Howdy, stranger! Ready to join the community? [log in]

To reply on Icrontic, register now.

It only takes 30 seconds.

Have an account? Sign in for less ads.

Forgot?
 
Reply to Discussion Options
Geeky1
No comment.
Geeky1
7,972 Posts
17 Jul 2003, 3:50pm

Securing a .11b network

What should I do to secure the DLink router/ap I just bought? I've disabled SSID broadcasting and put a WEP key on it; is there anything else I should do?
__________________ -MCCCXXXVII
"Ignorance is forgivable. Stupidity is inexcusable."

Resident Dual CPU Addict: 3 working duallies, 2 more in the parts drawer, and looking to add an Opteron dually to that list as soon as I can find a good motherboard...
Reply with Quote
primesuspect
The Icrontic Guy
primesuspect
27,789 Posts
17 Jul 2003, 4:11pm
That pretty much covers it. As long as the WEP key is 128bit, then your bases are covered. Understand that a dedicated hacker who really wanted to get in probably could - you need to secure your workstations as well, as 802.11b WEP is pretty weak and has been shown to be vulnerable to dedicated scanners. But this is not a concern for normal users...
__________________ "I offer my genius to the world, all I ask is you pick up my expenses"
Reply with Quote
t1rhino
Icrontian
t1rhino
908 Posts
17 Jul 2003, 4:34pm
Enable MAC filtering, and change any default passwords if you haven't already.
Reply with Quote
GHoosdum
tequilavangelist
GHoosdum
10,277 Posts
17 Jul 2003, 4:50pm
If you do MAC filtering, it's pretty much unbreakable. Even if they break the encryption, they won't be able to log on unless they have a MAC address that is OK'd by the router. You just need to update the MAC filters with every MAC address that has permission to log on.
__________________ My flickr photostream.
Reply with Quote
DanG
Not Y2K compliant
DanG
1,102 Posts
17 Jul 2003, 10:47pm
The same stuff should go for wireless G, right?
__________________ [folding_sig1]



Main Rig:
Core i7 920, Giga-Byte X58-DS4, 3x2GB OCZ DDR3-1600, 160GB Intel G2 SSD, Giga-Byte 4870X2 2GB, Corsair 750W PSU, Antec Nine Hundred, Thermalright Ultra 120 Extreme, Dell 2405FPW, Dell E228WFP

Server: Q9450, Giga-Byte P35 DS3L, 2x2GB OCZ DDR2-800, more hard drives than I can count, ATI Radeon 2400HD, Coolermaster 700W PSU

HTPC:
Q6600, Asus P5B, 4x1GB OCZ DDR2-800 Revision 2, GeForce 8800GTS (G92), OCZ 700W PSU, Antec Sonata, Seagate 1TB, Samsung 50" 1080P DLP
Reply with Quote
GHoosdum
tequilavangelist
GHoosdum
10,277 Posts
17 Jul 2003, 10:49pm
Yup.
Reply with Quote
khan
Toast is awesome
khan
274 Posts
21 Jul 2003, 8:50am
One thing thats pretty obvious but not mentioned here...CHANGE THE SSID/PASSWORD. I can't tell you how many time I just see AP's called "linksys" that have the same default login password "admin" for the router. but everything else thats been mentioned here is correct. 128 bit WEP is breakable, but if someone wants to get into your network it will take them about an hour or more to decrypt it. Linux program called Airsnort pulls transmitted packets and compares them, looking for a pattern. It can crack the encryption, but it takes it a long time to collect the number of packets it needs.

Basically, the checklist goes thusly:
Change SSID and password
Disable SSID broadcasting
Enable 128 bit WEP (or strongest encryption possible)
Enable MAC address filtering


To do MAC filtering, you basically have to make a list of all the MAC addresses of your wireless and any connected wired hardware. Its a number printed somewhere on the card itself (even NIC cards have them...there should be a sticker or something on the card) This number is specific to the hardware itself. You give the AP a list of allowed MAC addresses, and when something connects it makes sure that its on the "list" before letting it pass through. It is possible to spoof MAC addresses, but they'd have to know the MAC addresses that you are allowing, and unless you tell them thats pretty much impossible. There are so many possible addresses that guessing is not likely.

Good luck!
__________________ -->This is my signature<--
Reply with Quote
Go Back   Icrontic Forums > Tech: Software > Networking & Security
Reload this Page Securing a .11b network
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 11:10pm (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.