February 19, 2006

Ten Things that You Can Do to Secure Your LinkSys Router

1. Change the router password.
2. Update the Linksys router firmware.
3. When using DHCP reduce the number of addresses.
4. Turn off services and pass throughs that you don't use.
5. Turn off SNMP on Linksys
6. Turn off wireless if you are not using it
7. If you are using wireless, change your SSID to some word that you and your family know.
8. If you are using wireless, use wireless security.
9. On your PC be sure to use an E-Mail scanner.
10. If you are going to be away from home for more than a few days turn off your cable modem.

#1 - No one should be using "admin" as their Linksys router password! Make sure you change it. A good practice is to write the new password on a sticky note or a label and attach it to the bottom of the Linksys device. Security purists would probably say this is a horrible idea but if a hacker is looking at your router they're in already. This way it is there if you ever forget it.

#2 - Check the Linksys website to make sure that the firmware that you are using is the latest. Many very common problems can be resolved just by updating the firmware.

#3 - By default Linksys sets the number of connections allowed on many of their devices to 50. That's usually at least 45 too many. Count the total number of devices that you own that can use the Internet connection and add either 1 or 2 to that number and use it to set the maximum connections. You want to always add one or two to let the Linksys router a little time to recycle a recently used address.

#4 - If you don't think you are using it; turn it off. Case in point would be multicast. Most folks out there shouldn't use multicast over the Internet. Turn it off.

#5 - Make sure that SNMP (Simple Network Management Protocol) is turned off.

#6 - If your Linksys router is equipped with wireless and you are not using it; turn it off.

#7 - Change your SSID. This is the "passphrase" that devices that attach to your wireless have to use. You don't want someone who can intercept your signals to be able to figure out where they are coming from based on the SSID. Don't use your family name or your street address.

#8 - If you are using wireless; use wireless security. Even though WEP can be cracked (data can be captured, analyzed, and de-coded) it is still hard enough to do that most attackers will move on to an easier target. And there is no shortage of easier targets.

#9 - Electronic mail (e-mail) has to be able to get through your Linksys device and to your computer. Make sure that you use some e-mail scanner to make sure that the e-mail messages you receive don't have viruses and worms embedded or attached. My favorite is PC-cillin from Trend Micro.

#10 - You can be sure that your home is safe from the threats of the Internet if you are not connected. If you are going to be away for a day or too use the "standby" button on your cable modem or just turn it off.

February 11, 2006

Good article on getting started with SSH

Great article with notes and references on getting started with SSH by Kimmo Suominen. He's writing for people that using Linux but explains some of the technology behind SSH making it easier to understand. For more information about SSH see the FAQ. He also covers SCP for file transfers (and mentions my favorite WinSCP)