Hello all, I’ve been slightly intimidated about posting here as the community level of router understanding is several notches above mine. I’ve looked at every FAQ on here, read the firmware 7.0 manual,searched high and low in the forums, I’ve spent many hours searching online, and even have a Network+ cert book I consult. I am just lost in certain areas still, and could use a few points in the right direction. I apologize for the length of this post in advance!
Some background: I had a new, garbage Comcast default Cisco router that was compromised. Don’t know the exact date, but a backdoor for it was announced by Homeland Security in mid-December, which is around when things started going wrong. Long story short: DNS hijacking, wireless hacked, entire home network infected, terror, data loss, etc. I captured a USB copy of the kit they/it/he used and I have a pretty good sense of what went down.
Routersecurity.org was my source for purchasing the Surf Soho Mk3. I find myself out of my element as I try to configure a trustable, safe setup. Here is what I’ve done:
The obvious stuff:
Admin pw changed to long and random.
Blocked the LAN ip access to my modem.
Blocked LAN ip in Outbound rules.
I also blocked some ports that I have read I don’t need but are exploited vectors:
I enabled the router’s default defense system (anti-xmas tree etc.).
I made admin console accessible by https, LAN-only on a random port.
I change the router IP frequently (along with blocking rule to match).
Changed DHCP renewal time to 30m and admin session logout times to very low, though it doesn’t assign a random ip across the entire range for some reason (each port gets the same IP each renewal).
Because I was hacked with something like aircrack-ng, I do not need or want WiFi. So AP is off.
I have disabled VOIP and Instant Messaging applications as I won’t be using them on this box.
Now, I have so many questions that I think it would overwhelm anybody reading this. So I’ll pick a few that bug me the most:
As a home user, do I need to be concerned with OSPF on LAN? I read a bunch on this, I don’t think weight balancing is an issue with just me being the user, but what about security?
Why are my event logs so empty? I’d like to have much more logging as portrayed in the SOHO manual, but I don’t quite understand how to make this happen. Where do I point the logging server to? Do I have to create firewall rules for every thing I want to log?
I’ve put the most effort into understanding how I could benefit from VLANs. The premise issimple enough, but all advanced users seem to have some sort of VLAN setup. I have one WAN connection and an untagged LAN. I don’t quite grasp the benefit of VLAN in a security sense.
I am using the router DNS nameserver and router DHCP options, and have DNS forwarding enabled. Is this safe? Are there other services or protocols I should consider disabling or restricting? I’m worried that I am missing something.
Are there any “must do” actions you always config on your home routers that you can share?
Many thanks for reading!