Thank you SO much Lee, as always I so appreciate all your help. John
> On Jul 24, 2016, at 1:16 PM, Lee Larson <[email protected]> wrote: > > On Jul 24, 2016, at 11:49 AM, John Robinson <[email protected] > <mailto:[email protected]>> wrote: > >> Also, he says to protect himself he has one Router behind another…I am sure >> the first is sent in bridge mode, which then goes to the second router…. >> >> To those who know, is this a viable effort to thwart the bad guys? Is there >> an advantage to this for safety? > > There are lots of opinions on this. The real security geeks argue for three > routers in a Y configuration. I think one good router, configured properly, > is enough for most people. By a good router, I don’t mean one of those > $40-off-the-shelf ones from Walmart. The firmware on them is usually pretty > crappy and it’s never updated after problems are found. Here’s what I look > for: > > (1) The router should have a guest mode for the WiFi. The guest mode is > actually an entirely separate subnet and the router keeps the two subnets > from talking to each other. I put all my visitors and some IoT devices on the > guest network. (My regular network is on 192.168.0.x and the guest network is > on 10.0.0.x.) > > (2) Set up a gnarly administrator password. When I sit on the deck with my > laptop, I can see a dozen or so neighbors’ WiFi networks. Several of them > have never configured their routers. You can usually tell this because they > still have SSIDs like Linksys or Belkin. Of course I logged into them with > the default passwords <http://www.routerpasswords.com/> as an experiment and > was able to access three. I don’t know whose they are and last time I looked > they’re still there. > > (3) Use at least WPA2 encryption and have good passwords. > > (4) For the most part, I don’t open any ports to run services. The only > external connection to my main network is through SSH on port 22, and that’s > going straight into my Linux machine, which is pretty tightly locked. I check > it by running Shields Up <https://www.grc.com/shieldsup>. > > (5) Turn off PnP. > > (6) My router setup cannot be configured remotely and even locally it has a > pretty extreme password.. > > (7) I regularly check for router firmware updates. (Actually, the router > firmware does this for me.) > > >> I have written to ask him if there is any degradation in speed, I have yet >> to hear. > > I used to do this and there is no noticeable slowdown. > > L^2 > _______________________________________________ > MacGroup mailing list > Posting address: [email protected] > Archive: <http://www.mail-archive.com/[email protected]/> > Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
_______________________________________________ MacGroup mailing list Posting address: [email protected] Archive: <http://www.mail-archive.com/[email protected]/> Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
