Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Secure your home Wi-Fi network (simple Must Do)
Message
<blockquote data-quote="Amelith Nargothrond" data-source="post: 619489" data-attributes="member: 60405"><p>You can also use, if this is possible (you need compatible routers and clients), only AC (so only 5GHz), disabling anything else, as you limit the number of attempted attacks by 99%. 5GHz is not very good at traveling long distances and the attacker needs to be very close for even attempting to try to hack your network.</p><p></p><p>Never use anything lower than WPA2. Any lower encryption is easy to hack.</p><p></p><p>Always change your router's interface default user and password (both if possible, not just the password).</p><p></p><p>As [USER=52792]@Myriad[/USER] said, disabling WPS is a must. But in many cases, just by disabling WPS from your original router's firmware/interface is not enough, as it is still active, just not (that) responsive. If you really need to harden your security, you should try (see if it's possible at all) to disable it logging into the router's ssh. If you have an "unbrickable" router (one that has a "second bootloader"), try to delete the entire wps related files from the router via ssh. I did it many times (some never boot after, so this is why you need this second bootloader, to upload a new firmware file and restore your router). Yeah, it logs some errors when it boots, I personally don't care. Some custom firmware even allows to to change the WPS button functionality, like it will disable WIFI, that's very nice.</p><p></p><p>You can also consider changing your router's firmware with dd-wrt-like firmware (or Merlin if you have an Asus). But, as with every other custom stuff, there are risks. But if you take them, an entirely different world opens in front of you, you can turn your $50 router into a $500 one. But this is really advanced, you may also brick your router if you don't do it exactly as it needs to be done.</p><p></p><p>You can also open an isolated guest network with N compatibility on 5GHz as well, but if you have another router or firewall before the wireless one, make sure you also isolate the firewall's subnet(s) on the guest wifi network and allow only internet access. All routers guest isolation refers only to the wifi router's internal subnets, not the one before it.</p><p></p><p>Another thing to do, but again it depends on the router, is to disable the isolated guest network when you don't need it with a mobile client because it's extremely convenient, fast and easy (and re-enable it when needed). Asus has a nice mobile client for their newer routers.</p><p></p><p>Going even further for the paranoid, you should build your own firewall and put it before the wifi router (like pfsense) and use that to secure your entire network. Disable file and printer sharing, network discovery on all your devices and on all profiles, connect to the internet always using a VPN etc. etc. etc. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>Update 1: one thing the user never does, is to <strong>regularly</strong> update their firmware, not just when he buys the router. Most of them forget this part <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p>Update 2: never ever browse the internet without https while on WIFI</p><p>Update 3: Always use a VPN on your phone, more so if you connect to public WIFI networks</p></blockquote><p></p>
[QUOTE="Amelith Nargothrond, post: 619489, member: 60405"] You can also use, if this is possible (you need compatible routers and clients), only AC (so only 5GHz), disabling anything else, as you limit the number of attempted attacks by 99%. 5GHz is not very good at traveling long distances and the attacker needs to be very close for even attempting to try to hack your network. Never use anything lower than WPA2. Any lower encryption is easy to hack. Always change your router's interface default user and password (both if possible, not just the password). As [USER=52792]@Myriad[/USER] said, disabling WPS is a must. But in many cases, just by disabling WPS from your original router's firmware/interface is not enough, as it is still active, just not (that) responsive. If you really need to harden your security, you should try (see if it's possible at all) to disable it logging into the router's ssh. If you have an "unbrickable" router (one that has a "second bootloader"), try to delete the entire wps related files from the router via ssh. I did it many times (some never boot after, so this is why you need this second bootloader, to upload a new firmware file and restore your router). Yeah, it logs some errors when it boots, I personally don't care. Some custom firmware even allows to to change the WPS button functionality, like it will disable WIFI, that's very nice. You can also consider changing your router's firmware with dd-wrt-like firmware (or Merlin if you have an Asus). But, as with every other custom stuff, there are risks. But if you take them, an entirely different world opens in front of you, you can turn your $50 router into a $500 one. But this is really advanced, you may also brick your router if you don't do it exactly as it needs to be done. You can also open an isolated guest network with N compatibility on 5GHz as well, but if you have another router or firewall before the wireless one, make sure you also isolate the firewall's subnet(s) on the guest wifi network and allow only internet access. All routers guest isolation refers only to the wifi router's internal subnets, not the one before it. Another thing to do, but again it depends on the router, is to disable the isolated guest network when you don't need it with a mobile client because it's extremely convenient, fast and easy (and re-enable it when needed). Asus has a nice mobile client for their newer routers. Going even further for the paranoid, you should build your own firewall and put it before the wifi router (like pfsense) and use that to secure your entire network. Disable file and printer sharing, network discovery on all your devices and on all profiles, connect to the internet always using a VPN etc. etc. etc. :) Update 1: one thing the user never does, is to [B]regularly[/B] update their firmware, not just when he buys the router. Most of them forget this part :) Update 2: never ever browse the internet without https while on WIFI Update 3: Always use a VPN on your phone, more so if you connect to public WIFI networks [/QUOTE]
Insert quotes…
Verification
Post reply
Top
