DLINK wireless 524 router security

Archived from groups: alt.internet.wireless (More info?)

I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
win98se), i am wondering if i have done the best for what i have.

1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
the range.
2- I have enabled mac filter to my mac address.
3- I have enable wep with 128 hex encryp.
4- I have disabled ssid broadcast ( i read both sides of this and
selected disable)
5- I have decreased my antenna strength to 12.5%10dBM. It covers the
parts of the house i need.

6- I changed the default SSID name and setup an admin and user
passwords.
7 - Authentication is share key.
8- Upgraded to the latest firmware.

Ok.. What did i miss or is this the best i can do with what I have
until i can get WAP going on a new OS. Thanks for any response and
help. Rich
3 answers Last reply
More about dlink wireless router security
  1. Archived from groups: alt.internet.wireless (More info?)

    On 27 Jul 2004 20:09:05 -0700, richs68@yahoo.com (rich) wrote:

    >I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
    >win98se), i am wondering if i have done the best for what i have.
    >
    >1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
    >the range.
    >2- I have enabled mac filter to my mac address.
    >3- I have enable wep with 128 hex encryp.
    >4- I have disabled ssid broadcast ( i read both sides of this and
    >selected disable)
    >5- I have decreased my antenna strength to 12.5%10dBM. It covers the
    >parts of the house i need.
    >
    >6- I changed the default SSID name and setup an admin and user
    >passwords.
    >7 - Authentication is share key.
    >8- Upgraded to the latest firmware.
    >
    >Ok.. What did i miss or is this the best i can do with what I have
    >until i can get WAP going on a new OS. Thanks for any response and
    >help. Rich

    Well, lets pretend I was interested in breaking into your network. I
    would monitor your traffic for a while and accumulate a large capture
    file. I would then process the file through one of the numerous WEP
    crackers. This is one case where an obscure and obtuse password is a
    requirement. Use Hexadecimal and not ASCII.

    Once I have cracked the WEP key (takes about 3-4 days of typical
    traffic), I would sniff the encapulated 802.3 ethernet packets and
    extract your IP addreses, the MAC address of your wireless card
    (BSSID) and the SSID. I would then clone your MAC address and your IP
    address and proceed to hijack your connection.

    Reducing your xmit power isn't going to do much for an attacker with a
    high gain directional antenna and proper radio equipment. My favorite
    demo is to attach a 24dBi dish and point it at the hot spot at a
    coffee shop that's about 1 mile away. It usually works (not always).

    At home, my favorite security feature is the on/off switch. I use a
    non-wireless ethernet router for the wired machines to the internet.
    The wireless access point is only powered on when I need it and is off
    when I leave for work.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  2. Archived from groups: alt.internet.wireless (More info?)

    "rich" <richs68@yahoo.com> wrote in message
    news:cf41f6c.0407271909.43f76b45@posting.google.com...
    > I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
    > win98se), i am wondering if i have done the best for what i have.
    >
    > 1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
    > the range.
    > 2- I have enabled mac filter to my mac address.
    > 3- I have enable wep with 128 hex encryp.
    > 4- I have disabled ssid broadcast ( i read both sides of this and
    > selected disable)
    > 5- I have decreased my antenna strength to 12.5%10dBM. It covers the
    > parts of the house i need.
    >
    > 6- I changed the default SSID name and setup an admin and user
    > passwords.
    > 7 - Authentication is share key.
    > 8- Upgraded to the latest firmware.
    >
    > Ok.. What did i miss or is this the best i can do with what I have
    > until i can get WAP going on a new OS. Thanks for any response and
    > help. Rich

    As strange as it sounds, you'll get better security from Open Authentication
    than you will from Shared Key Authentication. The Shared Key Authentication
    scheme is so flawed that it gives away important clues to your WEP key.

    Ron Bandes, CCNP, CTT+, etc.
  3. Archived from groups: alt.internet.wireless (More info?)

    Ok thanks for the great info.

    If i implement WPA - Are there minimum standards for the passphase? Is
    the length unlimited? Sorry, newbie ish to the wpa thing. Any other
    info provided on wpa security greatly appreciated. rich


    Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote in message news:<sumeg0l7smjl17thkkvb7krpnmer6l8buc@4ax.com>...
    > On 27 Jul 2004 20:09:05 -0700, richs68@yahoo.com (rich) wrote:
    >
    > >I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
    > >win98se), i am wondering if i have done the best for what i have.
    > >
    > >1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
    > >the range.
    > >2- I have enabled mac filter to my mac address.
    > >3- I have enable wep with 128 hex encryp.
    > >4- I have disabled ssid broadcast ( i read both sides of this and
    > >selected disable)
    > >5- I have decreased my antenna strength to 12.5%10dBM. It covers the
    > >parts of the house i need.
    > >
    > >6- I changed the default SSID name and setup an admin and user
    > >passwords.
    > >7 - Authentication is share key.
    > >8- Upgraded to the latest firmware.
    > >
    > >Ok.. What did i miss or is this the best i can do with what I have
    > >until i can get WAP going on a new OS. Thanks for any response and
    > >help. Rich
    >
    > Well, lets pretend I was interested in breaking into your network. I
    > would monitor your traffic for a while and accumulate a large capture
    > file. I would then process the file through one of the numerous WEP
    > crackers. This is one case where an obscure and obtuse password is a
    > requirement. Use Hexadecimal and not ASCII.
    >
    > Once I have cracked the WEP key (takes about 3-4 days of typical
    > traffic), I would sniff the encapulated 802.3 ethernet packets and
    > extract your IP addreses, the MAC address of your wireless card
    > (BSSID) and the SSID. I would then clone your MAC address and your IP
    > address and proceed to hijack your connection.
    >
    > Reducing your xmit power isn't going to do much for an attacker with a
    > high gain directional antenna and proper radio equipment. My favorite
    > demo is to attach a 24dBi dish and point it at the hot spot at a
    > coffee shop that's about 1 mile away. It usually works (not always).
    >
    > At home, my favorite security feature is the on/off switch. I use a
    > non-wireless ethernet router for the wired machines to the internet.
    > The wireless access point is only powered on when I need it and is off
    > when I leave for work.
Ask a new question

Read More

Wireless Wireless Networking