Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Best security messures when using Wi-fi?

08 Jul 2018   #1
WinningWith7

Windows 7 Ultimate x64
 
 
Best security messures when using Wi-fi?

I now use wi-fi which i never allowed before because of security concerns. I am connected to the router via ethernet but am concerned about the wi-fi router itself being hacked or some security issues arising on the many devices connected to the router like other computers, laptops or mobiles which would then pass onto my device. I use anti-virus, anti-malware and a VPN. I have not allowed remote connections and have disabled file sharing. And i have a 30-key password



Are there any router-based options i should or should not have?



What about any other windows based settings like disabling "admin shares", NTFS sharing etc


What if i was to get a network switch so that any of my devices are "on a different network" or subnet from every other device to act as an additional firewall?


My System SpecsSystem Spec
.
08 Jul 2018   #2
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

Assuming that the "Many devices" are your own or at least known by you - one method is to check and make a note of the MAC addresses of all devices and block access to your router by any device except those in the list that most routers keep of acceptable devices.

This system of MAC Address filtering does need some manual setup, in that for a device to be able to connect to the router it must first be added to the list - this does mean that any new devices that you wish to be able to connect to the router must be manually added to the list, this includes all devices connecting by either Ethernet or WiFi, including things like phones, TVs, Printers as well as computers.

This system is even more secured by actually allocating an IP address to each device based on it MAC (MAC addresses are unique worldwide, with only very few exceptions), this means that you can check your router and should be able to identify each device using the router to a specific network port, (a laptop would have a different MAC and thus IP allocated to it's WiFi and Ethernet connection),

If you also set the address pool to match the number of devices then there are no spare IPs that a snooper could use.

I would also use the basics of ...

Changing the IP address range in use from the default to some other random ranges
Change the routers WiFi Name, (SSID), and password. and set the SSID to not be broadcast (you need to know both the name and password to attach wirelessly)
Change the Admin Name, (if possible), and Password.

I also advise that you use random groups of characters for all the names and passwords you change, (and write these down in a safe place)

Without knowing the details of your actual router I cannot give specifics but the things I am suggesting should all be available even in the ISP supplied routers

The Admin shares $c: etc were all removed with Windows 7 so should not be there

A switch would not give you the break point in the network you are looking for but a small cheap basic router would be a possibility
My System SpecsSystem Spec
08 Jul 2018   #3
samuria

win 8 32 bit
 
 

Most routers have a setting user isolation or similar under wireless settings which means should anyone connect via wireless they can't connect to anything local on the lan
My System SpecsSystem Spec
.

09 Jul 2018   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

MAC address filtering and hiding the SSID is not going to protect you. If a hacker wanted to bust into your WIFI network he'd more than likely use Kali and hiding the SSID or using MAC address filtering won't do jack. It's really a false sense of security. And MAC address filtering was not meant for security at all. AP isolation can help and it's a layer.

Make sure you are using WPA2. Keep your router firmware updated. Better yet, if it supports DD-WRT or if you have an ASUS router there's ASUS Merlin. Do not allow remote administration. Set a different password for router login.

Recently there was a WIFI CVE and it required patches to the devices themselves. Severe WiFi security flaw puts millions of devices at risk

If you use public WIFI like at a hotel, then use a VPN and change the DNS IP address in your network adapter to that of Google's or OpenDNS.
My System SpecsSystem Spec
12 Jul 2018   #5
WinningWith7

Windows 7 Ultimate x64
 
 

Great options and answers there guys, thanks for the help
My System SpecsSystem Spec
13 Jul 2018   #6
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

MAC address filtering will keep out most people; it will not prevent a knowledgeable hacker from getting through. If the person you want to keep out is not very technically inclined, then MAC address filtering will work. For example, when my son was a teenager, I used MAC address filtering at times to keep him off of the internet. It worked with him because he didn't know how to overcome it.

As far as hiding your SSID, a better approach in my opinion is to use a generic, non-descript name for your SSID. For example, I would not use my name as my SSID; but I might use something like "footballfan", because that won't identify me - there are hundreds of football fans everywhere you go. However, if you use your team's name (e.g. "NewYorkJets"), and you have a New York Jets sticker on your car, your neighbors will know that that is your wifi network. Hiding the SSID makes it a hassle if a friend wants to connect to your wifi; however, a non-descript name makes it easy for your friend to connect.
My System SpecsSystem Spec
18 Jul 2018   #7
tidybear12

Windows 7 Home x64
 
 

Hi Winningwith7! On the subject of getting impacted by whatever another device on your network might have been exposed to (virus-wise, etc.), it appears that the safest setting on a network is actually the "Public Network", not "Home." In other words, it's the same you would use if you were in a public place. (I know, it sounds counter-intuitive, but a home network isn't a cozy, safe little thing.) Also disable file sharing etc. in Network and Sharing -> change advanced sharing settings.


Also, use a VPN even at home.


And, my humble opinion as far as MAC addresses - I was grappling with this just last week when setting up a new router. It's true that MAC filtering won't keep out a skilled hacker. But it will keep out the opportunistic one who doesn't know all that much. The truth of the matter is - and this from someone who is always thinking about security issues - why would someone hack into your router in the first place? It can't possibly be for free WiFi which is now ubiquitous. So it would be for identity theft? There is no need for that. All our information is already floating around on the dark web. For a few bucks he can purchase thousands of identities, possibly with credit card numbers. (Recall that consumers info has been stolen multiple times by break ins into Target and other big stores, Social Security, Experian, etc.)

So, the only reason would be for a challenge. If it's that kind of person, he already knows how to deal with MAC addresses and that won't keep him out.

If it's personal and the hacker is someone you know, make sure he can't identify you from your SSID. Believe it or not, there are people on my bloc that I can identify just by their SSID because of cute, but extreme personalization.


And for when a friend comes over and needs to use your WiFi, you can set up a guest IP address in your router, or some routers, anyway. This is in case there is some kind of malware on her device.


F22 Simpilot - quick question: Why change IP of adapter to OpenDNS or Google's?
My System SpecsSystem Spec
18 Jul 2018   #8
F22 Simpilot

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by tidybear12 View Post

F22 Simpilot - quick question: Why change IP of adapter to OpenDNS or Google's?

DNS cache poisoning. I read about that on a website for users that were to attend DEFCON that if they use hotel's public WIFI they shouldn't use the default DNS servers, but rather OpenDNS or Google.
My System SpecsSystem Spec
20 Aug 2018   #9
edassange

W7 Home Premium x86 SP1 Build 7601
 
 

In addition to the above, if your router permits it, disable WPS:
How to Disable WPS In Order to Protect Your Network

And if your router permits it, disable remote access.
My System SpecsSystem Spec
Reply

 Best security messures when using Wi-fi?




Thread Tools




Similar help and support threads
Thread Forum
replacing invalid security id with default security id for file EROR
Hi everyone! I hope you can help me i turned on my computer and this eror appeared it's been over 2 hours already and it's still running.. Do you have any clue what should i do? I want to make i won't lose all my files Thank you so much! http://i.imgur.com/DBvjRpO.jpg
General Discussion
Outlook 2010 - Internet Security Warning - Security Certificate cannot
Outlook 2010 Security warning upon opening Outlook: Initial problem: Work email from home computer stopped sending (had been working fine), though I have no problem receiving email. (Note: Home email account continues to work fine.) Email host Support (Comcast) worked me through finding the right...
Microsoft Office


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:45.
Twitter Facebook Google+