I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else. So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.
DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.
I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.
The experts cited in the article have a few recommendations, which I will repeat and elaborate on. Read more
My mother in law didn’t have wifi set up, but she picked up a smart TV this year, so she asked me if I could help her with it. So I picked up a D-Link DIR-615 on sale, brought it with me and set up wi-fi securely (hints: set the SSID to whatever time it happens to be, disable WPS, disable WEP and WPA, and use WPA2 with a long password with some numbers and symbols in it) and once it seemed to be working right, I put her TV and laptop on it. Then, as other relatives trickled in, they asked me for the wireless key. Soon the air was full of Androids and Apples chattering away on wireless.
She said she never realized how often we use our smartphones and tablets. Any time a question came up, someone whipped out a device and looked up the answer.It was nice, and it was a cheap project. Grab a name-brand wireless router on sale, grab a couple of extra CAT5e cables from Monoprice just in case, and you can be a hero for about the cost of dinner for two at any restaurant with sit-down table service. Maybe less.
While you’re ordering stuff from Monoprice, it probably wouldn’t hurt to pick up a small assortment of cheap USB and HDMI cables too, just in case anyone gave an electronic gadget to someone else and didn’t realize gadgets are more likely to come with batteries than with cables these days.
I’m a security professional by trade, with two certifications. I’m not responsible for defending your computer networks, but I want your networks to be secure. There’s a really simple reason for that. If your computer and your network is secure, then it isn’t attacking mine. Or anyone else’s.
Several fellow subscribers to a train-related interest group that I like got hacked recently, and have been sending out spam messages. They’ve received a lot of advice in the hours since. Some of it has been good, and some not as good. So I tried to think of some things that people could do in about 30 minutes to keep the crooks at bay.
Incidentally, the computer crooks won’t be going away. Computer crime happens because the criminals can make more money doing that than doing something legal. The only way to make it stop is to make it too hard, so that getting a real job becomes more profitable. You won’t solve that problem in 30 minutes, but if we all take that single step down that road, we’ll make the world that much safer. So, with that, let’s roll up our sleeves. Read more
A reader who will remain anonymous (he can out himself if he wishes) sent me an interesting observation. He was in his doctor’s office last week, and out of curiosity, he ran a wifi scanner on his phone just to see what networks were available and how they were secured.
What he saw wasn’t pretty. Especially considering he was in a building full of doctors, lawyers, and financial advisors. Read more
The so-called wi-fi golden era is over, and apparently being glad about it makes me an absolutist.
But John C. Dvorak is wrong. This isn’t about making people pay for Internet access. It’s pure security. Toilets and drinking fountains are free because the majority of people don’t abuse them. The Internet can’t be wide open and free like a public restroom because when it was totally wide open and free in the 1990s, too many people abused it. Read more
If the vulnerability in WPS that I linked and talked about this week wasn’t bad enough, some of the commenters at the always excellent Hackaday found something terrible.
Many vendors use a predictable number as the WPS PIN, and don’t even bother to make it unique on a router-by-router basis. So much for it taking a couple of hours to get into a network. Since some vendors set the PIN to something like 123456789 or 123456780 (how clever), the vulnerability may not even be necessary to get in. Just try some of the known numbers, and chances are you can be on somebody’s network in a matter of minutes.
I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.
If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.
For the first time ever, I actually have a wireless router that can cover my whole house. I’ve been interested in wireless security for a long time, but haven’t actually had to do much with it because I wasn’t running any wireless networks at home.
I spent a few minutes securing my network after I got it up and running. I talked at rather long length about that in the past, but on a really practical level, here’s what I did in a mere 10 minutes that will make a big difference.