settings on router

[bonkers82]

want to adjust settings on router. Believe nextdoor neighbour is possibly using mine( router is showing his PC). Also can only access a few websites on sons laptop. Desktop is fine. Wireless router is Dynamode BR6004 and haven't got a clue what any of the settings on the admin page should be. Would appreciate any help with this matter.

[Raistlin]

First thing you need to do is find the settings for the Admin user name and password. Change both.

Next look for an option to change the SSID, this is the name of your wireless network. Change the SSID to something that doesn't identify you, your home, your family, or the model/make of the router.

Next you need to find the wireless security settings, you should see settings for wireless encryption (probably options for 'WEP' and 'WPA'). You need to select WPA PSK and use a long and complicated password, the longer the better, the more complicated the better (use numbers, letters, special characters [!"£$%^&*()], don't use dictionary words).

These 3 actions should be sufficient to make your router reasonably secure, and to prevent your neighbour from trivially using your wireless connection.

[Noggo]

How did they get the passcode? (I'm assuming that the network was/is passcoded)

Another one:
Wireless Visibility Status: If you have the option change it to `invisible' (can't find much about the br-6000 on their webby to find out)

The Invisible option allows you to hide your wireless network. When this option is set to Visible, your wireless network name is broadcast to anyone within the range of your signal. If you're not using encryption then they could connect to your network. When Invisible mode is enabled, you must enter the Wireless Network Name (SSID) on the client manually to connect to the network.

[Hom3r]

One of the options in the router should enable you to block there MAC address.

[xpod]

Quote:

How did they get the passcode? (I'm assuming that the network was/is passcoded)

If it was completely unsecured then it could possibly be an innocent automatic connection from one of the neighbours....possibly.
If they were at least using WEP though then there`s someone a little more determined living close by.Not that they`d have to be tooo determined to get past WEP mind you as it`s relatively trivial to get those "passcodes" if thats the case.
If there is someone nearby being a d**k & cracking encryption keys then hiding networks and blocking mac`s probably wont be much use either.The only decent solution is Rob M`s WPA advise with a very strong password.Using words from dictionaries or names is a big no no.

[Raistlin]

Falsehood #1: Hiding the SSID increases security.

It doesn't. When your laptop looks for wireless access points in the area it will send out a small beacon, basically a transmission that says "If you're a wireless access point tell me your name". If you hide your SSID your access point won't respond to this beacon.

Anybody that's interested at all in knowing what access points are really around them will use a programme like Netstumbler. What this does is to send a beacon similar to the one in the last example, except this beacon says "Hello wireless access point, your name is X." To which any wireless access point (regardless of whether its SSID is hidden or not) will respond with "No, I'm not X, I'm Y" with Y being whatever the true SSID is.

Falsehood #2: Turning on MAC address filtering increases security.

It doesn't. MAC address spoofing (the act of changing your MAC address to match that of another device) is trivially simply, expecially within a Linux environment, and is one of the first things that an attacker will do to gain access to your wireless network.

The scanning tools used to identify your network, capture packets from it, and from that break your encryption key, will tell the attacker what MAC addresses are being used by legitimate clients on your network - all he/she has to do is change their MAC address to match one of those and they're in.

[EssDee]

Rob

I have to disagree with you somewhat. Both of the measures you have highlighted above DO increase security somewhat. Whilst they may be ineffective against those that are able and determined to breach such defences, they help to secure against casual (or accidental) breach. It's a bit like claiming locking your doors and fitting an alarm system doesn't increase your home security. It does,of course, but if somebody really wants in...........

Wouldn't like those that value the advice on here assume that it's not worth 'switching on' whatever they can to increase security. Better than nothing, surely?

[xpod]

Quote:

Wouldn't like those that value the advice on here assume that it's not worth 'switching on' whatever they can to increase security. Better than nothing, surely?

That`s quite true but if the poster in question has already had WEP encryption bypassed then i highly doubt those extra measures are of any use whatsoever in this particular case.Certainly worth using them under normal circumstances though.
Hopefully(in context of course) the poster has just had an unsecured line up until now and any security they switch on will stop the intrusions.

There`s always other options of course
http://www.ex-parrot.com/~pete/upside-down-ternet.html

[RubberyDuck]

At the very minimum use WPA, it really doesn't matter about hiding your SSID though I would rename it from the default name.

For more security implement a Radius Server (www.freeradius.org), you don't even need WPA/WEP with this.

[TheNorm]

Quote:

Originally Posted by EssDee

..., but if somebody really wants in........

... you can switch off wireless completely. HomePlug devices are more secure, and faster, than wireless.

Examples can be seen in "Introduction to HomePlug" on this site:

http://www.solwise.co.uk/reference-articles.htm

[Graham M]

Home plug is good, but not always easy to get working depending on your house/flat's wiring, plus it's still expensive

[Raistlin]

Quote:

Originally Posted by EssDee

I have to disagree with you somewhat. Both of the measures you have highlighted above DO increase security somewhat.

Hiding the SSID does nothing to increase the security, it merely makes it slightly more difficult to locate your network. It's still there, and it's no more secure, it's the equivalent of taking the house number off your house - the house still has the same level of security (taking the house number off doesn't make your locks more effective) it's just more difficult to find.

Quote:

Originally Posted by EssDee

It's a bit like claiming locking your doors and fitting an alarm system doesn't increase your home security.

Nothing like it at all I'm afraid. Locking your doors actually makes it more difficult to access your house, providing an increased physical barrier to entry. Fitting an alarm system doesn't make your house more secure, it simply acts as a deterrent and an indicator of whether your security had been breached. Activating encryption is the equivalent of having locks on your doors/windows, having an intrusion detection system would be the equivalent of having an alarm.

Quote:

Originally Posted by EssDee

Wouldn't like those that value the advice on here assume that it's not worth 'switching on' whatever they can to increase security. Better than nothing, surely?

MAC filtering makes it more difficult for the user to later connect more devices to their router, this will lead to problems and frustration further down the line - increasing the likelihood that they will switch it off (possibly along with other securing measures). Hiding the SSID also makes life more difficult for the user, with the same possible consequences.

I'd rather advise people to take a measured and appropriate stance on securing their routers, and provide them with advice that will lead to a genuine increase in security than get them to do something that needlessly complicates matters and won't help much in the long run.

As with any advice though, people are at liberty to take it or disregard it as they see fit - there's also nothing anywhere that says people can't post conflicting or complimentary advice, it's up to the person reading that advice how much of it they choose to pay attention to.

[EssDee]

Sometimes all that's required is some form of deterrent. For example, when it comes to looking for access to a wireless network 'off the cuff' in an area aren't you more likely to piggy back onto the network with no encryption and advertised SSID than those that have these measures covered? Hence my house analogy - would an opportunist housebreaker (no such crime as 'burglary' in Scotland!) pick the only house in the street with an alarm?

I wasn't having a dig Rob. Just felt that those a little less familiar with such matters than ourselves should not be put off implementing even the most basic of measures.

[Raistlin]

Quote:

Originally Posted by EssDee

Sometimes all that's required is some form of deterrent. For example, when it comes to looking for access to a wireless network 'off the cuff' in an area aren't you more likely to piggy back onto the network with no encryption and advertised SSID than those that have these measures covered? Hence my house analogy - would an opportunist housebreaker (no such crime as 'burglary' in Scotland!) pick the only house in the street with an alarm?

Again, the alarm analogy doesn't fit - there's nothing in any of the settings being discussed which is the same as having an alarm on the house, none of the measures discussed will alert you to an intrusion. Ask yourself this, would an opportunist thief be put off by the fact that there are no numbers on a house?

Quote:

Originally Posted by EssDee

I wasn't having a dig Rob. Just felt that those a little less familiar with such matters than ourselves should not be put off implementing even the most basic of measures.

I know you weren't having a dig, it's all cool My problem is that I quite often see people spending a great deal of time and effort implementing the advice of well meaning people only to find that they haven't increased the security posture of their systems at all. In fact, in many cases, they've often needlessly complicated the setup of their systems and gained no benefit from it.

Yes MAC filtering can be a useful administrative tool, and can be used to provide a limited assurance that there are only a limited pool of possible MAC addresses that can be connected to your machine. Hiding the SSID of a wireless access point can give you a limited assurance as to the anonymity of your system (especially if you've also changed the SSID). Neither of these measures makes your system more secure though, and they should never be extolled as security providing features.

[RamJet]

Hi ( sorry about the double post - should have posted here I think )

I bought a Dynamode BR-6004 from Virgin media about a year ago

all has been fine until now when suddently it won't pass VPN connectivity

I use this VPN daily to contact my firm's servers

On the box it says "Suports VPN Pass Through PPTP"

hoping someone knows what the settings are & where I can correct this

ps I know it's the router that's got probs becuase I've taken my laptop to another WiFi stystem and it connects fine there - back home no pass thru

thanks