Set up simple network and ensure security

[balm]

after changing the router default internal ip, and setting up static ips on both computers and thinking no one could "find" any of these internal ips, i discovered many sites which did indeed reveal my computers ips. i suspect the routers internal ip can be seen also, but so far it didnt show up.

1. is the above typical, apparently the sites use Java/ Java scripts to reveal the internal ip, although when i disabled specific Java settings in the browser, it still revealed the ips (if the browser internet security is set to custom high, instead of default med/high then the ips dont show, but then obviously many other items wont show on the sites)?

2. also does this mean anyones internal ip can be found from anyone elses location using similar such methods/sites?

thanks

 

[wilywombat]

Which sites have you been to that have shown your internal ips?

 

[balm]

i think it doesnt really matter, since only i see the addresses (i think !) but still...!!

look here:

What Is My IP Address Location? Find IP Address Search, IP Locator, IP Lookup

here:

http://www.find-ip-address.org/router-ip-address.php

and here:

Anonymous Surfing

discussion here:


Internal IP adress

 

[wilywombat]

The reason it can report your ip address is because you allow javascript to run as a matter of course. The site calls a javascript when you load it that reports the ip address back. If you use firefox, go to "tools", "options" and select the content tab. On the screen de-select the "enable Javascript" check box. Then reload the page again and you will find that it cannot report your internal address.

The fact that they are able does not mean any great danger as long as you keep all your protection up to date and DO NOT go on the internet without your firewall running. Best in my opinion is to run with the router hardware firewall and Comodo software firewall on.

You're definitely getting there Balm!!!

 

[balm]

The "auditmypc" site is distinct, in that it continues to run the internal ip even with Active Scripting, Scripting of Java Applets, and ActiveX options disabled, i also deleted cookies/history/tmps, and disabled all Activex, Java web add-ons, so i would assume its some other item(s) or combination thereof running....but i understand there is no security risk anyway.

I went thru the customize security settings in the "internet zone" one by one to see which one is causing it, but was unable to determine the cause...

 

[balm]

1. i understand it is best to close the wireless internet connection when not in use, what is the best/easiest way to close the wireless connection, for example at the router/modem (combo), at the ethernet desktop, or at the wirelss laptop...?


2. also, can the ethernet cabled leg of the network be used as a "more secure connection" than the wireless leg (to laptop) in terms of web activities. In other words is the ethernet cabled computer web activity broadcast over to or "seen" by the wireless connected laptop, i assume it is?



the reason i ask is i was thinking its safer doing the internet banking on the ethernet computer (even though its SSL)....

 

[wilywombat]

1. You do not need to close your wireless connection when not in use as long as you use WPA2 security and use a long password consisting of a mix of Upper and Lower case letters, numbers and symbols such as ? or ! as this will provide a virtually uncrackable system unless the hacker has access to a supercomputer and hundreds of years to waste!!. The recommendation is to DEFINITELY use WPA2 security.
2. Again, if you use WPA2, your wireless network will be as secure as your LAN connection. Bear in mind that any activity by you is more likely to attract a problem from malware, trojans etc. Your ethernet cabled computer web activity is not seen by the wireless connection, only the reduction in available bandwidth ie. a slowing down of the connection when the ethernet computer is downloading say a film or music.

Again, as long as you use WPA2 security on your network, it is OK to use your laptop for internet banking as long as you ensure that you are connected to a website using "HTTPS" and NOT "HTTP".

 

[balm]

thank you sir, you are most helpful,

you seem to think that https is sufficient protection for the average home internet banking user, what concerns me is the issue of banking username & passwords information....

1. so assuming this information is entered right from the banks "https" sign-in page, there is virtually no risk an attacker (assuming he has already "gained access" to your computer) can intercept the password...in other words he cannot see the information being typed in on the https page?


2. if https encryption is so good, could this be implemented on a wireless network instead of WPA2?

3. heres interesting pdf re. ARP attacks, home consumer....albeit there is still the issue of cracking WPA2 and STRONG password!

http://digilander.libero.it/SNHYPER/files/arppoison.pdf

 

[wilywombat]

1. If an attacker has already gained access to your computer then you are stuffed and you can no longer trust the computer with any personal details until you regain full control of your computer. You would need to IMMEDIATELY inform your banks, creditcard agencies and any other secure organisations you use, that you suspect/know that your security has been breached and reset all your passwords including your email accounts. On the other hand, if you have not had any security breach, then it is normally OK to use HTTPS sign in pages with confidence. Usually the breaches in bank detail security is achieved by duping the computer driver that they should give details of their login on a false bank login page which can be very realistic looking. You are normally duped into this by an email asking you to confirm your details. This is known as "phishing" and this type of attack is quite common so always beware of any emails supposedly coming from your bank especially thase that ask you to login to confirm your detials.

2. HTTPS is a secure way of passing details over the internet via web pages and all communications between you and the owner of the https address is encrypted so that nobody can eavesdrop on the information. WPA2 is an encryption method for communication between wireless network components such as computer and router. So they are both encryption methods but used for different purposes.

3. To successfully carry out this type of attack requires the attacker to have already breached your security and have access to your network either wired of wireless so make sure you setup WPA2!!

Make sure you keep your firewall software, antivirus and anti-malware programs regularly updated, scan you system once a week (or as soon as you suspect an attack) and you should be fine.

 

[balm]

thanks wiley, yes i understand the importance of WPA2...

i got on to https when reading up on the extreme measures some forum members are using to do their online banking, including using linux boot disks, security certificates, and password programs....ill have to look more into it...thanks again for your advice.

 

[balm]

1. if i set up files sharing in my hybrid network, while on the router/modem, is there any communication between the 2 computers (wirelss laptop & ethernet cabled desktop) over the internet. In other words is communication (file sharing) between computers completely independant of the internet, thus no more security risk involved than if the modem was not connected at all...?

2. i read up a little on "client for MS networks", "file & printer sharing", and "netbios over TCP", is my understanding correct that ALL of these must be enabled in order to use windows 7 file shariing, and if so do any of these share anything with the internet?

i read info here http://www.grc.com/su-fixit.htm and here http://www.grc.com/su-bondage.htm, but it becomes somewhat confusing...as im unsure what "should/could" be disabled if unecessary while still allowing file sharing...also the info appears somewhat outdated.

thank you

 

[wilywombat]

Hi Balm,

1 No, there is no comms via the internet if you set up your homegroup properly.

2 Let windows 7 take care of what it needs! What you are doing, is to read up a lot on things that are possible, but if your firewall and security are setup properly, then there is little chance of happening.

Tip...When you read these articles, always read then from the perspective of the article writer... in your particular instance, the article is the attempt by the writer to peruade you to buy his product "Shields Up" so really he is trying to scare you into purchase anyway he can(In My Opinion).

Not everyone on the internet is trying to get you..just some guys try to take advantage! Make sure you look after your network setup, antivirus and anti-malware and you will be at the same risk level as most of us!!

 

[balm]

thanks Wiley, im just trying to understand the file sharing innerworkings concept.


1. as i understand it, files sharing can also be done without homegroup, but then its less conveniant, and can be less secure, is this the difference?

 

[wilywombat]

That depends on where you are sharing the files between. If they are both behind your firewall and you use homegroup, its easy(recommended) anything else such as sharing files between the outside world and your machine behind a firewall does increase the security risk proportionate to where exactly the outside machine is (I'm thinking Bit torrent and other file sharing programs here).

 

[balm]

thanks wiley,

since you appear to question Gibsons motives, i would then ask you if you think the shields up port scan "all services" is reliable in terms of confirming whether or not my network is indeed "stealthed"...

thank you again!

 

[Golden]

ShieldsUp is free, it doesn't cost anything, you don't have to pay for anything. Any recommendations for closing ports, or making them stealth does not require any other software, free or purchased.

There is no alterior motive behind ShieldsUp - its one of the best network security testing tools around, and it has been for some time..

 

[balm]

thank you golden,

i think maybe Wiley actually meant to refer to the other products ("Spin Rite" for example) which he is trying to sell (this is why i didnt correct him re. "shields up"),...

...i understand his point, raising awareness about vulnerabilities brings attention to his other products, but i get that thats very normal!

 

[Golden]

No worries

 

[balm]

wiley, to summarize current config:

NAT wireless modem/router:
-changed default admin password
-changed default SSID
-disabled SSID broadcast
-enabled MAC address filter with wireless address only
-enabled WPA2-AES encryption w. 64 characters
-disabled DHCP (assigned static ips on devices)
-changed default internal IP
-firewall allowed outbound https, http, pop3, imap, smtp, DNS, "all other protocols", block all inbound, enabled stealth, block ping, enable all boxes on "attack detection"

i am not currently doing file sharing, so on the devices:

-Client for MS networks is enabled
-File & Printer sharing for MS Networks is DISABLED
-IPV 6 is enabled
-IPV 4 is enabled
-Entered static IPs under IPV 4 general, and preferred server DNS
-Left IP settings tab as is - with automatic metric enabled
-Left DNS tab as is
-WINS tab left LMHosts lookup enabled, changed default NETBIOS setting to enable NETBIOS over TCP/IP
-in folder options, view, left "Use sharing wizard (recommended)" enabled
-Enabled windows firewall, block all incoming except default rules, allow outbound except rules otherwise (need to work on this more...)


sounds good, correct?

im not too sure about the routers firewall outbound allowing "all other protocols", when i disabled it i lost my emails send - can the email be using some other protocols, other than smtp?

thanks