Is this a good idea for securing a network?

Hi all,

So I've not been able to get my @#$%^&*('ing Netgear Access Point to work, or, for that matter, been able to access it through its IP address.

So what I've done is go to MAC address filtering and configuring a password for the Fritzbox router (yes, the genius who installed it left it without one ).

So the Netgear remains wiiiiide open. BUT I configured the Fritzbox ROUTER to where the Netgear AP is connected to it by way of an Ethernet cable, but like I said, a password is needed to get into the Fritzbox's configuration utility. I consider this a band-aid solution. How easy is it to break through that password?

I also changed the router's WPA password, and restricted it from accepting any new WLAN devices. I put my new Thinkpad's MAC address in, and deleted my old T60p's MAC, and sure enough, no more getting on the net for that baby.

So...I've changed it to MAC address filtering, changed the WPA password, and assigned the router's config utility a password.

Two questions:

One, take the Netgear AP out of the equation. Isn't this the most secure I can make a router. MAC address filtering is pretty cool. What say you, guys?

Second, being that NO changes were made to the Netgear router, how safe is it to use it for accessing the Internet with it being completely open? The Fritzbox can't be attacked since I put a pw on the config utlity I believe. But if I'm on the Netgear router, other people can still use my network connection even though MAC address filtering is being used, but not on the Netgear AP.

What do you think of this "solution" that isn't really one?

This Netgear thing only has one good thing about it. It looks cute!! It really does. That's the first thing my mom said when I gave it to her.

Besides the two questions, any additional advice is greatly appreciated.

P.S. The Netgear unit is on the same floor, and on the same side of the house as my parents' wood burning fireplace. And it does get cold here now. Hmmmm...

 

My only suggestion is follow this link and choose your model for ...
How to configure a Netgear Access Point

 

Hey Dennis,

Thanks very much for your reply. I could do it myself, but I can't even get into the Netgear AP's config utility. 192.168.0.227 (the supposed address per their instructions), 192.168.1.1 (someone suggested I try this and I did...needless to say to no avail), etc., have all failed me.

 

Did you try accessing the Netgear CP using it's NetBIOS name?

Type it into the browser address bar and hit go.

Obviously, you should be connected directly (wired) to the access point.

 

First - it seems like a good idea now to secure your network
From a security standpoint
Someone can enter your network and cause trouble - you hear all kinds of mythical stories - identity theft etc etc
Bigger problem is nubes computers in your local geographic area accidentally logging on and file sharing. One person I dealt with had a leecher of an unknown neighbour with a Microsoft wireless network card ( can diagnose from mac adress given in the lan status of the router) . This technically minded teenager who refused to turn on the security as it "slowed the xbox down" was shut down by the isp . The bandwidth department reported the bandwidth use the previous month as 200 gig. That was the upload bandwidth measurement only in the previous month. If a remote computer is running 24/7 , even if only at 1 mb numbers can easily add up. If the security had been one the remote computer would not of been able to log on and the problem prevented
In another case I saw- a security minded homeowner would not turn on wep.
A wireless printer had been installed. The installer did not know how to work with the security. Turned it off in the router. In addition the homeowner did not want to tamper with the router out of fear of his daughter ( who had a computer hard wired into the router)
It turned out there were 4 wrt54g routers all set on default settings in this upscale neighborhood. I was able to count 15 devices logging onto the person's network wheras he had only 2 laptops , the printer and the daughter's computer . An extra 11 outside devices over his 4.
One was even a windows 95 wireless equipped computer
Good for whomever set it up.

Recommendations

1) Make sure that your network works completly open for a day or two before going ahead with security
you might want to reset the router to factory defaults and start from scratch

2) Make sure the router is placed high and uncluttered
3) Change the channel from the default channel of 6 to another channel
- the first next picks , which are distinct and non overlapping are channels 1 and 11 . If you have neighbors with wifi - you may have to change the channel from time to time
- symptoms of interference are - a good wireless signal from your router but no internet reception. Very common. You may not even see the culprit with the windows wireless utility and yet it causes trouble. Also a lot of the newer routers have the wireless beacon turned off as a default for security reasons
to better find rogue signals try netstumbler. Free or beggarware.

http://www.netstumbler.com/downloads/

4) In terms of security - the most common is wep 64 which has been broken
Wep 128 has tons of numbers. You have to enter it twice. Bit unwieldy.
WPA is apparently more secure and has not been broken
Older cards may not have this feature
Newer ones do

- my feelins is that if you have a neighbour who has learnt how to beat wep 64 , good for them. If they have mean tendencies breaking your wep 64 encryption may well be the least of your troubles

a very good network utility is network magic. It will count intruders for you.
Helps you to run your home network. Very functional and in clear english.

Reset your router
Make sure your wireless network is running fine
Then setup the wireless encryption
If you are really concerned about security then wpa is preferred
You might also want to turn off your beacon. Do this after your network is setup and running properly. As well change the ssid from the defaults of either the most common on Linksys, default and wireless. You would be amazed at how many hidden networks can be accessed with those ssids.

http://www.networkmagic.com/

5) Lastly in terms of mac adressing as as security measure it is easily overcome
all a skilled person has to do is sniff out your traffic
They can asctertain the mac addresses of the network devices on your network
Then masquerade as one of those mac addresses. The system will let them in as a trusted member


A very good resource for setting uo your wireless router with diagrams of actual models is


http://www.portforward.com/english/routers/wireless/routerindex.htm


I see now that you are having troubles getting into the control panel of your router
This procedure an be erratic
Make sure that your proxy settings in the otptions > connection > networking area of your browser are unchecked
If you cannot get in - clear your cache and try again
if still not reboot
next try it with firefox
Its amazing how you cannot get into the router control panel and boom you have it
If the password has been changed from the default reset the router back to factory defaults with the reset button , which seems to be usually on the back of the router

Hope this helps.