Hello,
My home wifi was hacked, my PC bricked and my tablet and phone compromised (targeted phishing pop ups about how my account passwords were being changed, they weren’t). So incredibly motivated to keep this from happening again that I am learning networking.
Current setup.
New Xfinity modem (XB7-CM) in bridge mode -> Firewalla gold in routing mode (firewall minipc) -> My new PC. I need to add wifi or an AP to this. I was under the impression that a MAC whitelist was the gold standard for keeping only permitted devices onto a network. Then I read a few minutes ago that it is trivially easy to spoof a MAC address. So what would be the gold standard for wireless security if an AP with MAC address whitelisting isn’t it? Or is that false and an AP with white listed MAC’s for entry is a gold standard?
My goal for my home network is simple. I want it to take a “moderately sized police agency” to crack my shit again, as in a hardline tap or other tools law enforcement has that the guy with the lunix laptop doesn’t have access to.
-Angry Network Newb
So… For starters, far as I can tell, you did click something. You did business with a client, and may have downloaded an attachment from them. It may have been a bill, or something important, but going forward, I would suggest a good anti virus software to scan all documents before you download them, like ESET. ESET also works on mobile platforms too. I say this, with a grain of salt, as I got, business is business. But things can be added where we least expect them, like a PDF for a bill we need to pay…
So the comprimised hardware? Trash it. Don’t use it. Don’t add it to the network, unlsss you want other problems. Get your own modem. Don’t use Xfinity’s supplied bridge. They should support the Arris SB8200
For a router/firewall, the Dell Sonic wall is probably overkill for your situation, but the industry standard for a good firewall to protect transactions and credit card information in most resturants for their point of sale. Cheaper is Fortinet. These are enterprise level products though, and with that, comes the frustration of having to know how to program them, similar to Cisco switches.
Any good POE switch will do, and acess points are really dependant on features you need. I find D-Link products to be decent in this area, for reasonable money, just make sure you use encryption, and have a strong password for network access.
Best of luck in your resolution