Jump to content

Router security help

japotaku
 Share
Go to solution Solved by Akolyte,
30 minutes ago, japotaku said:

Thanks this was very helpful. but just one final thought , even if i use say a subnet of 255.255.255.128 on my  router how is it going to stop someone whose router is set as 255.255.255.0  to access devices on my router. 

Technically, it's not.  But anyone accessing the AP on a subnetwork assigned a 25 bit subnet (255.255.255.128) is not going to be able to access the 24 bit subnetwork.  If someone connects another router to your network attached to the network with a 24 bit subnet and attaches an access point to that they could technically access the subnetwork or attaches a computer to the router or AP that is on the subnetwork with the subnet mask consisting of 24 bits.  

 

But that is where your security measures come in.  Physically secure the primary router that all your personal devices will be on by putting it in a locked closet or disabling the ethernet ports that are not being used and then protecting the admin console with an IP filter to only devices assigned a specific IP address (and possibly also MAC address) can access the router console. 

 

This is what I do on my router at home.  If I were you, I wouldn't be concerned.  As unless someone had access to the AP via Ethernet (disable the port or use MAC filtering) or physical access to the router they would be unable to change anything.  I suggest just using subnetting as your security and branch out from there if needed. 

Most consumer home routers lack a lot of security features or management features used in larger networks.  Don't worry about securing everything down to the very core.  Otherwise you might as well enable WPA 2 enterprise and use a RADIUS Authentication server too.  If you don't know what it is, just know it would take more hassle than it is worth for your situation. 

 

You can PM me or post here on LTT if you want any help for any futher issues.  I also see you are new here so I welcome you even though it is late :) 

 

Posted

In short, here's how my home network works -

It is a leased line connection. My wifi router (DLink) is connected as an access point. the same connection has several access points. The network spreads in my whole colony. Is it possible to make it such that devices on my AP cannot be accessed by devices on the other  AP's. 

Spesifically stuff like chromecasts and wireless printers (mainly)....

 

Link to comment
https://linustechtips.com/topic/700252-router-security-help/
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 minutes ago, SCHISCHKA said:

You should each be on a seperate subnet.

Each device should also have its own password feature.

Can you really access other peoples printers and chrome casts?

 

 

nope ... I live in like a joint family colony place .... so its all my relatives ... we decided to get one main network ; it's all on the same subnet .... i'm not sure if it can be changed?

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954834
Share on other sites
Link to post
Share on other sites
Posted

You could subnet the network if you wanted to, that would be the easiest way to do it,

but even easier would be to enable AP isolation, the devices would still be able to access the gateway but would prevent clients on the network from accessing other clients on the network however this might interfere with the chromecast, I haven't tested this out.  

 

You could also use VLANs if your router supports it, and create a VLAN for the router you want to use for the Chromecast to seperate it from the rest of the network, or even better create a VLAN for every access point to seperate them from each other. 

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954838
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, japotaku said:

nope ... I live in like a joint family colony place .... so its all my relatives ... we decided to get one main network ; it's all on the same subnet .... i'm not sure if it can be changed?

They can be changed, but you will need another router.  You said the Dlink router functions as an access point, you should be able to set a subnet mask on it.  

 

But VLANs might be easier if you want to stick to run router.  You can set a VLAN on a port, so the access point is on it's own VLAN such as VLAN1, and then you can set another access point as VLAN2 and so forth.  

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954848
Share on other sites
Link to post
Share on other sites
Posted
  • Author
6 minutes ago, Mike_The_B0ss said:

They can be changed, but you will need another router.  You said the Dlink router functions as an access point, you should be able to set a subnet mask on it.  

 

But VLANs might be easier if you want to stick to run router.  You can set a VLAN on a port, so the access point is on it's own VLAN such as VLAN1, and then you can set another access point as VLAN2 and so forth.  

 

Forgive Me i'm a noob to all this .... so in the settings of my dlink router i change the subnet mask fromm 255.255.255.0 to 255.255.255.1 ? and secondly, i dont think my router has a VLAN option. It is a dir-842

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954876
Share on other sites
Link to post
Share on other sites
Posted
Just now, japotaku said:

Forgive Me i'm a noob to all this .... so in the settings of my dlink router i change the subnet mask fromm 255.255.255.0 to 255.255.255.1 ? and secondly, i dont think my router has a VLAN option. It is a dir-842

A lot of home routers on default firmware don't have options for VLAN.  If you were to use DDWRT or OpenWRT you could probably do that.  Subnetting would work fine though.  And no haha, you can't just do that.  This guy explains it better than I could, I'm just a tech enthusiast.  But subnetting only two networks is litterally an absolute breeze.  After watching the video (if you are new to networking you might have to watch it a couple times) then you should instantly know what to do.  

 

 

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954886
Share on other sites
Link to post
Share on other sites
Posted
  • Author
18 minutes ago, Mike_The_B0ss said:

A lot of home routers on default firmware don't have options for VLAN.  If you were to use DDWRT or OpenWRT you could probably do that.  Subnetting would work fine though.  And no haha, you can't just do that.  This guy explains it better than I could, I'm just a tech enthusiast.  But subnetting only two networks is litterally an absolute breeze.  After watching the video (if you are new to networking you might have to watch it a couple times) then you should instantly know what to do.  

 

 

 

Thanks this was very helpful. but just one final thought , even if i use say a subnet of 255.255.255.128 on my  router how is it going to stop someone whose router is set as 255.255.255.0  to access devices on my router. 

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8954969
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
30 minutes ago, japotaku said:

Thanks this was very helpful. but just one final thought , even if i use say a subnet of 255.255.255.128 on my  router how is it going to stop someone whose router is set as 255.255.255.0  to access devices on my router. 

Technically, it's not.  But anyone accessing the AP on a subnetwork assigned a 25 bit subnet (255.255.255.128) is not going to be able to access the 24 bit subnetwork.  If someone connects another router to your network attached to the network with a 24 bit subnet and attaches an access point to that they could technically access the subnetwork or attaches a computer to the router or AP that is on the subnetwork with the subnet mask consisting of 24 bits.  

 

But that is where your security measures come in.  Physically secure the primary router that all your personal devices will be on by putting it in a locked closet or disabling the ethernet ports that are not being used and then protecting the admin console with an IP filter to only devices assigned a specific IP address (and possibly also MAC address) can access the router console. 

 

This is what I do on my router at home.  If I were you, I wouldn't be concerned.  As unless someone had access to the AP via Ethernet (disable the port or use MAC filtering) or physical access to the router they would be unable to change anything.  I suggest just using subnetting as your security and branch out from there if needed. 

Most consumer home routers lack a lot of security features or management features used in larger networks.  Don't worry about securing everything down to the very core.  Otherwise you might as well enable WPA 2 enterprise and use a RADIUS Authentication server too.  If you don't know what it is, just know it would take more hassle than it is worth for your situation. 

 

You can PM me or post here on LTT if you want any help for any futher issues.  I also see you are new here so I welcome you even though it is late :) 

 

Link to comment
https://linustechtips.com/topic/700252-router-security-help/#findComment-8955138
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×