Pages: [1]

Author Topic: Build my LAN  (Read 1096 times)

0 Members and 1 Guest are viewing this topic.

Offline BlackWasp

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -2
    • View Profile
Build my LAN
« on: July 01, 2015, 01:27:36 pm »
Community,

I'm looking at starting a small LAN at my household, and am interested in making it reasonably secure. I've set up a LAN on my own before, but that was back in the mid 90s. This being said, I have a couple ideas as to what to implement and what to research, but I figured I'd ask the group what you guys would do so that I have a little more direction as to where I'm looking. If you feel like playing along, consider the following:

1. The LAN will be running anywhere from 6 - 14 computers at any given time (I can give more details on these specifics as needed).

2. The LAN will be connected via WIFI.

3. All of the computers will be running some distro of Linux, with the exception of the female's Windows 8.1 (yeah I know..).

4. Assume there's a ton of people around me who will be trying to use advanced tools to break into the wifi.

So what would you do? How would you pentest? What kind of hardware would you be looking to use?
Report to moderator   Logged
Momento Mori

Offline BlackWasp

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -2
    • View Profile
Re: Build my LAN
« Reply #1 on: July 03, 2015, 09:52:41 pm »
Quote from: 2460h1 on July 01, 2015, 02:04:07 pm
Mmm You definitely want something decent quality. You'll definitely want something with dual radios. For future-proofing you may want to aim for something that is 802.11ac certified if you can find it. Not sure i would go with something that was Draft-ac as it may end up not being compliant. up to you though.

If you are doing some heavy bandwidth transfers you may even consider getting a second access point.

The main issue is that a wireless device can only speak to another radio one at a time. If you have 14 people all trying to do bandwidth heavy stuff, it will SERIOUSLY degrade the performance. Hence the dual radios/networks

What kind of pen testing? Getting into the Wifi network without creds? In which case on a home router you'll probably be limited to WPA2 with AES - probably the most secure of the available options. Make sure to disable WPS,

After that there is a shitload of other things that can generally make your network more secure. disable DHCP. enable MAC filtering, disable ping responses,change SSID, disable SSID broadcast, disabe remote management, change access user/pass, disable UPnP, change DNS settings to something like OpenDNS, change admin interface port and force HTTPS if possible and it doesn't already... some of it is just security through obscurity but worst case it doesn't stop anyone, best case it does.

If the router supports it, enable client isolation. But that restricts you from having shares. probably don't want that any ways. if you do, you may be able to create VLANs for a similar function as client isolation if the device supports it. not sure how often that appears in SOHO routers though.

but other than that... what sort of pentesting are we talking about? internal devices attacking internal devices? or just people attacking the wireless infrastructure?


Thanks for this really helpful response. As far as pentesting, I'm basially talking about external devices accessing the network and using it.
Report to moderator   Logged
Momento Mori
Pages: [1]