Security solution for home office: both hardware & software?

[DualMonitors]

Hello! I'm at a home office with an approx 3-5 year old Linksys "B" wireless router: one of the earlier ones that's blue with 2 black antennas in the back.

I have only modest needs: one desktop (2 right now because i'm migrating from my old to my new) and a laptop, plus some misc gadgets here and there. my current laptop is around 3 yrs old and is B only, but it will have to be upgraded one day. i'm not particularly transferring large files wirelessly back and forth, so the B speed for accessing internet is just fine for now. Future? who knows, maybe i'd get into music, video more? but nothing immediately.

I'm getting increasingly concerned about all the talk about people hacking into and through the wireless routers that many have, despite the built in standard security in these typical, run of the mill wireless routers. the connection is: cable coax TO cable modem TO voip TO wireless router (which is hard connected to 2 desktops at the moment, 1 typically, and wireless connected to a laptop, plus sometimes other misc electronics).

My question is whether getting a brand new, current wireless router (i.e. a D Link pre-N wireless router) will significantly enhance my security, from the point of view that it would make it more difficult for people to try to hack in through the internet. I'm somewhat less concerned about people hacking in wirelessly, because the population of people within broadcast range, however large, would likely not be bigger than, say 100 people. Where as the number of people out there in the internet who has the capacity to hack in would be far greater.

I'm looking for a more secure solution: whether using hardware or software. The KEY requirement is that it is relatively easy to set up and then use. It would not be useful if ever other web site i visit would have trouble and i'd be so frustrated that i'd end up unplugging the new security device! nor would it be useful if i disabled some annoying software firewall. Ideally, the new hardware/software should be easy to set up, and just basically be there from them on - almost akin to the typical wireless routers that many, if not most, of us have at home. Once set up (and nowadays, set up is increasingly easy), it is forgotten, almost, and provide some level of a "hardware firewall" which significantly makes it more tough for people to break in/hack in.

I'm hoping that the solution(s) suggested by the good folks here would be practical, i.e. it doesn't have to only cost $50, but it ought not cost $1,500 either.

thank you all so much for helping me out and working this issue through.

 

[EULA]

I just set up a Linux router using IPCop. I was concerned at first, because I'm not too experienced with Linux, but it was pretty simple. Download the .iso file, burn it to a disk, throw it in a machine, and it pretty much sets itself up. All you'll need is an old box to put it on.

Plus it's got a lot of additional features, such as a proxy server, dhcp, QoS, and lots of logging options so you can view traffic.

As for your wireless, you could connect your current AP to IPCop's "blue" interface, which doesn't permit wireless traffic to access your "green", or internal network, except through a vpn or tight firewall.

As for managing IPCop, it's pretty much all done via a web interface; the only thing you should need to log into the console for is if you ever had to adjust the network interfaces.


I'd recommend looking into it. It's a very cost-effective, secure solution.

 

[jlazzaro]

Originally posted by: EULA
I just set up a Linux router using IPCop. I was concerned at first, because I'm not too experienced with Linux, but it was pretty simple. Download the .iso file, burn it to a disk, throw it in a machine, and it pretty much sets itself up. All you'll need is an old box to put it on.

Plus it's got a lot of additional features, such as a proxy server, dhcp, QoS, and lots of logging options so you can view traffic.

As for your wireless, you could connect your current AP to IPCop's "blue" interface, which doesn't permit wireless traffic to access your "green", or internal network, except through a vpn or tight firewall.

As for managing IPCop, it's pretty much all done via a web interface; the only thing you should need to log into the console for is if you ever had to adjust the network interfaces.


I'd recommend looking into it. It's a very cost-effective, secure solution.

have you had any experience with its competitors like smoothwall, m0n0wall, etc? I have an extra 2.4ghz box (overkill i know, its the slowest system I have) in a 2U chassis and want to get something going.

 

[JackMDS]

Though the same word security is used for Wireless connection and Internet connection there is no real relation between them.

Given your description, a good $50 Wireless Router and a freeware software Firewall should protect the same as a $1500 hardware (Buying an expensive Bulldozer does not provide better transportation to take the Kids to school).

Wireless security as to do with the encryption capacity of the hardware.

To secure your Wireless you need a Router that can provide WPA-AES. There are very good Routers for less then $50 that can do it.

WPA-AES is WPA-AES a more expensive Router in this regard does not provide better WPA-AES and more security.


Actually, in case or Wireless, local software Firewall on each computer provides more security than a fancy Firewall Box (geeky setting is not necessary always better). Firewall box would not protect your computer centrally from the Internet but not from a Wireless security Bridge. Local software Firewall on each computer with the correct setting off the trusted zone should.

Link to: Freeware Security suit for Internet Connection Protection.

From the weakest to the Strongest..
No Security
MAC
WEP
WPA-PSK
WPA-AES
WPA2
-------------------------------------------
Wireless Security - http://www.ezlan.net/Wireless_Security.html

WEP, WPA, and the Future - http://www.ezlan.net/wpa_wep.html

The security must be set according to lowest capable Wireless component.
I.e. even most of you Wireless are capable to do WPA2, but one device is only capable to do WEP, the whole system must be configured to WEP.

 

[DualMonitors]

Hi there and thx for replying to my question.

Sorry to say, i don't understand the types of things you guys are asking/discussing. i'm able to be somewhat computer literate, but at a rather basic level. i know that there are various types of security that i can set up using typical wireless routers, enter codes and let it generate some level of security, and also to further help that along, ask the router to only accept communications from specific IP addresses only or something like that.

My concerns include: people being able to enter/hack in via the cable/internet (lots of potential people as the cable = internet), people hacking in wirelessly (fewer people as they must be within broadcast range).

My goals include: protecting against BOTH of those threats listed just above; but furthermore, have the solution be something that an be practically implemented. I do not have an "IT guy" and have to do everything myself. While i'm a "budding enthusiast", i'm still a very low level enthusiast (just built my first pc!) and am not that good at it.

A solution that is overly troublesome and nagging will turn out to be something that will be "turned off" making it useless. A system that is too hard to set up will make someone who is limited in PC capabilities to abandon this security effort. So the desired solution will not limit internet access much at all, minimal disruption daily, and provides additional security over and above the typical run of the mill.

ONE ALTERNATIVE is to get rid of my 3-5 yr old linksys "B" router and buy, say, a pre-N D-Link new router. Would this give me some additional level of protection? the cost is relatively low (roughly $120) for their latest model (white color, i believe), but i do not really know how much additional security it really provides. Or, i can get another box/hardware. Or, i can do BOTH: get a new router AND another hardware box that is intended for additional security.

i'm very open for suggestions, ladies and gentlemen. Thank you all so much in advance.

 

[JackMDS]

You have few choices.

1. Learn a little so you can make your own decision.

2. Do what knowledgeable users suggest.

3. Do what the common crowd that mainly get their technical information from Area51 (or Britanny Spears) claim that they know, heard, speculate, whatever, is the best.:shocked:

Foe Wireless Security, any new Wireless Cable/DSL Router that is 802.11b/g and can do WPA-AES is the utmost security that you can get.

This Routers cost $37 or $55 provide Wireless security as high as Wireless security can go with End-Users systems.

This Router for regular use,
http://www.newegg.com/Product/Product.asp?Item=N82E16833162173

This is similar Router with High Power Output for Extra Wireless range,
http://www.newegg.com/Product/Product.asp?Item=N82E16833162134

If you buy the D-Link you would get the same security, and it would work with 802.11b/g cards the same as this $37 unit.

If you buy a preN cards for your wireless computers, ($100 each) you would get the same security but probably few feet more in distance.

Hacking through an Internet connection has nothing to do with the Wireless.

Any combination of Wireless Cable/DSL Router, software firewall, antivirus, and anti Spyware would protect from Internet trepidations.

The other solution as mentioned by the esteem members of this Forum are very good solution as well but they are clearly out of the realm of your current knowledge.

If you would like to spend time becoming proficient with other OS? and hardware, the suggestions might open new horizon.

However if your concerns are practical my advice Hold.