Re: router security

---

• From: Robert Holtzman <holtzm@xxxxxxx>
• Date: Sun, 24 May 2009 13:13:38 -0700 (MST)

---

On Fri, 22 May 2009, NoOp wrote:

On 05/22/2009 04:53 PM, Robert Holtzman wrote:

I'm running a Linksys wireless router with wpa encryption for my
laptop and a desktop is hardwired into it. I'm wondering how
secure the wired connection is in as much as wireless isn't
involved. It seems as though the wired connection wouldn't be
secure if the router got cracked. The router has a 64 hex character
passphrase.

Anyone knowledgeable have any thoughts on this?

In addition to what has already been posted: I think that simple common
sense security actions will keep you safe for the time being.

For simplicity sake:
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
My comments added to the titles.

1. Change Default Administrator Passwords (and Usernames)
[you'd be surprised how many people neglect this simple step]
2. Turn on (Compatible) WPA / WEP Encryption
[whatever you do, don't touch WEP and *only* use WPA]
3. Change the Default SSID
[again a simple step - not really much use IMO but easy to do]
5. Disable SSID Broadcast
[won't do much of anything as a cracker will find you anyway]
6. Do Not Auto-Connect to Open Wi-Fi Networks
[goes without commenting]
7. Assign Static IP Addresses to Devices
[excellent advise]
8. Enable Firewalls On Each Computer and the Router
[goes without commenting]
9. Position the Router or Access Point Safely
[tin hats... but not really a bad suggestion]
10. Turn Off the Network During Extended Periods of Non-Use
[execellent suggestion -- don't leave home for vacation with it on]

11. Follow info in https://help.ubuntu.com/community/Security
12. Look into changing default ports that you leave open for services
such as vnc, ssh, etc., it won't keep a determined cracker out, but it
will make it harder for them.
13. Keep the firmware in your router up-to-date & make a habit of
checking the router logs on a regular basis. Also make sure that you
bookmark and check the router vendor forums, support sections, and
update pages, and check them on a regular basis.
14. Be security conscious... sounds silly doesn't it? Don't be paranoid,
but just think of your network as an open house invitation for your home
advertised on craigslist or ebay. Once advertised, someone is liable to
test the locks on the front door, the back door, windows, etc. Just as
you'd take the most basic measures to protect your house and your
personal security, do the same for your network.
- Don't advertise too much
- Secure the locks that you have and add more if needed. Test them on a
regular basis
- Close windows & doors if you are not using them & don't leave the
garage door open so that anyone passing by can see from the street
- Keep in touch with local crime, neighorhood watch, and the local
police (remember this part is analogous to computer security)

I already have most everything on your list implemented with the
exception of #'s 3,5,and 7. 3 and 5, as you observed, give you very
little, if anything. Being a noob with networks, I don't know how to
accomplish #7. Any pointers/links/docs etc?

The only real problem is the firewall. I use Firestarter and if I try to
run it on the laptop with the desktop connection shut down Firestarter
refuses to start. The error message is

The device eth0 is not ready,
Please check your network device settings and make sure your
internet connection is active.

I sent an email to Firestarter support but it's too soon for a reply.
Again eth0 being offline is intentional, at least until I research
fail2ban and iptables further. Any other thoughts welcome.

Thanks again for your time.

--
Bob Holtzman
AF9D 8760 0CFA F95A 6C77 E125 BF90 580F 8D54 9279
"If you think you're getting free lunch,
check the price of the beer"

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

---

• Follow-Ups:
  • Re: router security
    • From: NoOp
  • Re: router security
    • From: scott

• References:
  • router security
    • From: Robert Holtzman
  • Re: router security
    • From: NoOp

• Prev by Date: Re: Binary incompatibility of Linux distributions
• Next by Date: Re: UbSvr Software RAID
• Previous by thread: Re: router security
• Next by thread: Re: router security
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: router security ... It seems as though the wired connection wouldn't be ... secure if the router got cracked. ... Turn Off the Network During Extended Periods of Non-Use ... (Ubuntu) Re: router security ... secure if the router got cracked. ... Turn Off the Network During Extended Periods of Non-Use ... test the locks on the front door, the back door, windows, etc. ... (Ubuntu) Re: sharing files between to private networks in the same building ... way for a network to be isolated and secure is by not connecting it to ... It is secure but pretty limited. ... If you connect two networks with a router they become essentially one ... I understand your point with regard to isolated/secure. ... (microsoft.public.windows.server.networking) Re: BT Fusion Subnet Confusion ... one wireless network normally called something like BT ... Business Hub the other BT Fusion, the 1st is secured by WEP and the ... network mask as the ethernet ports on the router. ... swap it to something more secure through the web interface of the ... (uk.telecom.broadband) Re: lost router password--query ... with a linksys router. ... remember how to do settings and I also lost the password to change any ... wired connection to the router also, but I assume this will not effect ... I assume it will stay say secured network and I will be unable ... (microsoft.public.windowsxp.network_web)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)