but those were useful features!

[cellio]

A very helpful (yes, really!) technician at Verizon diagnosed our network problems as a flaky router, so he sent us a new one and we swapped it in today. The old router had two features that I found useful: I could name devices on the network, and the "my network" list showed me everything that had connected since the last router restart, not just the currently-connected devices. These, particularly in combination, were useful for monitoring my network. (Why yes, since I can be punished for anything done from my IP address even if I didn't do or authorize it, and since no security that is still usable is perfect, I do care.)

The new router lacks both of these features; it shows currently-connected devices by MAC address (and IP address), but short of my maintaining the name-MAC mappings externally, that's of limited utility. And it doesn't tell me if a neighbor found his way onto my network while I wasn't watching. Now my neighbors seem like decent folks, and in a different legal environment I'd rather be the sort of person who shares my spare bandwidth with anybody who needs it, but that's not the point.

Oh well. I guess I am now relying more strongly on decent neighbors and passwords, as I haven't found anything like router logs that tell me this stuff.

I know that some of my readers are pretty security-conscious. How do you handle this?

Comments

[miz-hatbox.livejournal.com]

Passwords and not sharing our network connectivity with people we don't know super-well.

[goldsquare.livejournal.com]

We have a Sonicwall firewall, and review the logs on a regular basis. It also provides excellent wireless connectivity for us.

[brokengoose.livejournal.com]

WPA2 is an essential minimum. WEP can be cracked in minutes.

Once you've done that, I'm a big fan of ridiculously long passwords. This site (https://www.grc.com/passwords.htm) is a decent place to start.

Reason: every wireless device that we have saves the password. So, you only have to enter it once. Yes, you have to write it down and you need to pay attention to ambiguous characters (zero versus capital-o, 1 versus lowercase L, etc.), but it's not going to be showing up in anybody's rainbow tables (http://www.renderlab.net/projects/WPA-tables/).

A lot of routers, even cheapie models where you wouldn't expect it, can be configured to use SNMP and/or syslog. If you have a computer in your house that's usually on, you can probably find a syslog implementation for it.

Logs are fantastic, but so long as your network isn't named Linksys, Netgear, or default and you have a good password, the bored crackers will find an easier target elsewhere.

[yuggazogy.livejournal.com]

Replace the router with one you own that has the features you want; only the modem portion from the ISP is needed. Chances are Verizon sent you a combo modem/router unit, so you essentially would have to disable wireless and DHCP functionality on their combo unit's router settings to use your own.

[dsrtao]

Wide open wireless network, connected with a not off-the-shelf firewall to the hardened machines within.