[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 15/05/13 17:09, Viv Griffin wrote: > Thanks to all, and especially Gordon. I hope I am just being paranoid. I > have found wps in the router config (called qss - just to confuse me) and > switched it off. I like the idea of setting up better tools, as Gordon > suggests. But, I need to be able to set them up, use them and interpret the > results correctly. > > I think what I would really like is to be able to set up my internet access > in such a secure way that I don't have to about such things as hacking. So, > I have some supplementary questions: > > Would a better router help? From what some of you said, mine doesn't sound > very good, If so, any suggestions? > > Would moving away from wifi completely to a hard wired or a powerline > adapter solution be more secure? > > Even with changes to the setup, would a separate PC (as Gordon suggested) > monitoring network traffic still be necessary if I can stop feeling > paranoid? > > By the way, tomorrow, I am going to switch wifi back on but, not use the > internet all all, all day. It will be easier to see then, if there is any > unauthorised activity or if I am really just being paranoid. > > Thanks for all of your help. You are almost definitely being (justifiably) paranoid, but making sure is a good idea. We still don't have enough information: for example, advice on buying a new router would require us knowing whether you are on Cable or ADSL (I presume ADSL) and more information on your ISP, physical location (some areas are better served by different providers) and your usage model. It would help us if we also knew about your clients - we won't laugh at you if you only have windows or mac computers on your network, but it's useful to know. We can hardly recommend complex Linux network diagnostics tools if you're a complete amateur with a windows Vista laptop. Regarding some of your other questions, there is no such thing as a 100% secure network: however, with a little common sense and effort it's entirely possible to have a home network that is more secure than 99.9% of the rest of the internet, making you an extremely unlikely target. It would be a shame to completely disable wifi as it is a very useful tool and can be highly secure if done right. Personally I certainly wouldn't sacrifice the convenience of surfing the internet from the back garden when it's sunny. I would also not be able to voluntarily disable my internet connection for a day, I can barely last 5 minutes without net access... Whilst Gordon's suggestions for dumping packet captures from a bridged linux box or fiddling with ARP cache poisoning are completely valid, they are beyond your abilities without a lot of levelling up. It is simply not reasonable to expect laypeople to understand in any meaningful way the huge complexity of packet logging in the same way as I should not be considered capable of running an air worthiness check on a 747 engine: I am not an aeronautical engineer, and you are not a network engineer. Let's keep things realistic here, if you can't understand the basic log warnings from your router you have no business tracing TCP session stages through a 500Mb wireshark PCAP*. I'm just saying. Regards * I am in no way saying you couldn't or even shouldn't try: more power to you if decide to throw yourself fully into networking theory to get to the bottom of this personally. I would never dissuade anyone from rolling up their sleeves and trying to teach themselves complex things, quite the opposite, I'd applaud it. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq