What is the best way to protect yourself at college on a college network?

[G+_David Bruns]

What is the best way to protect yourself at college on a college network? I am going to have a NAS, set up there too and what is the best way to protect as much as possible? Thanks

[G+_Black Merc]

Your own router to blockoff others on campus from your mini network(nas+laptop). This will isolate campus trouble from you accessing your nas, even if campus goes down.

[G+_Damien Wessling]

Turn off UPnP in the router as well.

[G+_Golden Retriever]

Or get edgerouter X

[G+_David Bruns]

Black Merc How do I connect my own router to the campus network, they don't have the routers in room, just ethernet?

[G+_Black Merc]

Campus = isp

Config your router to pretend as your laptop... Just do not clone your laptop mac address, that is a quick way to pissoff the campus admin. I just hope you are not confusing terms... Ethernet - cable with a rj-45 connector.

[G+_Ben Reese]

David Bruns If the campus has ethernet jacks in the room, you can connect the WAN port of your router to that jack. That will give you a private network inside the schools more public network. If you want more privacy, you can use a router with VPN support and connect it to an outside VPN server.

[G+_David Wiggins]

Using your own router got a private net it's the best idea, just hope your admins don't block it. A school I know blocked MACs from Linksys, D-Link, etc, and required software on the device to connect.

 

Also, if you do wifi, be polite, and check the area with WiFi analyzer for the best channel, and use low power.

[G+_Golden Retriever]

If they block by Mac, use Mac cloning "that's why it's there, we'll sort of"

[G+_Black Merc]

Tod Sage? if do, clone the nas. If you clone the laptop and move around on the campus net you will likely trigger an alarm(two machines with the same mac address).

[G+_Ben Reese]

I'd say don't clone the NAS or the laptop. Use something close to the laptop but change the last byte (characters, numbers, letters?) to something different. The first 4(?) sets define the manufacturer. The remaining are unique to that device.

[G+_Ben Tyger]

If they do MAC filtering based on manufacturer's side of the MAC, just change the routers MAC address to some manufacturer's range they can't block. Say... Apple's MAC class.

 

If the campus requires MAC registration like some home ISPs do, set a customized MAC before you register on a desktop. Then register that MAC with the desktop. Copy the customized MAC to the router. Then revert the desktop's MAC back to it's original.

 

I do this all the time with home ISPs so I don't have to deal with their registration process every time I change hardware.

[G+_David Bruns]

Unfortunately, my college does not allow routers, so that is out.

[G+_Ben Tyger]

How can they detect it? Especially if you use a generic Linux box with MAC cloning ?

[G+_Black Merc]

David Bruns they probability have one of two reasons. 1 rogue AP's(possible points of access to unauthorized users). 2 a mis-configured/mis-connected router crashing the network.

[G+_Black Merc]

Ben Tyger nmap... Some of the reporting data includes os and manufacturers.

[G+_David Bruns]

Ben Tyger They check the rooms, I don't want to get in trouble with them so I will just avoid it and be on the safe side.

[G+_David Bruns]

So then, is a VPN the best way to go then in this scenario? Or is there a way to encrypt the network traffic data sent out yourself?

[G+_Ben Tyger]

Black Merc That's why I said a generic Linux box with MAC cloning. It wouldn't look like common networking hardware to something to nmap.

[G+_Ben Tyger]

But I agree, wireless is probably a no-no because a wireless network scanner would find it pretty easily. Also wifi spectrum is usually at a premium on college so the IT crew is very protective of it.

[G+_Ben Reese]

Any Windows or Linux machine could connect wired then broadcast wifi for your personal use. A Raspberry Pi 3 would work for this and appear as a Linux machine on their network while being an Access Point for yours. If you want, it could even route all your traffic through a VPN.

[G+_Jason]

I want to use nmap to check my network. Do use the private ip address of my router or my public ip address? I assume I can use a pc within my network to do this?

[G+_Ben Tyger]

Jason Lamb Your going to always test the public IP. Depending on your router, you may need to test from outside your protected network.