Small Home Private Network Setup

[Guest]

Hi, so I've been holding off for a while on doing my home network and it's fairly small, it just needs to connect like three devices. Phone, laptop, a desktop and a Mac Mini. I was just wondering, what can I do to make this secure as possible? Using WiFi and ethernet connections (obviously). 

[Enderman]

secure against what?

[Guest]

secure against what?

Someone that would try and break into my network to get at my files and data? 

[EposVox]

Don't let people access your ethernet ports and keep your wifi key secure & complex.

[Altecice]

Someone that would try and break into my network to get at my files and data? 

 

the usual things such as using WPA2 for the password settings. Changing off the default router SSID (network name) is what you should be doing..... If you want to add more security then opt to not broadcast your SSID, Turn off the WPA function (if it has it)

[Joegeddon]

Make sure your Wi-Fi is encrypted with WPA-2. That's about it.

[Guest]

Don't let people access your ethernet ports and keep your wifi key secure & complex.

Obviously, I meant the higher up teir stuff like what kind of security protocols and etc.. Like WPA II

[Guest]

the usual things such as using WPA2 for the password settings. Changing off the default router SSID (network name) is what you should be doing..... If you want to add more security then opt to not broadcast your SSID, Turn off the WPA function (if it has it)

Okay so no WPA, but what about WPA II/ WPA 2?

[Altecice]

Okay so no WPA, but what about WPA II/ WPA 2?

 

Same thing. You want to be using WPA-2 personal.

[Guest]

Same thing. You want to be using WPA-2 personal.

But why turn it off as you said? Was it a miss type or typo or something? 

[Enderman]

Someone that would try and break into my network to get at my files and data? 

um, who?

like, do you have enemies next door?

 

seriously, unless you give someone your wifi password, nobody is going to get your files and data (other than the government of course)

[Guest]

um, who?

like, do you have enemies next door?

 

seriously, unless you give someone your wifi password, nobody is going to get your files and data (other than the government of course)

Cancer.

[vlamnire]

From a ICT student with a networking systems and design minor try first changing the username and password to remote into the router (don't leave it as admin/password) and set a custom SSID, set it to not broadcast (optional but remember this hides it from the list of anyone searching for a wireless network so you have to manually enter the SSID in whatever device you're connecting with), set the password to a secure one that's WPA2, disable WPS button/function if it has one -- on some routers there is a security risk where a brute-force attack can break the code and connect, if you want to and if it allows you to set up a MAC address whitelist or MAC address filter to only allow the MAC address of your devices to connect so even if someone does somehow get in if they don't have the right MAC address they cannot do anything.  Downside of MAC address filtering is when you get a new device you have to add it to the list via another device before connecting. 

 

Miscellaneous things can include disabling remote management via browser, SSH and Telnet, so it won't allow outside IP addresses to try and connect, turn on your router firewall and review those settings.  If you want ultimate control try seeing if there is an alternative firmware for your router like DD-WRT.

 

For a common evil-doer out there a complex password to connect is sufficient.

[Guest]

-snip

disable WPS? What is that and why should I disable it 

And thank you so much for your amazing response, would Pfsense work okay? I ask this because of your experience, a lot of people seem to like it, just making sure 

[vlamnire]

WPS is that little button on the side of the router that if you almost acts like Bluetooth pairing.  You enter WPS mode on your device and press the button on the router and you're connected with no password.  Some routers have WPS some don't.

[Guest]

WPS is that little button on the side of the router that if you almost acts like Bluetooth pairing.  You enter WPS mode on your device and press the button on the router and you're connected with no password.  Some routers have WPS some don't.

Ohhhhhhhhhh, yes those helpful little things. Thank you for that. I'll be sure to turn them off now I understand how the pairing works with devices using that function, again thank you!

[toms94z71]

I have a guest network setup in my router that I give to friends so they don't have access to the same network all my devices are on.

[.spider.]

set it to not broadcast (optional but remember this hides it from the list of anyone searching for a wireless network so you have to manually enter the SSID in whatever device you're connecting with),[...]  if you want to and if it allows you to set up a MAC address whitelist or MAC address filter to only allow the MAC address of your devices to connect so even if someone does somehow get in if they don't have the right MAC address they cannot do anything. 

At max helpful against super stupid script kiddies 

[Guest]

I have a guest network setup in my router that I give to friends so they don't have access to the same network all my devices are on.

I see, so this network, it coexists long side of the main one? Is it like a different map then and different security sets? Like can you go into detail how that's setup? 

[Guest]

At max helpful against super stupid script kiddies 

I can't tell if you're serious or trolling, but what he said does sound pretty useful, if otherwise please do explain 

[MeshFile]

Take note that some suggestions have adverse effect on compatibility on different generation of wireless devices. Best to just stick with disabling remote management/unnecessary services, WPA2 security with non-default password/management password, disable WPS, secure ethernet port/cable.

 

To be more detailed, disabling SSID broadcast doesn't add any layer of security since its wireless signal is still present; just lacking the SSID part. Any wireless scanners can still see it. Adding MAC Address filtering only increases your setup time when adding new devices and is easily circumvented.

 

Security through secrecy, not obscurity.

[braneopbru]

I can't tell if you're serious or trolling, but what he said does sound pretty useful, if otherwise please do explain 

There's nothing to explain. It's exactly what he said.

 

Those things that you were advised to do are absolutely useless to stop or even slow down anybody who really wants to access your network. Even the biggest retard can download Kali and with a couple of clicks see the name of a hidden SSID.

 

Use WAP2 personal, turn off WPS and stop worrying.

[Guest]

There's nothing to explain. It's exactly what he said.

 

Those things that you were advised to do are absolutely useless to stop or even slow down anybody who really wants to access your network. Even the biggest retard can download Kali and with a couple of clicks see the name of a hidden SSID.

 

Use WAP2 personal, turn off WPS and stop worrying.

Mind explaining how that was useless? 

[braneopbru]

If you read my post, I already did.

 

Any retard can overcome those measures with something like Kali.

 

Doing stuff that is useless and provides no real security will only give you a false sense of security.

 

Not broadcasting your SSID with the hopes that it will stop somebody who wants to break in to your network is about as effective as as putting a piece of paper covering the number in front of your house in the hopes that if a thief can't see the house number, he won't know that's a house there.

[Guest]

If you read my post, I already did.

 

Any retard can overcome those measures with something like Kali.

 

Doing stuff that is useless and provides no real security will only give you a false sense of security.

 

Not broadcasting your SSID with the hopes that it will stop somebody who wants to break in to your network is about as effective as as putting a piece of paper covering the number in front of your house in the hopes that if a thief can't see the house number, he won't know that's a house there.

Oh Kali Linux I see 

 

Well is there any real solution for something like this? I don't understand how someone could break through this kind of stuff, do you have a source or reference maybe or like a video?