What should I do to secure the DLink router/ap I just bought? I've disabled SSID broadcasting and put a WEP key on it; is there anything else I should do?
That pretty much covers it. As long as the WEP key is 128bit, then your bases are covered. Understand that a dedicated hacker who really wanted to get in probably could - you need to secure your workstations as well, as 802.11b WEP is pretty weak and has been shown to be vulnerable to dedicated scanners. But this is not a concern for normal users...
If you do MAC filtering, it's pretty much unbreakable. Even if they break the encryption, they won't be able to log on unless they have a MAC address that is OK'd by the router. You just need to update the MAC filters with every MAC address that has permission to log on.
One thing thats pretty obvious but not mentioned here...CHANGE THE SSID/PASSWORD. I can't tell you how many time I just see AP's called "linksys" that have the same default login password "admin" for the router. but everything else thats been mentioned here is correct. 128 bit WEP is breakable, but if someone wants to get into your network it will take them about an hour or more to decrypt it. Linux program called Airsnort pulls transmitted packets and compares them, looking for a pattern. It can crack the encryption, but it takes it a long time to collect the number of packets it needs.
Basically, the checklist goes thusly:
Change SSID and password
Disable SSID broadcasting
Enable 128 bit WEP (or strongest encryption possible)
Enable MAC address filtering
To do MAC filtering, you basically have to make a list of all the MAC addresses of your wireless and any connected wired hardware. Its a number printed somewhere on the card itself (even NIC cards have them...there should be a sticker or something on the card) This number is specific to the hardware itself. You give the AP a list of allowed MAC addresses, and when something connects it makes sure that its on the "list" before letting it pass through. It is possible to spoof MAC addresses, but they'd have to know the MAC addresses that you are allowing, and unless you tell them thats pretty much impossible. There are so many possible addresses that guessing is not likely.
Comments
Basically, the checklist goes thusly:
Change SSID and password
Disable SSID broadcasting
Enable 128 bit WEP (or strongest encryption possible)
Enable MAC address filtering
To do MAC filtering, you basically have to make a list of all the MAC addresses of your wireless and any connected wired hardware. Its a number printed somewhere on the card itself (even NIC cards have them...there should be a sticker or something on the card) This number is specific to the hardware itself. You give the AP a list of allowed MAC addresses, and when something connects it makes sure that its on the "list" before letting it pass through. It is possible to spoof MAC addresses, but they'd have to know the MAC addresses that you are allowing, and unless you tell them thats pretty much impossible. There are so many possible addresses that guessing is not likely.
Good luck!