An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 2 of 2 < 1 2
Topic Options
#38109 - 01/02/16 04:30 PM Re: Spam Advisory from ATT [Re: joemikeb]
deniro Offline


Registered: 09/09/09
I feel so much better now.
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#38111 - 01/02/16 10:11 PM Re: Spam Advisory from ATT [Re: deniro]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
Good job on updating the firmware for your router....additionally, you can better lock it down from external intrusion by choosing to turn off Telnet and SSH access as those are the most common attack vectors for the embedded Linux kernel that powers that particular small computer.
_________________________
Freedom is never free....thank a Service member today.

Top
#38120 - 01/03/16 09:15 AM Re: Spam Advisory from ATT [Re: MacManiac]
deniro Offline


Registered: 09/09/09
How do I do that?
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#38168 - 01/08/16 09:03 AM Re: Spam Advisory from ATT [Re: deniro]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
Tell me your router specific model number and I will lookup the PDF for the manual that pertains...it's a little advanced, but still follows simple menu selections and check boxes. Best to have the exact model to be sure the instructions can match.

FWIW, there are several Netgear N300 routers to choose from.....
_________________________
Freedom is never free....thank a Service member today.

Top
#38169 - 01/08/16 09:19 AM Re: Spam Advisory from ATT [Re: MacManiac]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
A lot of routers nowadays have the firmware update routine in their management page and will download and install it themselves if you select that option. Much easier that way as you don't have to find the correct firmware, download it, connect to the router, upload it, etc. Much more foolproof, it does it pretty automatically.
_________________________
I work for the Department of Redundancy Department

Top
#38193 - 01/09/16 10:59 AM Re: Spam Advisory from ATT [Re: Virtual1]
deniro Offline


Registered: 09/09/09
Netgear N300 WNR2000v4, firmware version V1.0.0.60

Yes, I've had trouble with firmware upgrades in the past, meaning they don't work, so I would rather download firmware manually.

People at the Netgear forum told me that the new firmware I downloaded last week won't work. They're wrong. I'm using it now and everything's fine.



Edited by deniro (01/09/16 11:00 AM)
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#38208 - 01/10/16 03:51 PM Re: Spam Advisory from ATT [Re: deniro]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
If you'd like, I will simply list the things that I normally do to help secure WiFi routers that I install.....use as much or as little as makes sense to you.

The VERY FIRST thing that I do is reset the default logon password (page 12) to something that I would use (and that isn't already known to the rest of the world as being the default password for your N300 WNR2000v4.....in this case, the default password that you need to change is "password" and while it doesn't have to be particularly hardened, it should be something that is not only easy for you to remember but also should contain at least one special character, a numeral and both upper and lower case letters - a reasonable example for your situation might be a person, pet, or vehicle that you can apply those parameters to - such as Cr0wn-V1ctoria - upper/lower case, numerals and a special character describing an earlier car you might once have owned.....

The next thing I would do is change the default LAN IP to something different from the default of 192.168.1.1 --- use 192.168.10.1 for the new router address for example. (page 49)

Then I would shrink the DHCP pool down to a more reasonable size and have it start and end more in the middle of your available range.....so instead of serving addresses to over 250 potential LAN clients (the default range is 192.168.1.2 to 192.168.254) I would limit the range to include 20 potential LAN clients and have it start somewhere in the middle, like 192.168.10.180 to 192.168.10.199 -- (page 50) 20 DHCP clients should be more than enough to meet your normal networking needs unless you have a GOB of devices on your network.

Name the SSID (page 28) to your desired name (DeniroNet just as an example) and here is where I would make a password that not only contains upper/lower case, numerals and special characters, but also runs out to 14 characters in length.....this is the password that you use for joining your WiFi network using WPA2 personal with PSK and AES encryption (the default shown on page 30). "MySt00p1dDawg!" for example would be a strong WPA2 passphrase....exactly 14 characters without the quotes, using special characters, numerals, and upper/lower case letters yet easily remembered without having to write it down somewhere.

One other thing that I prefer to do is disable the WPS button on the router so that I can't inadvertently muck up my wireless network......your router does NOT have the option to disable WPS.

Looking further at the remote access options that your router has (and the defaults that it comes with) I don't see any further changes for you.....there is no option for SSH or Telnet access listed, and the WAN Access defaults look fine to me.

Just a few more items in closing.....when you change the routers' internal IP address from the default setting, you will have to log back into the internal control page by directing your browser to the new IP address that you just set -- the default "http://www.routerlogin.net" may no longer get you there. So using our example above, once you reset the IP address to be 192.168.10.1, you will most likely need to send your browser to that address to continue making your changes to setup for your installation.

...and of course, you've already seen that when you change the SSID and the security passphrase to something other than the defaults that Netgear set originally, you will need to join your NEW wireless network instead of the original NETGEAR WiFI network that was originally being broadcast....and use the new passphrase that you set instead of the hard to remember one that is written on the label on the back of your router.

Hope all this doesn't put xx's in your eyes by being too inherently geeky....
_________________________
Freedom is never free....thank a Service member today.

Top
#38209 - 01/10/16 04:29 PM Re: Spam Advisory from ATT [Re: MacManiac]
deniro Offline


Registered: 09/09/09
Thanks. That's a lot of suggestions. I didn't know about changing the LAN IP or the DHCP. I'll think about that.

I already changed the base name, base password, and the network password. The passwords are 20-character generated by 1Password which I use for all my passwords. I mentioned before that I changed the DNS numbers to OpenDNS. WPS is disabled under prefs, though the router's WPS light is always on. Guest access is disabled. I could configure the settings so that only the devices I choose can log in to the network. At the moment, a Dell, an ipad, and a printer. I think I have to use the MAC addresses for that. I haven't done it before, but it should be easy.
_________________________
OS X 10.11.6
iMac 21.5", Mid 2011
2.8 GHz Intel Core i7, 24 GB
AMD Radeon HD 6770M
Using Apple computers since 1980

Top
#38210 - 01/10/16 07:02 PM Re: Spam Advisory from ATT [Re: deniro]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
Using the MAC address to limit access is not as effective as you might hope.....anyone wanting to join your network illicitly can analyze packet data to find the active MAC addresses on your network then spoof one of those. Having a strong WiFi passphrase such as you do is far more effective.

Leave yourself enough room to add devices to your network without having to manually intervene each time, but limit the DHCP pool to a smaller footprint.....I nominally suggest keeping it about 60% larger than your normal client base if you have more than 5 devices on your network.....if you have 5 or less, then limit your pool to 10 clients.
_________________________
Freedom is never free....thank a Service member today.

Top
#38215 - 01/11/16 05:06 AM Re: Spam Advisory from ATT [Re: MacManiac]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Well if they're going to all that trouble to use your wifi, they've earned it, haven't they? wink
_________________________
I work for the Department of Redundancy Department

Top
#38232 - 01/12/16 09:27 AM Re: Spam Advisory from ATT [Re: Virtual1]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
[IRONY]Yeah, should probably just open the entire WiFi network up and let anyone use it[/IRONY].....my point exactly - there's a point past which additional layers of security are no longer beneficial, and may actually impede the functional use of the network.




edited to add the "irony" tags.....


Edited by MacManiac (01/12/16 09:28 AM)
_________________________
Freedom is never free....thank a Service member today.

Top
#38240 - 01/12/16 11:31 AM Re: Spam Advisory from ATT [Re: MacManiac]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I don't know if it's still true, but routers used to come out of the box unlocked because the manufacturers didn't want all the tech support calls that they were not 'plug and play.' I've been known to hop on an unlocked neighbor's network when my old router had 'issues.' As Steve Jobs said to Apple Records, "Sosumi"

Top
#38272 - 01/13/16 03:22 PM Re: Spam Advisory from ATT [Re: slolerner]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
I believe the statute of limitations has passed......

Long ago, when I used to live in San Diego, I had a neighbor who left his Linksys network unlocked at defaults and I would routinely log into his WiFi router to optimize his system unbeknownst to him.....change the default DHCP range, change the network channel he was broadcasting on to minimize his co-channel interference with the other WiFi networks close at hand (and move him away from the channel that I wanted to use.....), etc.

Many years later, I had an opportunity to introduce myself to him and "fessed up" to my actions.....he told me that was the best 802.11b WiFi network he ever saw and regretted having moved on to a later model router for 802.11g as it never performed to his liking (he didn't leave that one at defaults and unencrypted, so I couldn't work my normal magic on it for him.....).
_________________________
Freedom is never free....thank a Service member today.

Top
#38277 - 01/13/16 04:05 PM Re: Spam Advisory from ATT [Re: MacManiac]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Originally Posted By: mac maniac
Name the SSID (page 28) to your desired name (DeniroNet just as an example) and here is where I would make a password that not only contains upper/lower case, numerals and special characters, but also runs out to 14 characters in length.....this is the password that you use for joining your WiFi network using WPA2 personal with PSK and AES encryption (the default shown on page 30). "MySt00p1dDawg!" for example would be a strong WPA2 passphrase....exactly 14 characters without the quotes, using special characters, numerals, and upper/lower case letters yet easily remembered without having to write it down somewhere.

Or turn off the broadcast SSID and go stealth.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#38282 - 01/13/16 10:15 PM Re: Spam Advisory from ATT [Re: slolerner]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
...except, the SSID is easily seen with a scan of the current network traffic on any given channel (with easily available software)....No SSID being broadcast does NOT mean no SSID -- and is not particularly stealthy.
_________________________
Freedom is never free....thank a Service member today.

Top
#38302 - 01/15/16 04:54 AM Re: Spam Advisory from ATT [Re: MacManiac]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: MacManiac
...except, the SSID is easily seen with a scan of the current network traffic on any given channel (with easily available software)....No SSID being broadcast does NOT mean no SSID -- and is not particularly stealthy.

"Security through obscurity" or "client-side security" is only a placebo for real security.
_________________________
I work for the Department of Redundancy Department

Top
Page 2 of 2 < 1 2

Moderator:  alternaut, dianne, MacManiac