Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
yukekonip2016-10-11 22:41:16
Computer networks
yukekonip, 2016-10-11 22:41:16

How to set up a secure home network?

Hello, there are 3 devices (PC, mobile phone and home server), you need to protect the network from unauthorized access. And provide a secure Internet connection.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
Alexey Cheremisin, 2016-10-11
@leahch

https://habrahabr.ru/post/150179/
In short, set freeradius, and connect an access point to it using the wpa2 algorithm, peap authentication, aes256 encryption. This will be enough for 99.999 cases.

Report
C
CityCat4, 2016-10-12
@CityCat4

Furiously upvote SyavaSyava . Before asking the question "How to build a secure network" - you need to answer the question - "What do I want to protect myself from, what threats are likely for me and how much will it cost me to protect from them." Because if you are going to hit politics and liberalism, then this is one thing, but if it’s just so that neighbors and scriptkiddies don’t get into it, this is a little different.
A secure network requires some knowledge of technology and some effort to build it. Having bought an Asus router, disabled WPS in it and changed the admin password, you can certainly say that "my network is secure" - and it will actually be a little more secure - compared to others.
Access to the Network should be carried out not through an "router-all-in-one", if it is not Mikrotik, but through a device with a full-fledged Linux, where you can install and demolish programs as needed, or through Mikrotik.
An access point should only be an access point and nothing more. DHCP, which is usually included in its kit - disable. Set SSID to an abstract value that does not contain any data about the device model, provider, installation address - SSID is available to everyone! The task of the access point is only to connect the client. The address will be given to him by Mikrotik / Linux, for which you should raise DHCP on it, in which you can register only the necessary poppies - for manual issuance of IP. No auto-dispense pools, just nailed poppies.
Overcome the radius - Great, set up authorization for it. No - WPA2-PSK and a key of at least 16 characters on the full set ([a-zA-Z0-9] and all special characters)

Report
O
Otrivin, 2016-10-11
@Otrivin

1) Filtering by Mac on the router, hidden Wi-Fi network, strong password, disabling wps, lowering the transmitter power, non-standard password for the admin panel
2) encrypted vpn tunnel from the router, using only it as an exit gateway.

Report
I
Ilya bow, 2016-10-12
@8889996

Router with normal firmware.
NAT
64 character password on wpa2-pro with wps disabled. change every week so that even the Chinese do not have time to hack with the help of Tianhe-2.
All! if this is not enough, then the couple will get married)))

Similar questions
H
habrauser2011-04-01 07:53:05
Looking for a Chinese mail service with a web interface 3Reply
P
Pavel Bersenev2011-04-13 08:54:07
Pictures with the principles of the service 1Reply
R
re3ident2015-10-06 13:47:01
What kind of beast is this - Advance web ranking? 1Reply
A
Alexey2011-04-17 14:18:34
FBI not for all? 6Reply
L
leha782015-10-07 08:22:44
Why are there many developers from Ukraine? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question