Network security questions

[wayland64]

So I am a novice when it comes networking I understand the basics but know almost nothing about security. So I will try to make my question as clear as possible. So lately my family has been receiving alerts through Norton security apps on their phones of threats to the network over the last couple weeks it has been "someone is attempting to break into your network." My response is to shut off our main router/modem/switch asap. Give it five minutes and then turn it back on. But today the alert was "someone may be in your network" I proceeded to shut off the entire network for around two hours and then rebooted when I did the alert was gone. So that is the situation I am in. The network is pretty simple there is a router modem switch combo provided by our cable company (Fios) that has a couple of items connected to via wireless. Them from there a secondary router on a separate floor which handles most of the traffic. (this is one alert are being sent about). Ok, so security is extremely important in my household a large of confidential medical files are transferred via wireless to external cloud services. So my main question is how much do we need to be worried about sensitive data being compromised and what can we do to turn our current network into a fortress?

 

PS: every computer has antivirus on it, and under a $1000 USD would be great but willing to go up for rock-solid security

More Info: the router password is updated on both, the firmware is updated and all the connected devices have been verified.

[DarkEnergy]

The first problem is Norton (it's shit). Also, just change your router password if you think someone's in the network who shouldn't be. Aaaand, on you router's page (192.168.1.1 or 10.0.0.1, etc) you should be able to see all connected devices. Verify them. Also, make sure the router's firmware is up to date. 

[wayland64]

the router password is changed on both, the firmware is updated and all the connected devices have been verified. I will update the post with info

[wayland64]

3 minutes ago, DarkEnergy said:

The first problem is Norton (it's shit). Also, just change your router password if you think someone's in the network who shouldn't be. Aaaand, on you router's page (192.168.1.1 or 10.0.0.1, etc) you should be able to see all connected devices. Verify them. Also, make sure the router's firmware is up to date. 

the router password is changed on both, the firmware is updated and all the connected devices have been verified. I will update the post with info

[DarkEnergy]

2 minutes ago, wayland64 said:

the router password is changed on both, the firmware is updated and all the connected devices have been verified. I will update the post with info

Also, make sure the authentication isn't WEP (very easy to get past). Wpa2 is the go to I think. 

[wayland64]

3 minutes ago, DarkEnergy said:

Also, make sure the authentication isn't WEP (very easy to get past). Wpa2 is the go to I think. 

yup wpa2 for sure

[Donut417]

6 minutes ago, wayland64 said:

the router password is changed on both, the firmware is updated and all the connected devices have been verified. I will update the post with info

 

3 minutes ago, DarkEnergy said:

Also, make sure the authentication isn't WEP (very easy to get past). Wpa2 is the go to I think. 

WPA2 is only good if the latest patch solved the security issues. Remember last year WPA2 was kinda broken. To the extend that if you use TKIP an intruder could get on to your WiFi and if you use AES they could view the broadcasts but not actually get on to your network. The issue is there are two ways to penetrate a standard home network. Either you get on to the WIFi. OR you penetrate thru the internet. So you kinda have to determine which is happening. 

 

Here is what I would do:

1. Strong Admin password on router
2. Strong WiFi Key, use no less than AES encryption. 
3. Wire up what you can. The key thing about Ethernet, they have to be jacked in to gain access. 
4. If possible you can isolate your WiFi broadcasts to not interact with your internal network. Many AP/Routers have a isolate AP function. This way anything transmitted on the Wired network would not be accessible via WiFi. 
5. As stated above, check all the devices connected vs devices in the home. The easy way is to do it by mac address, verify every mac address connected to your router to a devices on you network. 
6. Finally make sure all devices on your network are up to date. 

[wayland64]

1 minute ago, Donut417 said:

 

WPA2 is only good if the latest patch solved the security issues. Remember last year WPA2 was kinda broken. To the extend that if you use TKIP an intruder could get on to your WiFi and if you use AES they could view the broadcasts but not actually get on to your network. The issue is there are two ways to penetrate a standard home network. Either you get on to the WIFi. OR you penetrate thru the internet. So you kinda have to determine which is happening. 

 

Here is what I would do:

1. Strong Admin password on router
2. Strong WiFi Key, use no less than AES encryption. 
3. Wire up what you can. The key thing about Ethernet, they have to be jacked in to gain access. 
4. If possible you can isolate your WiFi broadcasts to not interact with your internal network. Many AP/Routers have a isolate AP function. This way anything transmitted on the Wired network would not be accessible via WiFi. 
5. As stated above, check all the devices connected vs devices in the home. The easy way is to do it by mac address, verify every mac address connected to your router to a devices on you network. 
6. Finally make sure all devices on your network are up to date. 

 From what I can tell it is coming through the internet, And unfortunately wiring up the key devices is not possible, so what actions can I take to prevent outside attacks?

[Donut417]

1 minute ago, wayland64 said:

 From what I can tell it is coming through the internet, And unfortunately wiring up the key devices is not possible, so what actions can I take to prevent outside attacks?

Well the router has a built in firewall. That should stop some of it. Maybe a more advanced firewall might help, like something from PFsense. But at the end of the day, if they want in, they will get in. Unless you want to drop a shit load of money and buy enterprise gear, which you then have to figure out how to configure. Also, depending on how you have your second router configured, if your double NATed that also means you have two layers of hardware firewalls between you and the internet. It almost sounds like to me, that you have a device that is comprised on your network. Id advise you to download malwarebytes on all devices you can to verify they are clean. 

 

Also @Pangea2017 makes a great point. If you have IOT devices they are known for being lax when it comes to security. 

[wayland64]

ok thanks i will look into everything you suggested and go from there

[Mornincupofhate]

Norton is basically retarded and you should uninstall it. If someone was trying to "break into your network", your router would be the one alerting you, not your home PC.

You're fine.

[wayland64]

1 hour ago, Donut417 said:

 

WPA2 is only good if the latest patch solved the security issues. Remember last year WPA2 was kinda broken. To the extend that if you use TKIP an intruder could get on to your WiFi and if you use AES they could view the broadcasts but not actually get on to your network. The issue is there are two ways to penetrate a standard home network. Either you get on to the WIFi. OR you penetrate thru the internet. So you kinda have to determine which is happening. 

 

Here is what I would do:

1. Strong Admin password on router
2. Strong WiFi Key, use no less than AES encryption. 
3. Wire up what you can. The key thing about Ethernet, they have to be jacked in to gain access. 
4. If possible you can isolate your WiFi broadcasts to not interact with your internal network. Many AP/Routers have a isolate AP function. This way anything transmitted on the Wired network would not be accessible via WiFi. 
5. As stated above, check all the devices connected vs devices in the home. The easy way is to do it by mac address, verify every mac address connected to your router to a devices on you network. 
6. Finally make sure all devices on your network are up to date. 

is there a hardware or software solution that I can use to further my network security

[LAwLz]

Do you have any other info than the message saying someone is trying to break into your network? It's hard to tell you what to do without even knowing what the issue is. It could just be a false positive from Norton. 

For example it could be Norton detecting the same SSID from two different routers, and assuming it is a rogue AP. 

[Lurick]

6 hours ago, wayland64 said:

is there a hardware or software solution that I can use to further my network security

 

I know what the issue is. A buddy of mine is having the same issue with his app on the phone. It's not someone trying to break into the network it's the Norton app being garbage and coded wrong.

 

One of the triggers is when you roam between access points or roam far away and drop off for a split second and reconnect it will give you that message. If the SSID channel changes it can trigger it as well. There are other triggers as well but if you search around a recent update pushed out by Norton is causing these issues.