Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




21 posts

Geek


# 77368 15-Feb-2011 15:50
Send private message

Hello Smile


I will be moving into a University Residential Hall in about a week and I have been granted permission to have an external ADSL connection.


I have two computers and would prefer to have a wireless network for ease of use. The main problem is that the hall is a former high-rise office building so if I have a wireless network it will be in range of anyone in my floor and for about 1-2 floors above and bellow.


My budget is about $200ish at the moment; I have a TP-LINK TL-SG1008D 8 PORT 1000mb switch & a TP-LINK USB Dongle and a Belkin CAT6 cable. I had a WRT54 but have to leave that for the parents.

My main questions are:


1)
how can I increase/maintain good broadband connection speeds? Would buying an aftermarket modem help?

2) For security I'm not sure if I should stick to a wired network or if I could setup a wireless one safely. I want to be able to have LAN's in with other people in the hall (which would possibly involve online gaming) but at the same time I want to prevent them from downloading things and using up my data cap.

I've read some threads were people have been talking about custom firmwares to regulate their networks. could I just use MAC address filtering to only allow certain computers access to the network or is there a better option?

Would it be possible for someone to hack into my network if it was wireless; I had a look at some modem/router options and it seems that Draytek are good for security? It's just that in such an enclosed space it may draw some attention.... or am I just being paranoid Sealed

 
3) what sort of modem/wireless router setup/combo would you suggest? I was thinking of investing in a Draytek  Vigor 120 and either keeping the network wired  or buying a wireless N router as well. Alternatively I was considering the Draytek 2710ne as it already has wireless built in. I don't really know what I should buy tbh Undecided


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1142 posts

Uber Geek


  # 439867 15-Feb-2011 15:56
Send private message

How much do you understand about computers and the such?

For the paranoid I would get a ADSL modem running in 1/2 bridge mode and pass the PPP stuff to something like the Mikrotik RB750, Run wired on it and for the wireless put a wireless AP on a ethernet port that's isolated, Dont give it internet access and run a PPtP sever on the RB750 so that once you connect over wireless you have to dial in to the PPtP server for net.

The trouble about uni's is that wireless password's will get broken by the CS students before you have time to even boot up your computer, you really need another layer of security running on the top of it, MAC address's can be spoofed aswell




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

2460 posts

Uber Geek


  # 439900 15-Feb-2011 16:58
Send private message

1) Not really. You're stuck with what you get! Plug whatever modem you get straight into the wall (or the filter, if you need one)

2)
If you want it secure, only used wired connections, get a second NIC for your PC and plug that second NIC into the university network. (Make sure you firewall that interface to hell and back and you aren't doing any kind of ICS on that box!)

If you really want wireless, then get a AP that does WPA2, plug it into your switch/ADSL router and enable WPA2-CCMP (Which is AES) and use a longass password. (Something like "ZmRlMmJjNTRhNmVkZTM0NjBjMWM3ZDJmNGVhMjYxMzQyM2M0MjE5NzdmN2E4MjRjNDI3OGRhOGUw" would be long enough. Don't use any dictionary words at all, etc.)

Then use the first (or 2nd) wired NIC to plug into the university network. Under no circumstances plug your switch (while connected to your adsl modem/router/wifi AP) or router into the university network!

Basically, with ICS off and windows firewall turned on (as a "public" network) you'll probably be safe enough if you use a second NIC to connect to the university network. Make sure you're fully patched though and that your default route is out your ADSL connection.

Forget MAC filtering, you can find out and spoof MACs easy as.



 
 
 
 


1554 posts

Uber Geek

Trusted

  # 439916 15-Feb-2011 17:37
Send private message

a CS student isnt gnna break WPA2/AES over night..






21 posts

Geek


  # 439929 15-Feb-2011 18:07
Send private message

I know virtually zilch about networking apart from the odd bit I've picked up from wrestling with LAN networks over the years.

Security wise beyond setting up a "longass" password & putting up MAC & IP filtering; none of my friends were really that savvy with code/hacking (apart from PaulYell) and even then he only hacked a PC once and it took him the whole LAN Sealed


The consensus seems to be that a wireless network will draw CS students like bears to honey. That was the main worry for me. I'm not paranoid about attacks from the internet; more about attacks from within..eeeek

If I used something like ESET (what I use) would they be able to hack into my PC? I'm not to sure how clever they will be as they are first year students... Surely there must something to keep them out of the network altogether? I thought that the Drayteks firewall would be enough. It sounds like  I would need a separate hardware firewall or something Undecided?


TBH I'm more confused now than when I first posted Tongue out I guess I will just have to cower behind my wired network.....

2460 posts

Uber Geek


  # 439930 15-Feb-2011 18:09
Send private message

Don't bother with MAC filtering, it's easy to spoof (since the MACs have to be sent unencrypted)


What's ESET? The drayteks firewall would be where in the network though?

You need to draw up a diagram of what will be plugged into where and how you're going to access the uni network.

1142 posts

Uber Geek


  # 439931 15-Feb-2011 18:10
Send private message

Dont consider any of the standard wireless encryption scheme's secure, Every month it gets easier and easier to break them :)




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

1142 posts

Uber Geek


  # 439932 15-Feb-2011 18:14
Send private message

phant0m: I know virtually zilch about networking apart from the odd bit I've picked up from wrestling with LAN networks over the years.

Security wise beyond setting up a "longass" password & putting up MAC & IP filtering; none of my friends were really that savvy with code/hacking (apart from PaulYell) and even then he only hacked a PC once and it took him the whole LAN Sealed


The consensus seems to be that a wireless network will draw CS students like bears to honey. That was the main worry for me. I'm not paranoid about attacks from the internet; more about attacks from within..eeeek

If I used something like ESET (what I use) would they be able to hack into my PC? I'm not to sure how clever they will be as they are first year students... Surely there must something to keep them out of the network altogether? I thought that the Drayteks firewall would be enough. It sounds like  I would need a separate hardware firewall or something Undecided?


TBH I'm more confused now than when I first posted Tongue out I guess I will just have to cower behind my wired network.....


Didn't mean to confuse :) To be honest perhaps sticking with wired when you can and a stand alone wireless access point, then just turn the wireless on and off when you need it 




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 
 
 
 


192 posts

Master Geek


  # 439936 15-Feb-2011 18:24
Send private message

WPA2-AES is safe at the moment as long as you have a sufficent password/passphrase.  I recommend using a randomly generated maximum length key (63 chars I believe) - there are a bunch or generators online.  Just to reiterate WPA2-AES with a long random key has not and can not be broken by *anyone* at present without an impossible amount of processing power and time.  Don't bother with MAC address filtering or hiding the SSID - these are both virtually pointless assuming someone is trying to break into your connection.



21 posts

Geek


  # 439953 15-Feb-2011 18:55
Send private message

OK so because this is an old office building the entire cable infrastructure is still in place. I've talked to the guy who did the wiring and from what I can understand they left in provisions to allow students to have their own ADSL connection

it is completely separate from the university network and it can not be monitored or filtered by the university.

so it is basically going to be router > modem > ADSL network or wireless modem > ADSL network

Is there is no way to allow only authorized computers onto the network? I guess I will just have to stick with a wired network for now as wireless seems very complicated Tongue out. I may buy the vigor 120 though....

just for your interest this was the wireless modem I was going to get - http://nicegear.co.nz/routers/draytek-vigor-2710ne-adsl2-modemrouter/


[EDIT] eset as in a software firewall, so even if they got onto the network they couldn't get into my PC...

by the sounds of it the best option is to have a very long randomly generated password and to change it regularly.

2460 posts

Uber Geek


  # 439956 15-Feb-2011 18:59
Send private message

Whats the ADSL network or wireless modem ion the middle for?
Why not get a router/modem combo?

You can authorise a computer by giving them your WPA2 key ;)

1142 posts

Uber Geek


  # 439957 15-Feb-2011 19:04
Send private message

phant0m:
[EDIT] eset as in a software firewall, so even if they got onto the network they couldn't get into my PC...

by the sounds of it the best option is to have a very long randomly generated password and to change it regularly.


Thats a good compromise, Keep an eye on your bandwidth usage aswell, any spikes that you cant account for and change the password. It's a good habit to get into :)




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 



21 posts

Geek


  # 439965 15-Feb-2011 19:28
Send private message

If i had a bigger budget would there be something hardware based that could be recommended.

Some way of preventing them access to the modems settings once they were on the network? So even if they could get onto the network they could not access the internet, etc. IE they get through the first wall only to be confronted by...another wall!! :p

2460 posts

Uber Geek


  # 439969 15-Feb-2011 19:31
Send private message

Uh, you can just change the password on the modem (which you should be doing anyway). As long as it's not guessable, they won't be able to login to your modem router and change your settings. This doesn't stop them from accessing the 'net though.

You could try MAC filtering, but there's nothing stopping them from spoofing your mac address (easy to do!) and then getting online via your DSL connection.



21 posts

Geek


  # 439981 15-Feb-2011 19:40
Send private message

and I assume there is no way to stop them spoofing my mac address? I can't quite make heads or tails of this but draytek seems to have IP-MAC BIND - http://new.draytek.com/.upload/pdffiles/c0671fe79c540364c1b068d1d87d485b.pdf I don't know if that would help!

204 posts

Master Geek


  # 440063 16-Feb-2011 02:21
Send private message

l43a2: a CS student isnt gnna break WPA2/AES over night..


+1 and if (s)he does, (s)he's doing the wrong course. :-)




I would love to change the world, but they won't give me the source code

#BOFH

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.