![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
but those were useful features!
A very helpful (yes, really!) technician at Verizon diagnosed our network problems as a flaky router, so he sent us a new one and we swapped it in today. The old router had two features that I found useful: I could name devices on the network, and the "my network" list showed me everything that had connected since the last router restart, not just the currently-connected devices. These, particularly in combination, were useful for monitoring my network. (Why yes, since I can be punished for anything done from my IP address even if I didn't do or authorize it, and since no security that is still usable is perfect, I do care.)
The new router lacks both of these features; it shows currently-connected devices by MAC address (and IP address), but short of my maintaining the name-MAC mappings externally, that's of limited utility. And it doesn't tell me if a neighbor found his way onto my network while I wasn't watching. Now my neighbors seem like decent folks, and in a different legal environment I'd rather be the sort of person who shares my spare bandwidth with anybody who needs it, but that's not the point.
Oh well. I guess I am now relying more strongly on decent neighbors and passwords, as I haven't found anything like router logs that tell me this stuff.
I know that some of my readers are pretty security-conscious. How do you handle this?
The new router lacks both of these features; it shows currently-connected devices by MAC address (and IP address), but short of my maintaining the name-MAC mappings externally, that's of limited utility. And it doesn't tell me if a neighbor found his way onto my network while I wasn't watching. Now my neighbors seem like decent folks, and in a different legal environment I'd rather be the sort of person who shares my spare bandwidth with anybody who needs it, but that's not the point.
Oh well. I guess I am now relying more strongly on decent neighbors and passwords, as I haven't found anything like router logs that tell me this stuff.
I know that some of my readers are pretty security-conscious. How do you handle this?
no subject
Once you've done that, I'm a big fan of ridiculously long passwords. This site (https://www.grc.com/passwords.htm) is a decent place to start.
Reason: every wireless device that we have saves the password. So, you only have to enter it once. Yes, you have to write it down and you need to pay attention to ambiguous characters (zero versus capital-o, 1 versus lowercase L, etc.), but it's not going to be showing up in anybody's rainbow tables (http://www.renderlab.net/projects/WPA-tables/).
A lot of routers, even cheapie models where you wouldn't expect it, can be configured to use SNMP and/or syslog. If you have a computer in your house that's usually on, you can probably find a syslog implementation for it.
Logs are fantastic, but so long as your network isn't named Linksys, Netgear, or default and you have a good password, the bored crackers will find an easier target elsewhere.
no subject
I also don't use DHCP and bind my router to the MAC addresses, then the devices to particular internal IP addresses. On a subnet that is not a standard one. Really, when (example IP range) are you going to go to 1.1.1.[17-32]?
Roku
I've tried restricting by MAC address in the past and it was a big pain -- aided, I'm sure, by my difficulty in reading the things on some devices. But that might be worth looking at again; we don't get guests who need our wireless that often. (These days most people carry internet access in their pockets, after all.)
no subject
no subject
That's a good point about only having to enter the passwords once per device. Even on the terrible Roku interface (
Do you happen to have a recommended syslog application for OS X? (Asking only because I know you're a Mac user; if not that's what Google is for.)
no subject
http://meinit.nl/enable-apple-mac-os-x-machine-syslog-server