experience building/repairing them. I also was a web developer for 6+ years, (not to good with coding so i got out of that game).

I am very inexperienced when it comes to network security & network hardware.

I really need the suggested hardware to be low on the power consumption side.

I'm hoping to keep my purchase at most $150, preferably lower.

This is my network:
iFMaR.jpg


It has setup of a WPA2-Personal passkey security with mac address filtering enabled and SSID broadcasting disabled.

My internet package: Buisness SOHO Standard - 16 mbps Down - 1 mbps Up
 
Last edited:
okay, how would i go about pfsense?

do i need another cheap pc w/windows?

and where would i put the hardware in my network diagram that runs pfsense?
 
loire_laguna said:
okay, how would i go about pfsense?

do i need another cheap pc w/windows?

and where would i put the hardware in my network diagram that runs pfsense?
Click to expand...
I would recommend getting a used Watchguard Firebox X700 and then using this guide to install pfSense on it. This may require getting out of your comfort zone for just a little bit, but after installation you can use the pfSense GUI. It's worth it.

pfSense is its own OS if you will. You download the pfSense ISO and then use a program like ImgBurn to burn that ISO file (also known as an 'image') to a CD or DVD. You boot off of this CD or DVD on the machine you want to install pfSense and follow the instructions in the pfSense documentation to get it installed on said machine. After it is installed, the machine will boot up like any other PC -- but instead of booting to the operating system Windows it boots to pfSense.

You would want to replace the Linksys WRT54GL with this device. And then, you could plug the Linksys WRT54GL into one of the 8 ethernet ports on the X700. Make sure you don't use the WAN port on the Linksys, but have just a regular ethernet to regular ethernet connection between the Linksys and X700. You will have to configure your Linksys to act as a switch instead of a router (there are guides on the internet for this -- just not sure if you want to go this far, and if you do, I can provide links to resources). The X700 will not have wireless, but could turn the Linksys into a wireless access point + switch. This way you wouldn't waste resources or need to buy more.
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
thank you for the detailed instructions and links...

i would like the links to resources for turning the linksys into a switch + wireless.

i'll read up and see what i can do with this.
 
Just curious, what is wrong with your current setup as far as security goes? Aside from being a consumer device, your router is being your firewall and your security seems fine in a general sense. What are you looking to improve?
 
good question....i had thought it would make my security stronger.

and i am excited at the idea of trying something new... so you see no real benefit huh? if so, then i don't want to spend the money for nothing.

so it's not really worth it?
 
loire_laguna said:
good question....i had thought it would make my security stronger.

and i am excited at the idea of trying something new... so you see no real benefit huh? if so, then i don't want to spend the money for nothing.

so it's not really worth it?
Click to expand...
You're current setup is fine. Unless you want to venture out into unknown territory, you really don't need to do anything with your network. You've already got a WRT54GL with its firmware replaced, wireless access, and WPA2. You're good to go.
 
there isnt much you can do really with out getting into buisness grade stuff.

Sure pfsense / untangle can provide better monitoring and things like blocking things better, but you likely dont need it.

use programs like KeePass and dont save passwords in forms.

make sure you use a strong key on your WPA2 access, nothing something easy.

also mac address filtering and SSID disabled is useless , in the sense that if someone really wants to get into your wireless system, these 2 options do nothing to stop them.
 
Just gonna add my two cents like the above poster said.

MAC filtering is completely useless. All an attacker would have to do is look at a MAC address connected to the network, and change his own MAC to match yours. As for SSID broadcasting, it's actually more dangerous to hide the SSID than it is to broadcast it. It's actually quite popular these days for people to set up honeypots to snatch up people who connect to networks that aren't broadcasting.

The only thing you need to keep a secure networks is...

WPA/WPA2 with a strong password not likely found in a dictionary.
SSID that is not on this list
If you have the option, lower the transmit power of the router as low as possible but still maintain connection to your devices.

An attacker cannot inject packets nor sniff an AP that has a low signal because the amount of failed injections would be so high that its not worth wasting the time.
 
And speaking of KeePass, just use the Password Generator in KeePass to generate a 63-character complex password to use for WPA2. Nobody will break that in your lifetime (hopefully).

Additionally, you can use SSID for fun. i.e. FBI_SURVEILLANCE_VAN
 
i love keepass, got it at work and now forcing all people to use it, no more sticky note crap.

Here is the bottom line.

if someone wants to break into your wireless, they will, period, nothing you can do about it.

just like if someone really wants to steal your car.. they will.

the best you can do is scare of the amateurs which is %99.9999 of the people around you.

Think, why would someone want your data?
 
You must log in or register to reply here.
Back
Top