Home Networking

198 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

[email protected]

Access Point Security (alien.top)

submitted 1 year ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Hello,

My home wifi was hacked, my PC bricked and my tablet and phone compromised (targeted phishing pop ups about how my account passwords were being changed, they weren't). So incredibly motivated to keep this from happening again that I am learning networking.

Current setup.

New Xfinity modem (XB7-CM) in bridge mode -> Firewalla gold in routing mode (firewall minipc) -> My new PC. I need to add wifi or an AP to this. I was under the impression that a MAC whitelist was the gold standard for keeping only permitted devices onto a network. Then I read a few minutes ago that it is trivially easy to spoof a MAC address. So what would be the gold standard for wireless security if an AP with MAC address whitelisting isn't it? Or is that false and an AP with white listed MAC's for entry is a gold standard?

My goal for my home network is simple. I want it to take a "moderately sized police agency" to crack my shit again, as in a hardline tap or other tools law enforcement has that the guy with the lunix laptop doesn't have access to.

-Angry Network Newb

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 year ago

So... For starters, far as I can tell, you did click something. You did business with a client, and may have downloaded an attachment from them. It may have been a bill, or something important, but going forward, I would suggest a good anti virus software to scan all documents before you download them, like ESET. ESET also works on mobile platforms too. I say this, with a grain of salt, as I got, business is business. But things can be added where we least expect them, like a PDF for a bill we need to pay...

So the comprimised hardware? Trash it. Don't use it. Don't add it to the network, unlsss you want other problems. Get your own modem. Don't use Xfinity's supplied bridge. They should support the Arris SB8200

For a router/firewall, the Dell Sonic wall is probably overkill for your situation, but the industry standard for a good firewall to protect transactions and credit card information in most resturants for their point of sale. Cheaper is Fortinet. These are enterprise level products though, and with that, comes the frustration of having to know how to program them, similar to Cisco switches.

Any good POE switch will do, and acess points are really dependant on features you need. I find D-Link products to be decent in this area, for reasonable money, just make sure you use encryption, and have a strong password for network access.

Best of luck in your resolution