Menu
Reply
zudecke
  • 21
  • 0
  • 0
On our wavelength
197 Views
Message 1 of 6
Flag for a moderator

Virgin + Deco M5 wifi security suggestions

Hi guys

I am using the Deco M5 mesh with my Virgin Hub 3 in modem-only mode.

I mya be being paranoid, but I am not confident in the level of security currently afforded by my network. 

What top tips, given my set up could one recommend to optimise security here?

Ideally, Deco would ask me to approve any devices that come onto the network - is this possible at all?

Many thanks 

0 Kudos
Reply
legacy1
  • 16.28K
  • 711
  • 1.6K
Alessandro Volta
192 Views
Message 2 of 6
Flag for a moderator

Re: Virgin + Deco M5 wifi security suggestions

You could not use HomePlug - Network Via Mains and have a long password for WiFi.

Then your just left with the internet
---------------------------------------------------------------
0 Kudos
Reply
g0akc
  • 999
  • 92
  • 197
Well-informed
185 Views
Message 3 of 6
Flag for a moderator

Re: Virgin + Deco M5 wifi security suggestions

I gather whitelisting of devices on the M5 has been requested but it's not yet a feature;

https://community.tp-link.com/us/home/forum/topic/203350

You can blacklist by MAC address

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos
Reply
g0akc
  • 999
  • 92
  • 197
Well-informed
179 Views
Message 4 of 6
Flag for a moderator

Re: Virgin + Deco M5 wifi security suggestions

Use the highest wireless security mode that all your devices support.

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos
Reply
Tudor
  • 8.47K
  • 675
  • 1.52K
Very Insightful Person
Very Insightful Person
149 Views
Message 5 of 6
Flag for a moderator

Re: Virgin + Deco M5 wifi security suggestions

You can only get better security, other than the ways mentioned, by installing a “proper” router and running a Radius server.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply
Andrew-G
  • 6.99K
  • 1.22K
  • 3.06K
Very Insightful Person
Very Insightful Person
133 Views
Message 6 of 6
Flag for a moderator

Re: Virgin + Deco M5 wifi security suggestions

@zudecke I mya be being paranoid, but I am not confident in the level of security currently afforded by my network. 

Well, might be worth reading up on the pros and cons of MAC filtering (device whitelisting) as there's some good arguments that against the sort of attacker who might target your wifi that would be little or no defence on a domestic grade system.  As an attacker also needs to hack your password, if they can do that then I would expect the packet sniffing technology to steal and duplicate a whitelisted MAC address won't be the slightest problem.  Modern wifi is pretty secure aganst casual misuse, against determined attack it is inherently not very secure unless subject to active enterprise grade security controls (and sometimes not even then).

However, if you're still of the opinion that you need more security, and MAC filtering is what you want, then you either need to sell the M5 and buy a mesh system in which you do have confidence, or put the M5 in access point mode and connect with a router that does allow whitelist MAC filtering between the hub and the mesh.  And you maybe looking at a small business router for those sort of controls, or dabbling in third party firmware like Merlin.

All depends on who you're worried about.  GCHQ and their international mates can walk through the security on most systems like it isn't there and there's nothing you can do about that.  Casual bumblers looking for unsecured wifi will move on if there's any password.  The slightly more determined will only look for really old security protocols such as WEP or basic WPA.  So the subset you're able to defend against is somebody who is technically savvy, understands wifi technology, has access to packet sniffing technology, yet can't spoof a MAC address, and is within physical range of your wifi signal.  If they can do that but they can spoof a MAC address then they'll still be able to bypass any MAC filtering.

In all honesty, you could probably improve your wifi security more simply by disabling the 2.4 GHz signal, since the much lower range of 5 GHz reduces the range at which an attacker could connect.  If they're not specifically targeting you, the most rudimentary measures (like WPA2 or 3, and a good strong password) will put them off to go and search easier targets.  If you are being specifically targeted, your only true security is to turn off wifi altogether.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply