Replacing my home network with secure options

Mandarb

Mandarb

Active Member
Joined
Sep 20, 2007
Messages
64
Reaction score
8
Hi

I need some advice on replacing my network.
At the moment I have the Telkom Netgear DGN2200MV2 connected to the phone line for ADSL, and a ASUS RT-N16 that my server and three PCs run through. They are connected through WDS. I can't run a cable between the two because of the layout of my flat.

My problem is that the only way to get the WDS working is to use WEP, it won't work with WPA2. I was reminded about how insecure that is today and makes me think I have to make a plan.

Given a budget of +-R2000, what would you guys recommend? I'm thinking either two 802.11n APs with one connected to LAN to the Netgear and replacing the Asus, or a new ADSL router and an AP.
I have enough knowledge and Google-fu to make a more technical solution work.
 
Hide the SSID and only allow your own devices' MAC addresses to connwct.

You want my banking details? :)
 
YingYang said:
Hide the SSID and only allow your own devices' MAC addresses to connwct.

You want my banking details? :)
Click to expand...
That's security through obfuscation, something I want to avoid.

LaraC said:
I’ve asked a similar question, maybe the replies I’ve received could assist you as well.

http://mybroadband.co.za/vb/showthread.php/645090-Is-my-home-network-secure?highlight=
Click to expand...
Thank you, some useful advice there.

LaraC said:
The OP has a device that can only connect with WEP. Maybe it isn't an option to use WPA2 only.
Click to expand...
Indeed, my current devices can't do both WPA2 and WDS, and I have to have WDS or a different option to connect two rooms wirelessly.
 
Mandarb said:
My problem is that the only way to get the WDS working is to use WEP, it won't work with WPA2. I was reminded about how insecure that is today and makes me think I have to make a plan.
Click to expand...

YingYang said:
Hide the SSID and only allow your own devices' MAC addresses to connwct.

You want my banking details? :)
Click to expand...

Almost ten years ago I had the same problem, variety of devices and only WEP + Hiding SSD + MAC address filter was available. So decided to give it a go as our wireless footprint should have been small.

Was cracked by some enterprising antenna waving geek in the Cape Town city bowl which proceeded to blow our cap. Do0s!

So ja, if it's not secure, it's not secure, ok?
 
Consider powerline adapters (i.e. Ethernet over mains): that might enable you to replace the wireless with cables.
 
Try Mikrotik Router (RB2011UiAS-2HnD-IN) with a cheap ADSL modem in bridged mode - a bit more complicated to setup but works like a charm. I only allow known MAC addresses to connect on top of the proper firewall etc. Works like a charm.
 
rrh said:
@LaraC: You might also consider visiting https://www.grc.com/ to run their "ShieldsUP!" test.
Click to expand...

Gosh, that was a bit of a waste because it looks so old. I'm still mucking around with a brand-new Windows laptop with NO Internet Security program installed (just the basic standard Windows 8 firewalls running by default), and ShieldsUp! found absolutely zero flaws in any of its tests (maximum stealth across everything). *shrugs* Maybe modern computers are just a wee bit safer than they were in the good old days?
 
Foxhound5366 said:
Gosh, that was a bit of a waste because it looks so old. I'm still mucking around with a brand-new Windows laptop with NO Internet Security program installed (just the basic standard Windows 8 firewalls running by default), and ShieldsUp! found absolutely zero flaws in any of its tests (maximum stealth across everything). *shrugs* Maybe modern computers are just a wee bit safer than they were in the good old days?
Click to expand...

Steve writes most of his code in assembler, and really can't be bothered about pretty :)

Others might argue that there is better but, in the end, it all boils down to preference. And I - and a lot of other IT professionals that I know - all use ShieldsUP! as a reliable test.
 
Rooikop said:
Try Mikrotik Router (RB2011UiAS-2HnD-IN) with a cheap ADSL modem in bridged mode - a bit more complicated to setup but works like a charm. I only allow known MAC addresses to connect on top of the proper firewall etc. Works like a charm.
Click to expand...
Hmm, that looks good. Maybe a bit hardcore for my needs.

rrh said:
The initial powerline adapters were unbelievably bad. You can now purchase gigabit adapters.
Click to expand...
Problem is finding gigabit ones in ZA. Netgear and TP-Link makes them, but I can't find anyone selling them, including Scoop and Miro. But 500 should be actually plenty, and there's lot of options.
 
LaraC said:
Thank you, I’ve done the test and the result was; “The equipment at the target IP address did not respond to our UPNP probes!” :)
Click to expand...

That's a good start.

Also run the "File Sharing", "Common Ports" and "All Service Ports" tests in the blue block (under the UPnP Exposure Test button).

These should all report that your PC is invisible to the outside world.
 
biometrics said:
Almost ten years ago I had the same problem, variety of devices and only WEP + Hiding SSD + MAC address filter was available. So decided to give it a go as our wireless footprint should have been small.

Was cracked by some enterprising antenna waving geek in the Cape Town city bowl which proceeded to blow our cap. Do0s!

So ja, if it's not secure, it's not secure, ok?
Click to expand...

Quite right: how do you think that they build bot-nets ?

Especially given that most SOHO routers are wide open to external abuse ...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X