Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Virgin + Deco M5 wifi security suggestions

zudecke
On our wavelength

on ‎19-07-2021 10:36

Hi guys

I am using the Deco M5 mesh with my Virgin Hub 3 in modem-only mode.

I mya be being paranoid, but I am not confident in the level of security currently afforded by my network. 

What top tips, given my set up could one recommend to optimise security here?

Ideally, Deco would ask me to approve any devices that come onto the network - is this possible at all?

Many thanks 

0 Kudos
5 REPLIES 5

legacy1
Alessandro Volta

on ‎19-07-2021 10:43

You could not use HomePlug - Network Via Mains and have a long password for WiFi.

Then your just left with the internet
---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

g0akc
Problem sorter

on ‎19-07-2021 10:55

I gather whitelisting of devices on the M5 has been requested but it's not yet a feature;

https://community.tp-link.com/us/home/forum/topic/203350

You can blacklist by MAC address

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos

g0akc
Problem sorter
In response to g0akc

on ‎19-07-2021 10:58

Use the highest wireless security mode that all your devices support.

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos

Tudor
Very Insightful Person
Very Insightful Person
In response to g0akc

on ‎19-07-2021 12:51

You can only get better security, other than the ways mentioned, by installing a “proper” router and running a Radius server.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos

Andrew-G
Alessandro Volta

on ‎19-07-2021 13:41

@zudecke I mya be being paranoid, but I am not confident in the level of security currently afforded by my network. 

Well, might be worth reading up on the pros and cons of MAC filtering (device whitelisting) as there's some good arguments that against the sort of attacker who might target your wifi that would be little or no defence on a domestic grade system.  As an attacker also needs to hack your password, if they can do that then I would expect the packet sniffing technology to steal and duplicate a whitelisted MAC address won't be the slightest problem.  Modern wifi is pretty secure aganst casual misuse, against determined attack it is inherently not very secure unless subject to active enterprise grade security controls (and sometimes not even then).

However, if you're still of the opinion that you need more security, and MAC filtering is what you want, then you either need to sell the M5 and buy a mesh system in which you do have confidence, or put the M5 in access point mode and connect with a router that does allow whitelist MAC filtering between the hub and the mesh.  And you maybe looking at a small business router for those sort of controls, or dabbling in third party firmware like Merlin.

All depends on who you're worried about.  GCHQ and their international mates can walk through the security on most systems like it isn't there and there's nothing you can do about that.  Casual bumblers looking for unsecured wifi will move on if there's any password.  The slightly more determined will only look for really old security protocols such as WEP or basic WPA.  So the subset you're able to defend against is somebody who is technically savvy, understands wifi technology, has access to packet sniffing technology, yet can't spoof a MAC address, and is within physical range of your wifi signal.  If they can do that but they can spoof a MAC address then they'll still be able to bypass any MAC filtering.

In all honesty, you could probably improve your wifi security more simply by disabling the 2.4 GHz signal, since the much lower range of 5 GHz reduces the range at which an attacker could connect.  If they're not specifically targeting you, the most rudimentary measures (like WPA2 or 3, and a good strong password) will put them off to go and search easier targets.  If you are being specifically targeted, your only true security is to turn off wifi altogether.

0 Kudos
Top