Results 1 to 11 of 11

Thread: Router Security

  1. #1
    New Lounger
    Join Date
    Aug 2009
    Location
    Booneville, Arkansas, USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've been told by several sources that using a network router, such as LinkSys or D-Link, in conjunction with the DSL modem makes a PC 'almost' bullet-proof from unsolicited access attempts from the Internet, even if your home LAN is limited to two or three PCs.

    I'm also told that in the case of a wireless router, a strong password/phrase, along with WPA or WPA2 encryption is also a necessity, which seems obvious.

    One individual who works for a local telco tells me that the 192.168.1.1 URL is not generally recognized as a valid IP address as far as receiving pings or other access attempts, even with DHCP or NAT enabled.

    Is any or all of this true?

    Deacon

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    There is some truth in all of this.

    A network router such as LinkSys or D-Link will provide two levels of protection. NAT is a mechanism that hides your private network addresses, so that only a single address is seen on the Internet. This makes it much harder for someone on the Internet to try and attack your computers. A modern router will also include an SPI firewall, which provides much greater protection.

    This will not make your PC bullet proof. It will protect you from most direct external attacks, but not from attacks that are based on you accessing a compromised web site or opening a compromised document.

    A strong pass phrase with WPA or WPA2 encryption is also important because any computer that joins your wireless network will be on YOUR side of the router firewall, and therefore able to directly attack all your computers. WEP encryption is very easy to crack so is of extremely limited use.

    There are some ranges of Internet addresses, including 192.168.1.x, which are reserved for use on private networks. Internet routers will not attempt to pass on packets sent to these addresses, so they can be reused in many different places.

  3. #3
    New Lounger
    Join Date
    Aug 2009
    Location
    Booneville, Arkansas, USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks, Stuart... I knew that accessing a compromised site or document can defeat even the best of protection, but I am a bit more comfortable with the knowledge that my home network addresses are not readily available to strangers. I'm using what I consider to be a strong passphrase, along with WPA2 encryption, and I'm fairly tight with the LinkSys firewall configuration.

    I've learned that nothing related to the Internet is absolutely bullet proof...

    Thanks for your prompt response to my query... deacon

    [quote name='StuartR' post='790273' date='22-Aug-2009 11:51']There is some truth in all of this.[/quote]

  4. #4
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,420
    Thanks
    33
    Thanked 195 Times in 175 Posts
    [quote name='deacon37' post='790284' date='22-Aug-2009 19:57']Thanks, Stuart... I knew that accessing a compromised site or document can defeat even the best of protection, but I am a bit more comfortable with the knowledge that my home network addresses are not readily available to strangers. I'm using what I consider to be a strong passphrase, along with WPA2 encryption, and I'm fairly tight with the LinkSys firewall configuration.

    I've learned that nothing related to the Internet is absolutely bullet proof... [/quote]
    Why not try the Shields Up program that Stuart mentions in another thread? (about half-way down the webpage)
    BATcher

    Time prevents everything happening all at once...

  5. #5
    New Lounger
    Join Date
    Aug 2009
    Location
    Booneville, Arkansas, USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've used several of Steve Gibson's utilities, including ShieldsUp and LeakTest... when I run ShieldsUp with my ZoneAlarm firewall, it tells me that all of my ports (the first 1,056 at least) are stealthed... Although I've seen a few critical comments about his work, there are a great many more that praise his work... I'm convinced that he knows what he's talking about!

  6. #6
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,420
    Thanks
    33
    Thanked 195 Times in 175 Posts
    [quote name='deacon37' post='790352' date='23-Aug-2009 12:50']Although I've seen a few critical comments about his work, there are a great many more that praise his work... I'm convinced that he knows what he's talking about! [/quote]
    He tends to demonstrate and encourage prejudice - his own and other people's! He is very definite that he is correct at all times, for example. This is unlikely to be the case.

    But, hey, Steve Ballmer and Steve Jobs exhibit much the same traits!
    BATcher

    Time prevents everything happening all at once...

  7. #7
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post
    [quote name='BATcher' post='790369' date='23-Aug-2009 10:33']He tends to demonstrate and encourage prejudice - his own and other people's! He is very definite that he is correct at all times, for example. This is unlikely to be the case.[/quote]
    Now I wonder where Gibson or I have gone wrong... Prompted by Hans' action, I just ran Shields Up again as I have in the past. It reports that I'm all stealth except for Port 113.

    Well, per instructions from the GRC site a LONG time ago, I have port 113 forwarded to a non-existent address in my 192.168.x.x range and I would swear that it was stealth when I first did it. Anyone know why it's not any longer?

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Do you have ZoneAlarm as firewall? According to the section near the end of GRC | Port Authority, for Internet Port 113, ZoneAlarm handles port 113 intelligently.

    Since you had already initiated a connection with grc.com, ZoneAlarm allowed it to "see" port 113. Packets from another site are dropped.

  9. #9
    New Lounger
    Join Date
    Aug 2009
    Location
    Booneville, Arkansas, USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='BATcher' post='790369' date='23-Aug-2009 09:33']. . . .
    But, hey, Steve Ballmer and Steve Jobs exhibit much the same traits![/quote]

    [chuckle] Several folks I know have those traits!

  10. #10
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post
    [quote name='HansV' post='790375' date='23-Aug-2009 11:11']Do you have ZoneAlarm as firewall? According to the section near the end of GRC | Port Authority, for Internet Port 113, ZoneAlarm handles port 113 intelligently.[/quote]
    No, I use Comodo firewall. Maybe that's why, for I used to use ZA way back when. At any rate, this text is STILL on his site and this is what I did a long time ago:
    The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status.
    Evidently it doesn't work any more and I don't see a need to buy a new router or change firewall, so I guess I'll live with it. I've been exploring Linksys site for possible firmware upgrades, but that's a real zoo and I think I'll bide my time...

  11. #11
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    [quote name='Bigaldoc' post='790394' date='23-Aug-2009 23:10']I think I'll bide my time...[/quote]
    I agree, I don't think this is a serious problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •