Personal computing discussed
Moderators: renee, Steel, notfred
NeRve wrote:I seem to have made some progress.... (finally). I was able to access my shared folder on my laptop from my desktop, but I cant access my desktop shared folders from my laptop. In fact, my computer isnt even listed in My Network Neighborhood, but my Laptop is. Anyone know of an explanation?
NeRve wrote:For security, should I turn off the router and use my USB DSL modem during the weekdays and when it turns to weekend and more than one computer is used, should I then turn on the router and the ethernet DSL modem? Or is it safe for me to just leave the router turned on the whole time and use it to connect to the net through the ethernet modem?
NeRve wrote:I'm not familiar with this particular router. However, every one that I've seen has the option of turning off the wireless access point without affecting anything else. Rather than re-jig your hardware every weekend, you could just turn the radio on and off. With it off, you're as secure as you would be with any other piece of equipment (and as insecure as you choose to make yourself by opening ports or DMZ-ing machines) -- and more secure than you would be with just the modem alone. Of course you have to remember to turn wireless off, but assuming you do that, and you take what steps you can to protect yourself when the wireless is on, you're about as secure as you can be short of buying a separate firewall and putting it downstream of your access point (which still wouldn't protect you from drive-bys using your internet connection). As Canuckle says, the router provides some protection so you should use it (I wish every DSL modem sold had a NAT router built-in -- even if it didn't provide more than one connection -- simply because it would vastly reduce the proliferation of worms).For security, should I turn off the router and use my USB DSL modem during the weekdays and when it turns to weekend and more than one computer is used, should I then turn on the router and the ethernet DSL modem? Or is it safe for me to just leave the router turned on the whole time and use it to connect to the net through the ethernet modem?
NeRve wrote:If that's indeed the IP address you saw (240.121.100.something) that could be someone spoofing an IP (240 is class E, "reserved" space). But it could also be you, if you're using DHCP and the router is allocating addresses out of that range. Which would be weird -- most consumer routers I've seen allocate out of Class C: 192.168.x.x -- but not impossible. Keep in mind that your router is going to get the IP address that your ISP has allocated to you, and then (through the wonders of NAT) the router will allocate a completely different set of IPs to the various PCs hooked up to it. As far as your ISP is concerned, your router is you, and anything that goes on behind that is effectively outside the internet, which is why they provide a measure of security.Alrighty! I am working out the kinks of the system, but it's still very frustrating. I just recieved by mail my ethernet DSL modem. I was able to connect to the net through the router using that modem. However, (I'm not sure if this was a hacker) I couldnt access my configurations for the router. Belkin uses a web-based configuration system that could also include a password to prevent unauthorized access to settings. Only one person was allowed to access administrator at a time. Everything was going fine, when I went into the main setup and created my administrator password. And then the wierd thing happened. I logged out and tried to log back into the router system, but I couldn't it said 240.121.100 (something like that) is controlling the router system. I was like, (oh crap someone already trying to hack through my network). I immediately disconeecting my modem from my router. And after several tries I was able to access the router system again. (I wasnt sure if 240.121.100 was a wireless computer or from the net) but that lost some of my confidence in the security of the network. *Sigh* I check through IP Config my computer's IP address and it certainly wasnt 240.121.100. Got me wondering who could access my router so fast. Was it a hacker or was it simply a programing glitch in routing system. I dont know. But I was wondering of you had problems like this before?
UberGerbil wrote:Anyway, like I said, I'm unfamiliar with this particular router. It shouldn't allow the web interface to be accessed from the upstream side -- its internal http server should only be talking to the systems that are "behind" it (though this may be an adminstration setting you have to specify -- also, if it allows access to the adminstration settings from the wireless side of things you should turn that off too, if it lets you).
Captain Ned wrote:My Linksys BEFSX41 allows for WAN access to the admin http server, so I'm presuming most/many consumer-grade routers are the same.
Captain Ned wrote:My use of "shouldn't" in that sentence was prescriptive, not descriptive.UberGerbil wrote:Anyway, like I said, I'm unfamiliar with this particular router. It shouldn't allow the web interface to be accessed from the upstream side -- its internal http server should only be talking to the systems that are "behind" it (though this may be an adminstration setting you have to specify -- also, if it allows access to the adminstration settings from the wireless side of things you should turn that off too, if it lets you).
My Linksys BEFSX41 allows for WAN access to the admin http server, so I'm presuming most/many consumer-grade routers are the same.
atryus28 wrote:I don't know your specific router either but the two I have (one wireless, one wired dlinks) allow you to change a whole lot of stuff. You should, if your that concerend, set up only certain addresses to be allowed any use through the router. Since you currently only have three PC's than you would only need 3 addresses. You would have to change the IP addresses in the PC's to be static instead of dynamic.
This way no other PC's could get into your network at all unless you specifically allow them.
During the week you could also disallow those two other IP's from connecting to the net at all and come the weekend enable them again. It may be a pain but it would certainly be secure.
Don't know if you have this option but you should also make your router unpingable.
You seem to be confusing the outgoing access policy (which controls which PCs on the LAN can access the Internet, and when) with the firewall/NAT functionality which prevents outside access to your LAN. The two are in fact separate functions. Your LAN is just as secure from outside intrusions whether you set local access policies or not.
NeRve wrote:Well, my Belkin has a MAC filtering system. If I use that, will my network be secure somewhat from eavesdropping wireless signals or the Net?
NeRve wrote:Mmm... ok any easy-to-do-subnetting guides out there?
atryus28 wrote:It depends on how many Computers you are going to connect. If you are only connecting say 3 computers for now you can assign them static IP's and give out addresses like 192.168.0.100-102. This would give you only three addresses and all three would be taken up by your existing three PC's. If you wanted to add more you would have to go back in to your router and add addresses as needed. You could make your addresses sporadic as well like say: 192.168.0.55, 192.168.0.103, and 192.168.0.231. If you only allow three connections (or howevermany you need) and all of them are taken up no one else should be able to get on your network. This is only really needed for the wireless end of your network though even if you have one wired and two wireless you should do this.
NeRve wrote:What implementation does an average Joe put in security for his network - wired or wireless? Is subnetting a network, especially a home network - done in most cases?
atryus28 wrote:I was trying to explain how to limit your number of connections to the router.
As with most things in the PC world, there are numerous ways to something. You'll have to decide what fits you best and check whether or not you have a tin foil hat on or not.