Thank you for your posts on security. It is particularly useful to those of us just setting up networks on wireless routers for the first time.
The board you cited also had the following entry which seems a bit ominous
==============================================
There are ways to exploit the NAT layer its self. Consider strict source based routing? You can get into the lan that way. And there are a ton of other ways to nail the network. IF the NATing router is hacked then ANYTHING on your network is open and free avaliable to the attackers. Yes I CAN be a single point of entry, but hey how can you be totaly sure?
NAT can be usefull is protecting other resources, somewhat, but with my own network I don't trust it to secure my network. Even though my firewall drops all incoming except some specific ports, and doing NAT for my network, I sill dont trust it to lock my network down.
As SGT_B said.. its a NETWORKING tool, not a security tool. There are many many ways to get past a NAT firewall, and explore you entire internal network. Source routing is just one of the many many ways. Some system will still NAT fragments, the Various "stealth" scans and a host of numerous other ways.
Yes, NAT when implimented on a properly secured firewall can be helpfull is securing you system.. I sill look at it as a router with an attitiude and a miserable attempt to hide the internal network configuration.
==========================================================
I recently purchased the MR814 Netgear router which I noticed was recommended on this board several times. It's cheap and seems to work well. Setup was ok with my only real complaint getting through to service which is located in India and, to some extent, my own problems with understanding English with an Indian flavor.
In any event, I had a question about set up and security. From reading here and on other boards you cited, it seems that this router has several layers of what might be deemed "security." I'm trying to learn the basics so please correct me if I am wrong or confused or both.
The NAT system is considered a physical firewall because once it is set up a hacker really can only see the router. My question here is there any setting I need to confirm this or is it built in?
The next level of protection is to change the name of the network from the default to my own network.
Next there is a password as you stated which is changed from the default "administrator."
Next there is the ability to only allow computers to connect after registering their "MAC" address. This was surprisingly simpler to do than I thought as the program recognized the computer trying to get on to the new network.
Finally, I think, is the WEP encryption. I had a bit of a hard time setting that up. With the help of the Indian gentleman mentioned above, I was successful but after an hour or so wait on the phone. He recommended not using the highest level of encryption (256K I think) but rather the intermediate one of 128K (I think.) He suggested that the highest level of encryption would slow down the network too much and that this was more than sufficient. Any comments?
He also suggested I use the manual key method rather than the automatic one in setting up the encryption and he went through those steps with me.
I am also using ZAP and also NAV 2003. I have the MS firewall on also but that seems to be pretty invisible never giving any messages. However, I did test it on the Shields Up and without ZAP on, it did give a perfect reading.
Do I have too many "firewalls?" Netgear also offered a free firewall by a company I had never heard of but I figured I was "covered" at that point.
I welcome any comments or suggestions and thanks again. |
