On Jul 24, 2016, at 11:49 AM, John Robinson <[email protected]> wrote:
> Also, he says to protect himself he has one Router behind another…I am sure > the first is sent in bridge mode, which then goes to the second router…. > > To those who know, is this a viable effort to thwart the bad guys? Is there > an advantage to this for safety? There are lots of opinions on this. The real security geeks argue for three routers in a Y configuration. I think one good router, configured properly, is enough for most people. By a good router, I don’t mean one of those $40-off-the-shelf ones from Walmart. The firmware on them is usually pretty crappy and it’s never updated after problems are found. Here’s what I look for: (1) The router should have a guest mode for the WiFi. The guest mode is actually an entirely separate subnet and the router keeps the two subnets from talking to each other. I put all my visitors and some IoT devices on the guest network. (My regular network is on 192.168.0.x and the guest network is on 10.0.0.x.) (2) Set up a gnarly administrator password. When I sit on the deck with my laptop, I can see a dozen or so neighbors’ WiFi networks. Several of them have never configured their routers. You can usually tell this because they still have SSIDs like Linksys or Belkin. Of course I logged into them with the default passwords <http://www.routerpasswords.com/> as an experiment and was able to access three. I don’t know whose they are and last time I looked they’re still there. (3) Use at least WPA2 encryption and have good passwords. (4) For the most part, I don’t open any ports to run services. The only external connection to my main network is through SSH on port 22, and that’s going straight into my Linux machine, which is pretty tightly locked. I check it by running Shields Up <https://www.grc.com/shieldsup>. (5) Turn off PnP. (6) My router setup cannot be configured remotely and even locally it has a pretty extreme password.. (7) I regularly check for router firmware updates. (Actually, the router firmware does this for me.) > I have written to ask him if there is any degradation in speed, I have yet to > hear. I used to do this and there is no noticeable slowdown. L^2
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ MacGroup mailing list Posting address: [email protected] Archive: <http://www.mail-archive.com/[email protected]/> Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
