General discussion

Locked

wireless security options

By dhawes ·
Wanting feedback regarding my first attempt in configuring as much security that the D-Link 624 will allow. This is how I set it up...

# changed the default password into the router.
# turned off broadcast SSID
# changed the default SSID Name
# enabled wpa-psk & used all 63 of the allowable chars.
# cloned specific MAC address to DHCP
# changed default dhcp server addresses from 100 - 199 to only a single address for now. like 192.168.0.100 through 192.168.0.100

Are there security programs that work with this router/AP that can offer more security? Do I have my network somewhat secure? Thanks in advanced.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DOES NOT MATTER

by jhansen In reply to wireless security options

give me a uni-directional wifi antenna, a linux enabled laptop, and 5gb of sniffed traffic on your network and i'll give your your wep key. WIRELSS = UNSECURE

But yes your reasonably secure from shareing your bandwidth with anyone as the router will not assign addresses to more then 1 pc with your unique mac address. But i could still intercept your traffic and decode it.


Jake

-------------------------------------
Computer techs, earn residual income, start your own online backup business. http://www.zray.net/AffiliateProgram.html

Collapse -

Wireless = unsecure

by rob.lay In reply to DOES NOT MATTER

wireless isn't as secure as wired but it can be a lot mor difficult than you describe to break them. Using per packet keying (TKIP) makes it harder and traffic can always be made more secure by running a MUVPN over the top of the wireless link. Also, it'd take a while to collect 5Gb of sniffed traffic, that's a **** of a lot of packets.

Collapse -

secure

by afram In reply to wireless security options

hmm...better make sure the PCs have some personal firewall too.

Collapse -

Tips

by cp7212 In reply to wireless security options

If you set your DHCP scope to only allow one address, it defeats the point of DHCP. If, for some reason that address cannot connect, what is it going to find when it DHCP's?

If you used all 63 allowable characters for WPA, you'd better make a hard copy (paper and pen), just in case something happens to the HD. Put the hard copy in a secure place.

Some routers have internal IP addresses to access the interface. You should be able to change the address to something else. I know some LinkSys routers have this, but I'm not sure about D-Link.

Collapse -

dhcp

by afram In reply to Tips

I think the point of 1 DHCP address is to only give out one address for HIS computer. Then it will not assign another IP to someone else trying to connect. It's more as a security thing rather than functionality.

>>If you set your DHCP scope to only allow one address, it defeats the point of DHCP. If, for some reason that address cannot connect, what is it going to find when it DHCP's?

Collapse -

Secure

by CarlitosWay In reply to wireless security options

Hi,

CP is right, better make sure you got that key stored somewhere.Tough one to remember on the fly lol!

Also make sure that you enable MAC filtering on the router, if that feature is on it. That why nothing but youre LAN card can log on the router.

Good luck,

Carlitosway

Collapse -

by uofM In reply to wireless security options

"changed default dhcp server addresses from 100 - 199 to only a single address for now. like 192.168.0.100 through 192.168.0.100..."

haha.. - sorry, but I found that pretty funny. Why use DHCP then? Also, depending on your mask, I can easily key in 192.168.0.150 and probably still get on (assuming I have some other info).

As the first poster stated - by using wireless, you have lowered the security of your network. Every little thing you've done has brought it back up a small bit.... however, a risk will always be there. Its simply at what point is it acceptable for you. As for home based products... I don't think you're missing anything (aside from Mac Filtering) in terms of features. But just to throw in some "practices" that I use at home...

- Actually turn WiFi off when you're not using it (if applicable).
- change your WPA key on a scheduled basis (weekly?).
- I would actually even change your addressing to use something not as obvious (i.e. 172.168.55.97-98/30). Its not much.. but better than the default.

Again, none of this will stop a motivated attacker that's targeted you. But most likely enough to keep your 12 year old neighbor from hopping onto your network.

Collapse -

Not Bad

by smallbiz-techwiz In reply to wireless security options

You've done a good job of making it difficult. Changing the IP range from the default 192.168.X.X, ...in conjunction with turning off DHCP and assigning fixed IP's would be a good move. Turning off the router is not always practical. In my case, I have a TiVo unit on my wireless network that retrieves updates across the Internet at various hours of the day. It's true that someone with a PHLAK CD and too much spare time could sniff your traffic and eventually get your WEP key, but why? What do you have that's worth that much trouble? Most hackers are just looking for a free ride to the Internet using an IP and MAC address that can't be traced back to them. You can do that so much easier on one of the many WAP's out there that are wide open. I don't think you have anything to worry about unless someone really wants to own you bad.

Collapse -

Hacking

by rob.lay In reply to Not Bad

Isn't it true that if someone really wants to hack you network links they will??? If they're determined enough and have the know how then they'll get in. I don't really see the point of using DHCP for a single client, wouldn't it be easier to turn off DHCP and assign static addresses and MAC address filters on the wireless for the clients you want to have access??

Collapse -

DHCP may be needed ....

by smallbiz-techwiz In reply to Hacking

If you have a laptop that goes from the office LAN, to your home LAN, to a WAP at Starbucks... it can be a pain to configure your network settings if you're not configured to automatically obtain. I'm running DHCP just so I don't have to keep helping my wife with her laptop everyday. For desktop clients that never move... fixed IP's would definitely make sense.

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums