router security

Robert Holtzman holtzm at cox.net
Sun May 24 20:13:38 UTC 2009 

On Fri, 22 May 2009, NoOp wrote:

> On 05/22/2009 04:53 PM, Robert Holtzman wrote:
>> I'm running a Linksys wireless router with wpa encryption for my
>> laptop and a desktop is hardwired into it. I'm wondering how
>> secure the wired connection is in as much as wireless isn't
>> involved. It seems as though the wired connection wouldn't be
>> secure if the router got cracked. The router has a 64 hex character
>> passphrase.
>>
>> Anyone knowledgeable have any thoughts on this?
>>
>
> In addition to what has already been posted: I think that simple common
> sense security actions will keep you safe for the time being.
>
> For simplicity sake:
> http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
> My comments added to the titles.
>
> 1. Change Default Administrator Passwords (and Usernames)
> [you'd be surprised how many people neglect this simple step]
> 2. Turn on (Compatible) WPA / WEP Encryption
> [whatever you do, don't touch WEP and *only* use WPA]
> 3. Change the Default SSID
> [again a simple step - not really much use IMO but easy to do]
> 5. Disable SSID Broadcast
> [won't do much of anything as a cracker will find you anyway]
> 6. Do Not Auto-Connect to Open Wi-Fi Networks
> [goes without commenting]
> 7. Assign Static IP Addresses to Devices
> [excellent advise]
> 8. Enable Firewalls On Each Computer and the Router
> [goes without commenting]
> 9. Position the Router or Access Point Safely
> [tin hats... but not really a bad suggestion]
> 10. Turn Off the Network During Extended Periods of Non-Use
> [execellent suggestion -- don't leave home for vacation with it on]
>
> 11. Follow info in https://help.ubuntu.com/community/Security
> 12. Look into changing default ports that you leave open for services
> such as vnc, ssh, etc., it won't keep a determined cracker out, but it
> will make it harder for them.
> 13. Keep the firmware in your router up-to-date & make a habit of
> checking the router logs on a regular basis. Also make sure that you
> bookmark and check the router vendor forums, support sections, and
> update pages, and check them on a regular basis.
> 14. Be security conscious... sounds silly doesn't it? Don't be paranoid,
> but just think of your network as an open house invitation for your home
> advertised on craigslist or ebay. Once advertised, someone is liable to
> test the locks on the front door, the back door, windows, etc. Just as
> you'd take the most basic measures to protect your house and your
> personal security, do the same for your network.
> - Don't advertise too much
> - Secure the locks that you have and add more if needed. Test them on a
> regular basis
> - Close windows & doors if you are not using them & don't leave the
> garage door open so that anyone passing by can see from the street
> - Keep in touch with local crime, neighorhood watch, and the local
> police (remember this part is analogous to computer security)

I already have most everything on your list implemented with the 
exception of #'s 3,5,and 7. 3 and 5, as you observed, give you very 
little, if anything. Being a noob with networks, I don't know how to 
accomplish #7. Any pointers/links/docs etc?

The only real problem is the firewall. I use Firestarter and if I try to 
run it on the laptop with the desktop connection shut down Firestarter 
refuses to start. The error message is

The device eth0 is not ready,
Please check your network device settings and make sure your
internet connection is active.

I sent an email to Firestarter support but it's too soon for a reply. 
Again eth0 being offline is intentional, at least until I research 
fail2ban and iptables further. Any other thoughts welcome.

Thanks again for your time.

-- 
Bob Holtzman
AF9D 8760 0CFA F95A 6C77  E125 BF90 580F 8D54 9279
"If you think you're getting free lunch,
  check the price of the beer"

More information about the ubuntu-users mailing list