Today, the market is flooded with thousands of variants of home / small office routers and wi-fi devices. These devices again come with multiple settings that need to be taken care of while setting up for the first time. Doing this can be intimidating and time consuming. However at the same time it is important to understand the security features these gateways / routers offer so we can ourselves configure them or ask our ISP / IT support person to do the same which require minimum understanding and effort. Lets take a look at two simple ways:
1. Static IP assignment via Routers
Many firewall rules need static IP assignment to computers and mobile devices for defining the traffic movement as a first step. Most routers today have the option of "reserve IP" which link the IP address and the MAC addresses. So every time the IP assignment happens dynamically via DHCP but the client gets the same IP based upon its MAC address. Of-course the user should not have the administrator rights to computer else he would be able to set the IP manually and by-pass the firewall rules.
2. Firewall Settings for Email Only Access
As the name suggest 'A Firewall' is something that acts as a filter/barrier for unauthorized access to the network connected to the 'other' side of the router. Lets take a small office network where there are 10 PCs connected out of which 6 of them are mostly used to check emails and using documentation work and other 4 are used for browsing, cloud sync etc. These 6 PCs can be secured easily by allowing only email client (IMAP/POP) ports through the firewall. In case you are using Gmail IMAP (most popular) these are 465 and 993. Of-course each of these PCs will need a static IP for the rules to work as discussed above. DNS port 53 also needs to be open for domain name resolution.
This simple setting will allow only email access via IMAP clients to the 6 PCs and disallow any other type of internet access.
This simple setting will allow only email access via IMAP clients to the 6 PCs and disallow any other type of internet access.
For professional and consulting services in cyber-security and other technology domains, the author can be contacted at akbar at octavesbm dot in