Help with DHCP-Static IP for Network Security

mzadotcom

Distinguished
Jan 29, 2008
52
0
18,640
Hi, all. For the sake of organization and better security, I'd like to assign an IP address to each device in my home network. My setup consists of 2 desktops, 1 laptop, 1 netbook and a Wii which I use to stream Netflix. What's the best [most secure, least problematic] way to do that? I ask, because I've done a good amount of research and there seems to be multiple ways to do it:

- through the router settings vs. manually changing the IP address for each machine/device in Windows...
- turning DHCP off @ the router and going with a static IP...
- keeping DHCP on while settings up MAC address filtering...
- etc.

Any one of the above options stand out as the most safe/best way to do what I want to do? I'm obviously no expert, but am trying to learn more about network security so open to precise, step-by-step instructions.

Before I got deep into research, was going to go with simply changing the IP address in each of my Windows machines [using Windows XP HE, 7 HP and Ultimate, both 64-bit], but now I'm not sure. Read up in several places how doing that is not as secure as doing it straight from the router settings [192.168.0.1]. I use a Rosewill router and wireless adapters, all of which have served my purposes very nicely for a couple of years now.

BTW: read the section here about it [[General Discussion] How-To: Change Your IP Address in Windows] but didn't find what I'm looking for.

Any help will be greatly appreciated. Thanks in advance.
 

mzadotcom

Distinguished
Jan 29, 2008
52
0
18,640



Hi, PhilFrisbie. Thanks for a quick reply. I got swamped with a few things to reply sooner.

Ok, here goes: it's not so much what I think but what I've run across in the myriad of online forums, how-to's and instructions, text and video, on how to best secure your wireless home network. The collective info I've crammed in the ol' noggin is pointing to going with manually assigning IP addresses to my devices vs. having DHCP auto-assign them.

Why do I think it's safer? Well, the obvious reason would be organization. If I know how many IP addresses are assigned to my devices, since I set them up and can keep track of them, I can always watch for an intruder. Some of the other benefits I'm hoping to bring to my setup is for remote access [LogMeIn, TeamViewer], online gaming [Steam], viewing home security cams/etc. when I'm on a trip and, maybe in the future, an FTP and/or game server. All of these functions would benefit from a static IP address. Also, I do computer repair work on the side. Knowing that when I bring a system in for repairs [since it's a home business] that the IP address assigned to said machine does not use the range of addresses I've assigned to my own devices is preferable to me.

Beyond these things mentioned, I do realize that overall, there's really no outward reason that one method [dynamic vs. static] is "better" than the other. As mentioned, I am NO expert but learning as I go.

My main reason for posting is to find out what is the best way to go about doing all this. Router settings vs. in Windows/etc.
 
OK, I prefer to use DHCP and 'lock' certain devices (in the router setup) to a given IP address as needed. Those locked IPs work just fine with port forwarding.

As far as working on other PCs: I have a second router attached to my LAN, and I only connect outside PCs to this so they are isolated form by devices but can still access the Internet for downloads.
 

mzadotcom

Distinguished
Jan 29, 2008
52
0
18,640


So you prefer to work with DHCP on and filter the MAC Addresses. In the research I've done, this route seems to be the least problematic choice since manually changing the IP Address of each device using Windows apparently leads to a user having to do a lot more work for any added devices in the future.

I'm pretty familiar with my Rosewill router settings, but there are areas that I don't know that much about, creating a "DMZ", for example.

Anyways, I've included a few images of the router GUI areas that I believe need to be either enabled and/or changed for what I want to accomplish here. If the options look familiar to you and maybe you can share your settings, that'd be great.

System > LAN:
2wggjyb.png


System > DHCP:
2gvvu5v.png


System > DHCP [continued]:
e0ojsx.png


Wireless > Filter:
2s63nr7.png


Wireless > Client List:
druqc.png


Firewall > MAC Filter:
14nuk9.png


Advanced > UPnP:
9a0htc.png





Was reading about others who've done this, too. So basically you get a 2nd router, hook it up to your modem [my ISP is a cable connection thru Time Warner] and create a 2nd SSID for any outside devices/machines. Sound about right?

Cheers.
 

john-b691

Honorable
Sep 29, 2012
703
1
11,160
? what do you not know how to do. You obviously know how to set the static DHCP now if you want to limit it just key every mac that is allowed into the filter screen.

MAC filtering is a silly thing to do. If you have good security using WPA/WPA2 you don't need it and if you don't I can just set the MAC to anything I please and if I am real ambitious and can kick your machine off and quickly associate with the same mac and steal your open sessions.
 

mzadotcom

Distinguished
Jan 29, 2008
52
0
18,640


Thanks for the reply, john-b691.

I was away there for a bit. Surprised the thread's still open.

Well, as mentioned, I'm no expert when it comes to networking, but just about every piece of info online points to using MAC filtering for better security. Having said that, it obviously does come with the extra work of managing a list of approved devices. That's why I like the idea: control.

As far as expert hackers being able to break into the average home network with the different security options available today with a multitude of techniques, I don't doubt it. But again, we're talking about the average home network here, not NSA HQ, or anything remotely similar. I just want the most secure settings with the devices that I currently have. No more, no less. So, I've always used WP2 with strong alpha/numeric/special characters passwords.

What I was looking for here is a good, solid argument for more experienced users for any/all of the following scenarios:

- changing IP addresses through the router settings
- manually changing the IP address in Windows
- turning DHCP off @ the router and going with a static IP
- keeping DHCP on while settings up MAC address filtering

Also, wanted to, maybe, get some specific help with my brand of router/adapters [Rosewill]. Suffice it to say, I didn't receive what I'm looking for here in the replies.

In the time that's passed since I posted here, I've done more research and it seems the best thing to do is to manually change the IP address for all my devices in Windows. That way I know what's what and can then appropriate/organize the correct MAC addresses @ my router.

Long story short for the next person running into the same problem/having the same questions:

1] manually change the IP address using Windows
2] keep DHCP on
3] enable MAC filtering in your router settings
 

mzadotcom

Distinguished
Jan 29, 2008
52
0
18,640
I can't honestly say I was helped with this one. I took the time to upload pics of my settings, hoping to get some feedback. Got zip, zilch, nada.

In the end, I asked and answered my own question :heink: , so, guess it's going to stay open.