Can someone breach into my lan if my wireless is off?

[guardian_77]

Hello,

So is it possible in any way to gain access to my home network?

My wireless if off, I never use it.

I have loads of files that are shared across between my computers on the network.

Should I take some precautions in order to secure my home network?

 

[eibgrad]

If you're using a router, it’s protecting your local network from intrusion over its WAN port and associated firewall. In theory, if the firewall was coded perfectly, intrusion would not be possible. But nothing's perfect and vulnerabilities, while extremely remote, are always a theoretical possibility.

Also, each time you open/forward ports on your router's firewall, that opens the door to exploiting potential vulnerabilities with the services associated w/ those ports. So keep your ports closed unless absolutely necessary.

And since some applications can open ports automatically behind your back using UPnP (Universal Plug N Play), you might want to make sure that feature is disable on the router (of course, that could complicate things you want to have UPnP access, like gaming consoles). When you do open/forward ports, keep them open only as long as necessary. And never use the same ports externally as internally (e.g., if you have an SSH server using port 22 internally, make it something unexpected externally, like 34609).

That’s why I tell ppl NOT to use applications like RDP for remote access. It requires opening the RDP ports. But if you use something like LogMeIn or TeamViewer, these are services that do not open INBOUND ports. Instead they initiate connections from inside your network and use those same connections to handle inbound requests! In fact, if you want a really safe and flexible remote access solution, use LogMeIn Hamachi and run all your protocols over it (RDP, FTP, HTTP,VNC, Windows file sharing, everything).

Also, I know a lot of ppl who don’t like to use username/passwords for a home network, just too much hassle. But if you do, and someone still gets into your network, it makes it that much harder to do damage.

Frankly, wireless is not anymore of a threat than the router’s WAN if you use a high-quality password (long, random, and based on a large character set, http://www.grc.com/pass ) and use WPA/WPA2. It’s perfectly safe. What gets ppl in trouble is not using wireless security at all, or bad passwords (too short, using dictionary words, etc.).

Can’t cover everything, but those are some of the basics I abide by.

 

[guardian_77]

Is there a tutorial on how to setup Hamachi based home network?

Would this qualify as to what you meant?

http://logmeinwiki.com/wiki/Hamachi:Windows_File_Sharing

Having hamachi to share files over home network(no intention of accessing home lan from remote location) seems, not to say reduntant, but an overkill?

Also I have my router firewall off. I followed uTorrent tutorial on portforward site. I don't download very often, if not at all but I do have a port forwarded for uTorrent on my router that is always enabled yet I don't use it that much. Should I disable the port when I don't download?

My windows firewall is also turned off on all of my machines. Should that be fixed?

(please don't hack me!)

 

[eibgrad]

Using Hamachi assumes you need remote access. But if you don't, then yes, it's irrelevant. But these days it seems almost everyone does need some form of remote access. If not today, some day down the road. So it’s always worth mentioning.

NEVER TURN OFF YOUR ROUTER’S FIREWALL! This is the best protection you have against intrusion. If you also want to use local firewalls (i.e., on the machines themselves), you can certainly do so, but only as an ADDITION to your router’s firewall. Most ppl just find local firewalls too much of a hassle when already protected by the router’s firewall. However, local firewalls do provide protection should something get into your network through another vector (e.g., USB flash drive, visiting guest w/ an infected laptop). So it’s up to you.

 

[palladin9479]

Also do not use 192.168.1.x as your internal IP network, too easy to guess and it removed one of your security layers. A Statefull Packet Inspection firewall (SPI) combined with NAT should reduce your external vulnerability to near zero, provided your not doing silly things like running a web / ftp server from inside your house. If you need remote desktop access then use LogMeIn, its free version is wonderfully secure.

Don't worry about Hamachi, that isn't for home deskop connection, although it can be used for that, its more for creating a VPN without actually setting up OpenVPN yourself.