Answer the question
In order to leave comments, you need to log in
How to set up a secure home network?
Hello, there are 3 devices (PC, mobile phone and home server), you need to protect the network from unauthorized access. And provide a secure Internet connection.
Answer the question
In order to leave comments, you need to log in
https://habrahabr.ru/post/150179/
In short, set freeradius, and connect an access point to it using the wpa2 algorithm, peap authentication, aes256 encryption. This will be enough for 99.999 cases.
Furiously upvote SyavaSyava . Before asking the question "How to build a secure network" - you need to answer the question - "What do I want to protect myself from, what threats are likely for me and how much will it cost me to protect from them." Because if you are going to hit politics and liberalism, then this is one thing, but if it’s just so that neighbors and scriptkiddies don’t get into it, this is a little different.
A secure network requires some knowledge of technology and some effort to build it. Having bought an Asus router, disabled WPS in it and changed the admin password, you can certainly say that "my network is secure" - and it will actually be a little more secure - compared to others.
Access to the Network should be carried out not through an "router-all-in-one", if it is not Mikrotik, but through a device with a full-fledged Linux, where you can install and demolish programs as needed, or through Mikrotik.
An access point should only be an access point and nothing more. DHCP, which is usually included in its kit - disable. Set SSID to an abstract value that does not contain any data about the device model, provider, installation address - SSID is available to everyone! The task of the access point is only to connect the client. The address will be given to him by Mikrotik / Linux, for which you should raise DHCP on it, in which you can register only the necessary poppies - for manual issuance of IP. No auto-dispense pools, just nailed poppies.
Overcome the radius - Great, set up authorization for it. No - WPA2-PSK and a key of at least 16 characters on the full set ([a-zA-Z0-9] and all special characters)
1) Filtering by Mac on the router, hidden Wi-Fi network, strong password, disabling wps, lowering the transmitter power, non-standard password for the admin panel
2) encrypted vpn tunnel from the router, using only it as an exit gateway.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question