Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
How to protect the wi-fi router and home LAN.
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 859386" data-attributes="member: 82776"><p>Thx for the info: I asked the system admin where I am working now. He said chances of being hacked by a real hacker are near zero, chances of being hacked by a script kiddy trying to evade parental control is low, but real, so his advice was:</p><p></p><p><strong>Must-do</strong></p><ol> <li data-xf-list-type="ol">Access your router's console (e.g. 192.168.0.1) from a wired cable connection (not WIFI).Look for an option in the router's manual to access the console via HTTPS only (meaning an encrypted/secured connection). When not: bad luck, you always should configure your router from a wired connection (not WIFI). When your router has that option, enable it and you can access the router via a wireless (WiFi) connection.</li> <li data-xf-list-type="ol">Change ADMIN and USER names - choose long pass phrases as password.</li> <li data-xf-list-type="ol">Setup a guest network with a lease time of 12 or 24 hours (guest network is separated from home network)</li> <li data-xf-list-type="ol">Choose the strongest encryption option for Wi-Fi networks (currently WPA2) and a long passphrase for home network and complex password for accessing the guest network and rename these networks to a name which is not tied to your address or family name.</li> <li data-xf-list-type="ol">Connect all personal devices of family members to home network and connect all IOT devices (smart TV, security camera's, smart central heating, etc) to the guest network and limit the lease time of the guest network to 24 hours.</li> </ol><p></p><p><strong>Should-do</strong></p><ol> <li data-xf-list-type="ol">Disable features you don't need (anymore): think of DeMilitarizedZone, Universal Plug and Play, Wifi Protected Setup</li> <li data-xf-list-type="ol">Disable remote stuff you probably don't need like: Telnet, SSH, Web Access From WAN (remote access to router console)</li> <li data-xf-list-type="ol">Check to enable both IP4 and IP6 firewall and browse through advanced firewall options for additional protection, look for<br /> malformed packets protection, - IP-flood/ DDoS protection, detect spoofing (attacks). When an option is not enabled by default, Google to understand what it does and enable wisely not blindly.</li> <li data-xf-list-type="ol">Limit the IP-range of your guest network to the maximum number of guests you ever had on a house party plus 10, limit the IP-range of your home network to all personal devices plus 5.</li> <li data-xf-list-type="ol">Check to see whether router has parental control and limit access (internet) time for the devices of your children.</li> </ol><p><strong>Optional</strong></p><ol> <li data-xf-list-type="ol">When there was something mentioned on the Must-do or Should-do you had not heard of before, stop here! You are entering the over-my-head zone and risk locking yourself out or degrading performance and/or security of your network by setting or implementing it incorrectly</li> <li data-xf-list-type="ol">When you had a "what else is new" experience while reading the Must-do and Should-do checklist, you probably have bought a high end router or a router which had an open source console. You know better, you don't need this checklist.</li> </ol></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 859386, member: 82776"] Thx for the info: I asked the system admin where I am working now. He said chances of being hacked by a real hacker are near zero, chances of being hacked by a script kiddy trying to evade parental control is low, but real, so his advice was: [B]Must-do[/B] [LIST=1] [*]Access your router's console (e.g. 192.168.0.1) from a wired cable connection (not WIFI).Look for an option in the router's manual to access the console via HTTPS only (meaning an encrypted/secured connection). When not: bad luck, you always should configure your router from a wired connection (not WIFI). When your router has that option, enable it and you can access the router via a wireless (WiFi) connection. [*]Change ADMIN and USER names - choose long pass phrases as password. [*]Setup a guest network with a lease time of 12 or 24 hours (guest network is separated from home network) [*]Choose the strongest encryption option for Wi-Fi networks (currently WPA2) and a long passphrase for home network and complex password for accessing the guest network and rename these networks to a name which is not tied to your address or family name. [*]Connect all personal devices of family members to home network and connect all IOT devices (smart TV, security camera's, smart central heating, etc) to the guest network and limit the lease time of the guest network to 24 hours. [/LIST] [B]Should-do[/B] [LIST=1] [*]Disable features you don't need (anymore): think of DeMilitarizedZone, Universal Plug and Play, Wifi Protected Setup [*]Disable remote stuff you probably don't need like: Telnet, SSH, Web Access From WAN (remote access to router console) [*]Check to enable both IP4 and IP6 firewall and browse through advanced firewall options for additional protection, look for malformed packets protection, - IP-flood/ DDoS protection, detect spoofing (attacks). When an option is not enabled by default, Google to understand what it does and enable wisely not blindly. [*]Limit the IP-range of your guest network to the maximum number of guests you ever had on a house party plus 10, limit the IP-range of your home network to all personal devices plus 5. [*]Check to see whether router has parental control and limit access (internet) time for the devices of your children. [/LIST] [B]Optional[/B] [LIST=1] [*]When there was something mentioned on the Must-do or Should-do you had not heard of before, stop here! You are entering the over-my-head zone and risk locking yourself out or degrading performance and/or security of your network by setting or implementing it incorrectly [*]When you had a "what else is new" experience while reading the Must-do and Should-do checklist, you probably have bought a high end router or a router which had an open source console. You know better, you don't need this checklist. [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
