Change it to Manual, then fill in
the details required. If you want to
override your router’s DNS address,
you can do so here too before
clicking Save. We’d recommend you
allocate manual IP addresses to all
your devices before finally disabling
the DHCP Server (Synology users
will find this under ‘Network Center
> Local Network > General tab’,
for example).
CLOSE OFF WPS
There’s one gaping security hole
still to close, and that’s WPS (Wi-Fi
Protected Setup). WPS is designed
to simplify adding compatible
devices to your network—you either
set up a PIN or press a button
that puts your router into WPS
scanning mode. When you press
the corresponding button on your
device, it is automatically connected
to your Wi-Fi network, no further
questions asked.
While WPS is a useful timesaver,
you shouldn’t get into the habit of
leaving it on as anyone with the
PIN number or access to the WPS
button on the router could use it to
surreptitiously connect a device.
Here, you could consider looking for
the settings to disable both options
when it’s not in use. Look under
‘Advanced > Wireless > WPS’
on an Archer router, or open Wi-Fi
Connect and navigate to ‘Wireless
> WPS tab’ on a Synology model,
for example.
CHECK YOUR PORTS
Now your network is closed off
to potential physical incursions,
it’s time to examine how to
protect yourself from attacks
originating online. Disabling remote
administration and changing your
router’s management passwords
are good first steps, but let’s go a
little further than that.
To communicate with other
network devices, as well as access
services over the internet, your
DIAL HOME SECURELY
Have you ever been on the
road and needed to access
your home network in some
way, such as copying files
to or from a shared folder,
or sending something to
your home printer for when
you return? If you use a
VPN server, you can add
this functionality securely
without leaving your
network open to attack.
VPN servers require
existing hardware set up
inside your home network.
This might be on your
SOHO router (VPN Plus
is part of Synology’s SRM
software), or you could add
it to your server: PiVPN
(https://pivpn.io/) works
with a spare Raspberry Pi,
for example, or you’ll find
support in higher-end NAS
drives from the likes of
QNAP and Synology.
You can even create
a VPN server on your
Windows PC, although
you’d need to leave it
switched on and connected
while you were away
to gain access—see
Helpdesk Geek (https://
helpdeskgeek.com/
windows-10/how-to-set-
up-the-windows-10-built-
in-vpn-service/) for a
handy guide.
When connecting
through a third-party VPN
service, we recommend
using the L2TP/IPSec
protocol for compatibility
purposes, making sure you
enable the ‘Pre-shared
key’ option to force users
to provide additional
authentication before
connecting.
You’ll need to configure
your laptop to access the
VPN server when you’re
out and about. In Windows
11, navigate to ‘Settings >
Network & internet > VPN’
and click ‘Add VPN’. Select
‘Windows (built-in)’ for VPN
provider, then give your
connection a descriptive
name, and fill in the details
required: server name or
address, which is basically
your public IP address
(see http://www.whatsmyip.
com) or domain or dynamic
hostname if you’ve set one
up, pre-shared key, plus
username and password
(see the Permission tab on
VPN Plus Server on your
Synology). And that’s it,
you’ll be able to connect to
your local network when
away from home.
Synology offers a range of VPN server options
router is obliged to open ports to
allow traffic to move freely from
one place to another. Ports make it
easy for traffic to reach its correct
destination and some are well-
known, such as 80 for http web
traffic, 20 and 21 for FTP, and 25
for opening an unencrypted SMTP
connection to send email through.
There are theoretically 6 5,535
ports available, although the
number available to services
is closer to 4 9,000. Any activity
involving a server, whether hosted
locally or over the internet, will
make use of these ports, and while
some are official, such as 32 ,400 for
Plex, others tend to be looser.
Before the advent of Universal
Plug ‘n’ Play (UPnP), you’d be
obliged to go into your router to set
up these ports manually, specifying
the port number, its protocol (TCP
and/or UDP), and its destination on
Create a
whitelist of
permitted
wireless devices
by MAC address
JAN 2022 MAXIMUMPC 47
©^
SY
NO
LO
GY
