Home Network Security

[Guest]

Hey All, I am wanting to secure my home network against unathourized access (i.e. my teenage boys snooping in places they shoudn't on the web) Wireless security is easy. Their personal computer accounts have internet access blocked. But, what keeps someone from unplugging the ethernet cable from my wireless access point or my own computer and plugging a laptop or other device on the network and gaining access that way? Is a server the only way to protect the network? Is there a switch or router that has some type of protection similar to the encryption key that you have to have to gain access to a wireless network?

 

[Guest]

If possible place the router in a cupboard and lock it.

 

[KingArcher]

For first part of your question,

what keeps someone from unplugging the ethernet cable from my wireless access point or my own computer and plugging a laptop or other device on the network and gaining access that way? Is a server the only way to protect the network?

You need physical access protection.
For instance like Filhart said, you could lock it in a cupboard. But that would also affect cooling and wireless signal strength and range.
The other option is to lock the room that has the modem + router installed so that there is no physical access to the LAN cables.

[joke] You can train a dog to watch the lan cables on the back of your computer and modem + router so that no one touches them.

For the 2nd part of the question

Is there a switch or router that has some type of protection similar to the encryption key that you have to have to gain access to a wireless network?

What you need is content filtering setup based on user account
For example the new NETGEAR routers come with "Live Parental Control" software that works with the router to control access.
here's a link that might explain it better.

http://powershift.netgear.com/lpc

 

[Guest]

Yes, I can lock the router, but what about the exposed ethernet connections? A "friend" could easily connect a laptop to any ethernet port and have full access to the internet.

 

[Catsrules]

I would filter internet by MAC addresses aka Physical addresses this it a unique address that is built in every network card, any thing that connect to something else over Ethernet has a mac address, Laptop, desktop, Wii PS3 Xbox, iTouche ect. Your router should be able to filter out those addresses, or better yet only accept the ones your enter in. For example, your would enter in your computer MAC address to the router and tell it to block every one else. No matter where you plug your computer in it will always have access, and no matter where anyone else plugs there device in they will be blocked.
Warning on laptops most laptops have a wired connection as well as a Wireless connection. these to two separate network card so they have two separate mac addresses for each of the cards.

How is your network setup, it is two boxes one a modem and the other is the wireless router or is it just one box that does everything?
If it is two separate boxes, I would call your ISP up and ask them if they can filter mac addresses on the modem side to only allow your wireless router to connect up. That way even if they unplug the router and plug a device in directly to the modem by passing the router and it's mac filtering you still have the modem filtering Mac addresses as well.
What type of router do you have, i will see if I can download a manual for it, to see if it supports Mac filtering.

 

[Guest]

Catsrules wrote: "No matter where you plug your computer in it will always have access, and no matter where anyone else plugs there device in they will be blocked."

Unfortunately on the routers I've used, MAC filtering only applies to wireless. But it's worth checking on the router you have.

 

[Catsrules]

Yeah I have two routers one is a Netgear WNR3500 and the other is a Linksys WRT54GS. I know the Linksys can do it. but so far I haven't see anything about it on the netgear, you can filter out IP addresses but not MAC .
If you have a old PC sitting around I would look at.
www.untangle.com.
Basically it is a make a business class router out of a PC. And you can do all sorts of "fun" stuff with it. I am sure it will have something to block internet. I think you can set it up so when you go to the internet it will ask for a user name and password. That is what I have been using as a home router for a half a year now

 

[Catsrules]

Update well I sorta found a work around for the netgear it isn't the best way to do it but here it goes. On this router it can assingn ip addresses based on a Mac address, so every one will be assign the same ip everytime they connect to that router. All you need to do it to add there Mac addresses to the assigned list and block that ip they were given. Or you could go the orther way add your computers Mac address and block every other address on the network

 

[lihuahellen]

Hey All, I am wanting to secure my home network against unathourized access (i.e. my teenage boys snooping in places they shoudn't on the web) Wireless security is easy. Their personal computer accounts have internet access blocked. But, what keeps someone from unplugging the ethernet cable from my wireless access point or my own computer and plugging a laptop or other device on the network and gaining access that way? Is a server the only way to protect the network? Is there a switch or router that has some type of protection similar to the encryption key that you have to have to gain access to a wireless network?

Almost all routers and access points have an administrator password that's needed to log into the device and modify any configuration settings. Most devices use a weak default password like "password" or the manufacturer's name, and some don't have a default password at all. As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else. You may not use this password very often, so be sure to write it down in a safe place so you can refer to it if needed. Without it, the only way to access the router or access point may be to reset it to factory default settings which will wipe away any configuration changes you've made.
We strongly recommend the use of some type of firewall product, such as a network appliance or a personal firewall software package. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.

 

[Guest]

I think you're overlooking the fact that we adults are mere amateurs at this stuff while kids are hardwired with the technology.

I'll stick with good old locked cupboards and maybe the threat of a clip round the ear.

 

[riser]

Disable DHCP, static IP address your computer. Change the IP address of the router from a default of 192.168.1.1 or 192.168.0.1 to something like 192.168.1.108.

In order to find the IP address they would need to do a ping sweep. On top of that, they would also need to know the DNS servers in order to access the internet.

 

[blackhawk1928]

^Exactly what I was thinking. Some companies also have an application that is like an octopus and it basically controls the entire network from physical and wireless access. Its called NAC. Maybe there is free home edition?. Also if you want to filter which website they go to, make a server, maybe a DMZ host and have it connected straight to your modem. All your other connections will go through your server and you can set up third party applications to filter content. In addition some routers have built in control panels that you access through your browser by typing its IP address (usually 192.168.1.1). Through the control panel see if you can set based on MAC address (or maybe set your DHCP to give IP address to only certain devices...if your teenagers laptops have no IP address provided by DHCP...no internet access) which devices can be plugged in for access, if any other device is plugged in, it will be blocked. If this works all you have to do is set a good password on your server and your system will be secure both virtually/wirelessly and physically from any breach or hack attempt. Tell your teenage boys to try and hack it somehow and it will keep them occupied at least (Joke).

 

[Catsrules]

^Exactly what I was thinking. Some companies also have an application that is like an octopus and it basically controls the entire network from physical and wireless access. Its called NAC. Maybe there is free home edition?. Also if you want to filter which website they go to, make a server, maybe a DMZ host and have it connected straight to your modem. All your other connections will go through your server and you can set up third party applications to filter content. In addition some routers have built in control panels that you access through your browser by typing its IP address (usually 192.168.1.1). Through the control panel see if you can set based on MAC address (or maybe set your DHCP to give IP address to only certain devices...if your teenagers laptops have no IP address provided by DHCP...no internet access) which devices can be plugged in for access, if any other device is plugged in, it will be blocked. If this works all you have to do is set a good password on your server and your system will be secure both virtually/wirelessly and physically from any breach or hack attempt. Tell your teenage boys to try and hack it somehow and it will keep them occupied at least (Joke).

www.untangle.com/ would do what your are talking about. you just need a computer with two networks card and willing to run it 24/7 (or how every long your want you network up)

 

[blackhawk1928]

Well I mean, I don't see whats wrong with running a PC 24/7...last time I rebooted my computer was like 20+ days ago for a windows update. Other then that its on 24/7. And my home server is also on 24/7...hence...a server.

 

[Catsrules]

Well I mean, I don't see whats wrong with running a PC 24/7...last time I rebooted my computer was like 20+ days ago for a windows update. Other then that its on 24/7. And my home server is also on 24/7...hence...a server.

Yeah I know some people that it just kills them to leave something running when it is not in use.
but i am fine with it, I have my server and Untangled computers on 24/7 as well.

 

[blackhawk1928]

It causes more damage to a computer from constant turning off and on from thermal expansion/contraction then it does to leave it on. Plus with modern hardware being 45nm and less...and being extremely efficient, PC's take really low energy. Plus winodws 7 (and probably others) has options for USB suspending, shutting down drives...etc. So on idle when not in use a well made PC can take well under 100watts...and I mean well under.