Ways to secure a router and other helpful tips

Topic

New Reply

	TOP STORY Ways to secure a router and other helpful tips
	By Fred Langa In this special-edition LangaList Plus column, a half-dozen easily implemented settings can help make your Wi-Fi setup much harder to crack, snoop, or poach. Plus: Scheduling Windows Defender malware scans in Win8, mirroring a solid-state drive, repairing a DIY CPU cooler, and recommending a free taskbar-tweaking utility.

---

The full text of this column is posted at windowssecrets.com/top-story/ways-to-secure-a-router-and-other-helpful-tips (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

The latest WS email had the following story “Free taskbar-tweaking utility for Win7/8”, by Douglas J. Ward.

I already use that excellent utility.

In the story, the author says: “The only other fix I could find was to increase the hover delay for all popup notifications. Unfortunately, it’s a global change”

Unsolicited popups and tooltips are the main reason for my grey hair. So, I would be most grateful if someone could tell me what the “global change” is.

Reply | Quote

I still use WEA and my roter is quite old so may not be able to use WPA2. I do know that I can use WPA however.

How straightforward is it to change router to WPA or WPA2?
How would I go about it – from a alptop using Windows 7 fully updated.
Can i retain the current password key used to grant access to devices?
Would devices autiomatically pick up the change if the passkey is unchanged?

Or would I have to start all over again from fresh- reluctant as it took me ages to get it set up in the first place.

NB Devices attached are 2 laptops both using Windows 7, IPAD, Iphone and a HP all-in-one printer/scanner
The router is Linksys and is about 10 years old and the first devices using it were on Windows XP.

Reply | Quote

I have had all of the router security features that Fred describes for some time now. The downside though is that the occasional visting iPad or phone is a right pain to add to the network, because first of all I have to locate the MAC address (not always easy, especially on Android devices), and then use my laptop to connect to the router. And then, my router doesn’t maintain a list of helpful names against MAC addresses, but instead I have to have a list of which of my devices have a connection to the WiFi (the length of it surprised me!) so that I can remove the “guests” later.

My router, though, has the option to have multiple SSIDs, and I have seen somewhere a recommendation that I should set up a “Guest” version, presumably without MAC filtering. But doesn’t that just mean that I am back to being exposed again? Or is the new SSID isolated from the first? But even then, I am still potentially opening a crack into my otherwise locked down internet connection & LAN.

Any advice? Thanks.

Reply | Quote

Regarding the Taskbar Tweaker, my pet hate with the Windows 7 taskbar is when you try to drag a file onto an application minimized on the taskbar to open it. The icon dances left & right trying to get out of your way & escape the task you are trying to give it, till after a few seconds you eventually manage to pin it down. (in my case this is usually a .jpg onto Photoshop Elements)

I wonder if this, or another Tweaker can help with the problem, or if we simply have to put up with another area where Vista & later are inferior to XP.

Reply | Quote

Fred, I disagree with you that hiding SSID will do much with securing your wireless network. SSID has to be included with beacon frame of 802.11 communication. It is in the clear and anybody with read it with proper tool that is freely available (airsnort, wire shark). MAC filtering also easy to defeat too. it involves no software in Windows except changing the settings of the wireless network card.

Reply | Quote

Fred, I disagree with you that hiding SSID will do much with securing your wireless network. SSID has to be included with beacon frame of 802.11 communication. It is in the clear and anybody with read it with proper tool that is freely available (airsnort, wire shark). MAC filtering also easy to defeat too. it involves no software in Windows except changing the settings of the wireless network card.

slam, you are correct. If you hide the SSID then any and all wireless devices on your home network will broadcast a probe request which includes the the name of your SSID. What’s more, anyone intercepting that probe request can “reply” and claim that they are the SSID which your network wireless device is looking for, thus enabling them to intercept personal details, and who knows what else.

The argument that disabling SSID broadcast is one more layer of protection doesn’t hold up. You’ve already enabled WPA-2 encryption which is vastly more secure than hiding your SSID, so why pile on extra inconvenience for your guests by disabling SSID? And, if you haven’t enabled WPA-2 then hiding your SSID won’t help you anyway.

Finally, kudos to Linksys and others who made good quality routers 10 years ago that are still running today. Having said that, you can replace it with a brand new one that’s much, MUCH faster and has much, MUCH better security for $19.99 – $39.99. These may not be as heavy-duty as the old Linksys but they WILL keep your home network a lot safer. At the moment we are using an OnNetworks router that sells for around $30 and it has both speed and good security. I’m sure there are plenty of other models out there, too.[/I]

Reply | Quote

I would like to try this but do not know how. Here is my problem:

I currently use Acronis which has gotten more complicated and difficult to use with each new version. I would like a simple reliable(!) imaging program that allows me to specify – not just a device – but an actual subdirectory where the images are to be stored and from which they may be restored.

I have, at present about six machines for which I am storing images – on various internal and external drives in separate subdirectories identified by system. I have restored partitions from these images about a dozen times over the last several years. Some versions of Acronis fail to restore images (notably the 2009 version) but the 2010 version has always worked for this task (under Windows XP). I’ve had no luck at all with the 2011 and 2012 versions of this program. The 2013 version works with Win7 but the user interface is very difficult for a contemporary American user like me to follow.

I would, of course prefer to use Win7 now that most machines I use/service are running this system BUT Windows 7 seems to not allow specification of a subdirectory for storage. Can you explain what I am missing? How does one specify a particular subdirectory – not just an entire drive – in the Win7 utility when saving or restoring an image?

Also, in attempting to uninstall Acronis 2013 from one machine, the uninstall “failed” and Acronis will not provide support for this problem unless a substantial fee is paid with no assurance that the problem would be fixed. Any thoughts on how to uninstall this without having to reinstall the entire system?

Reply | Quote

Intel introduced a feature called Smart Response which allows you to use an SSD as a “cache” for all frequently-used files along with a regular spinning hard drive (HDD). This method allows SSD-like fast boot-up, fast program start, fast game loading, fast web page loading, etc. while all files are still there on the regular hard drive, too. If you have a recent model PC or laptop you might check if Smart Response is available for you to download free from Intel.

Marvell introduced a new chipset last year (called 9230 i think) which includes a similar feature named HyperDuo. Various manufacturers now use this chipset in add-on controller cards which plug in to an available empty slot on your desktop computer’s motherboard (specifically, such a card would plug into a PCI-e x4 slot on the motherboard; don’t settle for slower x1 slot cards). Then you connect an SSD of any capacity plus an HDD and choose “Safety” during the setup steps. You get almost the full speed of the SSD and your whole Windows setup remains on the HDD. All needed “hot files” are copied onto the SSD for fast computing. The only catch is that you must install Windows afresh (or clone your existing setup). Once that’s done, you’re in business.
We’ve been using a SYBA SD-PEX40054, but you could do a search for something like ” controller card with hyperduo ” to find other models.

Yet another option is a Hybrid drive (SSHD) which is a regular spinning hard drive with a small SSD cache onboard which stores frequently-used “hot files” for faster computing. We have one of these in our laptop and most of the stuff we do every day like booting up, using the internet, email, and a few games is/are very much faster than the original laptop hard drive. And, the SSHD is affordable. The only drawback is that the SSD cache size is usually 8GB, whereas our main desktop PC with the SYBA controller card has a 240GB SSD plus 2TB HDD, and that bigger SSD means we can cache every program, app, game, etc. rather than just the most frequently-used ones.

As long as SSDs remain expensive for a large capacity model it makes sense to at least consider some sort of hybrid or combo option. All of the options described above allow you to make backups and/or system images with your favorite backup software, be it Windows built-in option or 3rd-party apps like Acronis, Easeus, Paragon, etc.

Reply | Quote

RE: But SSID broadcasting is a convenience, not a necessity. Wi-Fi networks work just fine without it.

That is true – somewhat. My experience as an on-site technician has taught me that there are situations when a computer will either not connect or not maintain the connection to a wireless access point that is not broadcasting the SSID. I do not like to set up wireless networks with the SSID being broadcast – they are less secure that way. But if the machine has difficulty connecting, often changing the router’s settings so that the SSID is broadcast will cure the failure to connect problem.

Reply | Quote

chasrome:

At home we use Easeus ToDo Backup free version. Very easy to use and let’s us assign a location for backups. Basically, it scans for a suitable location, but you can assign it to a different partition if you wish and it creates a “my Backups” folder there. Also, i noticed when running the program to Restore a backup it found an available backup image we had moved to a different folder (after the backup image was created) so it seems you can place backup images where you wish or maybe rename the folder, etc. and still be able to retrieve it later.

Reply | Quote

Regarding the SSID broadcasting of casual snoops and Wi-Fi freeloaders. When I install routers for my friends and family members, I broadcast the SSID in the clear, and I name it the house address on the street behind the router address.

For example, if my mother’s house router resides at 221 Chestnut Street, and the street behind her house is on the 200-block of Oak Street, I might use the router SSID of 218¬_OAK_ST.

Snoops and Wi-Fi freeloaders *will* see the SSID, but as they hone into 218 Oak Street, their signal will get weaker. The REAL security is in a l-o-n-g password.

Hopefully, they get decide to give up and move on, to look for another target (like the Burger King down the road :).

Reply | Quote

I choose a nondescript SSID, such as “footballfan”, so that no one but my friends will realize that it is me.

I bought a Netgear N150 router about a year ago. It’s not the latest and greatest, but it is very adequate for me.

I disabled PIN authentication (or whatever it’s called) on my router, to eliminate that entry point.

I selected a secure password.

The above will keep out most people who don’t belong. To my knowledge, no one who lives within range would have the ability to get past what I have set up.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Hi Fred
Is there a way to schedule download of Windows Defender virus definitions, on a daily basis? I use Windows8.
Thank you
samali

Reply | Quote