How To Secure Your Wireless Network Connection

I was watching some program the other day and was surprised to find out that many people never secure their wireless networks. Some don’t know about it, others just ignore it… If you have a wireless network set up at home make sure it’s secured. When you have an unsecured wireless network even people with a basic computer knowledge can connect to your network, use your connection for downloading illegal material and easily see every single things you do on the internet.
Video below is a perefect example of why you should always secure your wireless network connection.
If you’re a regular MakeUseOf reader I am pretty sure you are already aware of it. So my only suggestion to you would be to set your wireless to use WPA instead of WEP encryption. As for the folks who are not really sure if their wireless is secured, read on for a quick how to guide.

Securing Your Router and Wireless Network Connection

Go to ‘Network Connections’ and search for Wireless Networks in range. This should get you all available wireless networks in the area.

Now you should be able to see whether the wireless network you’re “Connected” to is secure or not. If it’s secure, the only thing you need to do is check if it is using WPA or WEP encryption method. Right click on the network, select ‘Properties’ and then Look for ‘Encryption Type’




(Please note simply changing the encryption type from properties won’t work. You will need to access your router and change security settings for the wireless access. So just read on.)
On the other hand if your wireless network is unsecured then here is what you need to do to secure it.
1. Access your wireless router: In most cases you should be able to access your router by simply typing 192.168.0.1 IP address into your browser’s address bar. In case it doesn’t work for you then go to this website. Here you can get both the default IP and default username and password details for your router. You only need to know it’s model.

Port forwarding

This page and What is NAT provide a general explanation of reachability issues, if you just want to fix them, have a look at NAT problem

Contents [hide] 1 Yellow Smileys 2 Ports 3 NAT 3.1 Double router port forwarding 3.2 Mobile/3G/satellite connections

[edit] Yellow Smileys

Smiley faces (Torrent Health icons) provide info on your torrents. The yellow smiley indicates that while your system can initiate connections with other peers (known as local connections, or L in the torrent's Details page, Peers tab, you cannot receive connections initiated from other peers (known as remote connections, or R). This is almost certainly caused by incorrectly forwarded ports from your router or firewall. You can see the L's and R's in the Details tab of your individual torrent. If you see only L's, you probably have a Port Forwarding problem. Green smileys mean that you have both L and R connections to peers and are connected to the tracker. For more information on what every smiley means, click Help > About Health.

There are other possible causes for a yellow smiley. If you see a green smiley or have seen one with the same router/firewall configuration, then port forwarding may not be the culprit. Run the Help > NAT/Firewall test.

Make also sure that you have allowed "Incoming connection" as a peer source in Connection options. Disabling the optios tells Vuze to discard connections attempts from other bittorrent users, and then you would not be reachable any more.

[edit] Ports

When you connect to the internet, there are different channels that data travels by. Computers usually handle this perfectly in the background via ports, identified by numbers. For example, MSN protocol usually uses ports 6891-6900. Please see Select port for Vuze for information on which ports to use. Check out Tantalo , the official IANA port list or Wikipedia to find out more about ports.

Azureus listens to one port for torrents (defined in Connection options) and another for the embedded tracker. Two protocols, TCP and UDP, use the same port, unless specified otherwise. Thus, you need to forward one listening port for Azureus and tick both the TCP and the UDP boxes, or make an extra rule, one for each protocol.

The only time you will notice the ports is when they are closed; no data is transmitted and you get error messages like "NAT Error." This usually happen because of firewalls and routers.

Note: When you initiate the outgoing connection yourself (e.g. with web browsing), the router automatically configures a temporary forwarding for the random port that your web browser uses for that connection. But programs like Vuze, which can also accept incoming connections from others, the router does not automatically know the right port forwarding.

[edit] NAT

NAT stands for Network Address Translation. The network, which includes your router and computer, needs to translate the Internet Protocol address of your router (with its own IP address) to and from the IP address of your computer (with its own IP address). The router directs traffic to different computers connected to it and can be configured to protect you from specified traffic. It can use port forwarding to redirect data packets to a different address. The address known by the outside world (Wider Area Network, or WAN) is the IP address of your router, which redirects packets according to your instructions to your Local Area Network (LAN) address, or the local IP address of your computer.

Vuze has built-in NAT testing logic. When you get the "NAT Error," your modem/router is not set up correctly. This is generally due to your router not forwarding the proper ports. You may read more advice on how to configure port fowarding on the NAT problem page. What is NAT may help too.

[edit] Double router port forwarding

If you have both a smart NATting modem and a NATting router/basestation, or two NAT routers, you may need to configure port forwarding in both of them. You need to set port forwarding at each router all the way from "public internet" upto your PC, always setting the forward to the next device inwards (from smart modem to router, and from router to PC). See an explanation here: http://www.portforward.com/help/doublerouterportforwarding.htm

A clear sign of the need for double router port forwarding is if your router has a private IP address also on its WAN/ADSL/internet side (whatever it is called in router status/config screens). "Private" IP address ranges are 10.x.x.x, 172.x.x.x and 192.168.x.x, and IP addresses inside those areas are different from other addresses, as they can not be reached from outside without port forwarding.

[edit] Mobile/3G/satellite connections

Very often the various mobile internet connections, either through 3G/mobile dongles or satellite dishes, have been limited by the ISPs network architecture to only have private IP addresses.

If your "outermost" device, e.g. the 3G modem, has a private IP address (10.x.x.x, 172.16-31.x.x and 192.168.x.x) in its config/status screens as WAN/internet address, then it has been given by ISP's network and there isn't much you can do. As you have no config access to ISPs routers, you might have to live with the yellow smileys and the NAT problem.

• Note: Vuze NAT test will not find this out, as it will always show the first real public IP address it reaches. In the case of mobile dongles with private addresses, the shown IP address is probably a router somewhere at the ISP.

see Firewalling, NAT, What is NAT

accessing an intranet machines from a single machine service.

The networks are jealous of customers and usually we can only access the machines on your network from within the network itself. What comes to be known as an intranet.

But many of my maintenance tasks require access to multiple machines from a move to the intranet and client do not see a feasible option, nor in line with our times.

One solution I liked most is to ask a customer to access only a single machine with public IP address.

To provide security can be configured so that only they can be accessed from the IP address of your office, and to provide flexibility, which also can be accessed from the IP address of your server in a datacenter. Anyway this whole paragraph you can skip if there is not much problem with safety.

The machine with public IP mole that is linux, more than anything because if it is not because we do not need to keep reading because the rest of the article implied that premise.

What we are going to do is what you see in the picture.



Here I see myself with more hair and beard without wishing to access all services of the machines on the intranet 10.10.10 .* and yet only being able to access the machine with public IP 205,205 .205.205 .

What I need is a name and this is Port Forwarding, and the implementation of this simpler than I’ve seen is made by IP Tables.

It’s going to be faster write commands to be run in order to make this work that all the talk after you have counted.

My machine with public access is the distribution of Gentoo Linux and that the examples are for this distro but should not vary much for other distros.

Install iptables (if not already )

# Emerge iptables 

We tell the kernel that allows ip-forwarding

# Echo 1> / proc/sys/net/ipv4/ip_forward 

Flash whole configuration of iptables that has default

# Iptables-F    # Iptables-t nat-F 

Allow the forward from iptables (eth0 is the public interface )

# Iptables-A FORWARD-i eth0-j ACCEPT    # Iptables-A FORWARD-o eth0-j ACCEPT 

This makes the ips are not rolling to mask the possible bypass roads and security filters for IP

# Iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE 

And here at last the rules of the Port Forwarding

# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 213,306-j DNAT - to-destination 10.10.10.21:3306    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2180-j DNAT - to-destination 10.10.10.21:80    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2280-j DNAT - to-destination 10.10.10.22:80    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2221-j DNAT - to-destination 10.10.10.22:21    # Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2322-j DNAT - to-destination 10.10.10.23:22 

Keep the current iptables configuration so that the rewritten failure to restart

# / Etc / init.d / iptables save 

We service iptables to boot at the start

# Rc-update add default iptables 

I think that also you have to do it

# Vim / etc / sysctl.conf 

Add / uncomment the following lines:

net.ipv4.ip_forward =  1   net.ipv4.conf.default.rp_filter =  1 

And it should work. If I leave my machine in my office and I go to:

$ Mysql-h205  205 . 205 . 205  P- 213,306 

I find the mysql of the machine 10.10.10.21 .

If I go with a browser to:

http :// 205,205 . 205 . 205 : 2280 

I encounter with the Apache of the machine 10.10.10.22 .

Port Forwarding

D-Link Port Forwarding - DIR 615 - DIR-825 - DIR-655 - DIR-628 - DIR-628

D-Link port forwarding, also known as virtual server, allows you to configure inbound Internet connections to your router to be routed to specific devices on the network.  In order for surveillance system cameras to be accessible over the Internet, your router is configured to forward requests to your surveillance DVR (standalone or Geovision) or directly to IP cameras.  The IP address that your router assigns to your DVR or to IP security cameras is a LAN (internal IP address) that can not be accessed from outside of your local network.  Port forwarding is setup to open a hole in your firewass and allow access.

These instructions are for more recent D-Link routers such as the following: DIR-615, DIR-825, DIR-655, DIR-628.  If you are looking for older model D-Link instruictions, please click here: D-Link Port Forwarding Setup.
bookmark this page for future reference

1. Open your D-Link router's control panel by going to the IP address http://192.168.0.1/ in a web browser. You will be prompt for a password.  If you did not setup a password on your router, the dlink default password is usually blank.  Enter admin for the username and leave the password blank or enter your password.
2. After you are logged into your router
1. click on the "Advanced" tab (#1 below).  The virtual server screen will open.
   
   
2. Click the check box next to the first open virtual server entry and fill in the Name for this service.  This can be anything that you choose.  Also fill in the IP address of the device that you are setting up port forwarding for.
3. Enter the port # for both the Pivate Port and Public Port.  Ports 80, 4550, and 5550 are the ports that need to be forwarded for Geovision webcamserver to work.  You need to make an entry for each port.  Most of our stand alone DVRs only use one port which should be supplied on the instructions for the particular DVR you are installing.
4. Select "TCP" for Protocol.
5. Seelct "Always" for Schedule, and "Allow All" for Inbound Filter.
6. Click Save Settings.
3. On success, the screen will display a settings saved screen

The port forwarding entry is now added.  If you need to add additional port forwrding rules, repeat the above steps.

---

What is my Geovision computer's IP

1. If you do not know what the IP address is of your computer, in Windows press the start button then select Run.
2. In the Open field of the Run window type cmd, then press OK.  A command screen will open.
3. On the command line type ipconfig
4. The results should look similar to below.
   
   

bookmark this page for future reference