Notice: Firmware Links Under Maintenance We are currently undergoing maintenance on all firmware links. If any links are inaccessible, please email or contact Tech Support for the firmware. We appreciate your patience during the maintenance, thank you for your understanding.
Difference between revisions of "Cyber Security/Secure Router or Modem"
(→Firewall) |
(→Firewall) |
||
| Line 101: | Line 101: | ||
<blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | <blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | ||
Firewall Protection | Firewall Protection | ||
| + | |||
SPI Firewall:Enable Disable | SPI Firewall:Enable Disable | ||
</blockquote> | </blockquote> | ||
| Line 106: | Line 107: | ||
<blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | <blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | ||
Additional Filters | Additional Filters | ||
| + | |||
Filter Proxy | Filter Proxy | ||
| + | |||
Filter Cookies | Filter Cookies | ||
| + | |||
Filter Java Applets | Filter Java Applets | ||
| + | |||
Filter ActiveX | Filter ActiveX | ||
</blockquote> | </blockquote> | ||
| Line 114: | Line 119: | ||
<blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | <blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | ||
Block WAN Requests | Block WAN Requests | ||
| + | |||
Block Anonymous WAN Requests (ping) | Block Anonymous WAN Requests (ping) | ||
| + | |||
Filter Multicast | Filter Multicast | ||
| + | |||
Filter WAN NAT Redirection | Filter WAN NAT Redirection | ||
| + | |||
Filter IDENT (Port 113) | Filter IDENT (Port 113) | ||
| + | |||
Block WAN SNMP access | Block WAN SNMP access | ||
</blockquote> | </blockquote> | ||
| Line 123: | Line 133: | ||
<blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | <blockquote style="width: 25%; background-color: lightgrey; border: solid thin lightgrey;"> | ||
Impede WAN DoS/Bruteforce | Impede WAN DoS/Bruteforce | ||
| + | |||
Limit SSH Access | Limit SSH Access | ||
| + | |||
Limit Telnet Access | Limit Telnet Access | ||
| + | |||
Limit PPTP Server Access | Limit PPTP Server Access | ||
| + | |||
Limit FTP Server Access | Limit FTP Server Access | ||
</blockquote> | </blockquote> | ||
Revision as of 16:22, 25 October 2016
Contents
How to Create a More Secure Network
Recommended Router Models
- A router with DD-WRT installed. You can locate devices that have DD-WRT support on DD-WRT's website
Notes About DD-WRT
- This software will add many more features to your router, and should only be used by experienced professionals
- Flashing DD-WRT can potentially brick your router, so make sure to follow any instructions carefully
- This guide will not cover all DD-WRT features, only those pertinent to securing your network, and security device
- Menu's might be different in your router depending on your version of DD-WRT
Links and Resources
- DD-WRT Glossary
- DD-WRT FTP
- PuTTY
- MVPs Blacklist
- Ad Blocking DNS
- DD-WRT Ad-Blocking
- Privoxy Setup
- More Info
Setup
Basic Setup
IPV6
DDNS
MAC Address Clone
Advanced Routing
VLANS
Networking
EoIP Tunnel
Wireless
Basic Settings
Radius
Wireless Security
The wireless security settings, in decreasing order of preference, should be the pre-shared key versions of the following: 1. WPA2 + AES
2. WPA + AES (only if all devices support it).
3. WPA + TKIP (maximum security commonly supported by older wireless adapters - can be cracked as well)
4. WEP (easily cracked in 5 minutes)
5. Disabled (no security. Use some other security layer on top, like a VPN)
-Source DD-WRT Wiki
MAC Filter
WL0-Advanced
WL0-WDS
WL1-Advanced
WL1-WDS
Services
Services
FreeRadius
PPPoE Server
VPN
VPN: Definition
A VPN or Virtual Private Network, is used to remotely access your network. This feature will basically allow your computer to remotely connect to your LAN as if that computer was physically on that network.
VPN Configuaration
If you are not using this feature, disable all VPN settings, including:
- IPSec Passthrough
- PPTP Passthrough
- L2TP Passthrough
USB
NAS
Hotspot
SIP Proxy
Adblocking
- Privoxy Basic Configuration
- Link to Setup Ad Blocking on DD-WRT
- Additional Method to Setup Ad Blocking on DD-WRT
- Second Additional Method to Setup Ad Blocking on DD-WRT
Options:
Privoxy: Enable/Disable
Transparent Mode: Enable/Disable
Custom Configuration: Enable/Disable
Recommended Options:
Privoxy: Enable
Transparent Mode: Disable
Custom Configuration: Disable
Security
Firewall
Firewall Protection
SPI Firewall:Enable Disable
Additional Filters
Filter Proxy
Filter Cookies
Filter Java Applets
Filter ActiveX
Block WAN Requests
Block Anonymous WAN Requests (ping)
Filter Multicast
Filter WAN NAT Redirection
Filter IDENT (Port 113)
Block WAN SNMP access
Impede WAN DoS/Bruteforce
Limit SSH Access
Limit Telnet Access
Limit PPTP Server Access
Limit FTP Server Access
VPN Passthrough
Access Restrictions
WAN Access
NAT/QOS
Port Forwarding
Port Range Forwarding
Port Triggering
UPnP
DMZ
QoS
Administration
Management
Keep Alive
Commands
WOL
Factory Defaults
Firmware Upgrade
Backup
Status
