Securing a .11b network

Geeky1Geeky1 University of the Pacific (Stockton, CA, USA)
edited July 2003 in Science & Tech
What should I do to secure the DLink router/ap I just bought? I've disabled SSID broadcasting and put a WEP key on it; is there anything else I should do?

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited July 2003
    That pretty much covers it. As long as the WEP key is 128bit, then your bases are covered. Understand that a dedicated hacker who really wanted to get in probably could - you need to secure your workstations as well, as 802.11b WEP is pretty weak and has been shown to be vulnerable to dedicated scanners. But this is not a concern for normal users...
  • t1rhinot1rhino Toronto
    edited July 2003
    Enable MAC filtering, and change any default passwords if you haven't already.
  • GHoosdumGHoosdum Icrontian
    edited July 2003
    If you do MAC filtering, it's pretty much unbreakable. Even if they break the encryption, they won't be able to log on unless they have a MAC address that is OK'd by the router. You just need to update the MAC filters with every MAC address that has permission to log on.
  • DanGDanG I AM CANADIAN Icrontian
    edited July 2003
    The same stuff should go for wireless G, right?
  • GHoosdumGHoosdum Icrontian
    edited July 2003
    Yup.
  • khankhan New
    edited July 2003
    One thing thats pretty obvious but not mentioned here...CHANGE THE SSID/PASSWORD. I can't tell you how many time I just see AP's called "linksys" that have the same default login password "admin" for the router. but everything else thats been mentioned here is correct. 128 bit WEP is breakable, but if someone wants to get into your network it will take them about an hour or more to decrypt it. Linux program called Airsnort pulls transmitted packets and compares them, looking for a pattern. It can crack the encryption, but it takes it a long time to collect the number of packets it needs.

    Basically, the checklist goes thusly:
    Change SSID and password
    Disable SSID broadcasting
    Enable 128 bit WEP (or strongest encryption possible)
    Enable MAC address filtering


    To do MAC filtering, you basically have to make a list of all the MAC addresses of your wireless and any connected wired hardware. Its a number printed somewhere on the card itself (even NIC cards have them...there should be a sticker or something on the card) This number is specific to the hardware itself. You give the AP a list of allowed MAC addresses, and when something connects it makes sure that its on the "list" before letting it pass through. It is possible to spoof MAC addresses, but they'd have to know the MAC addresses that you are allowing, and unless you tell them thats pretty much impossible. There are so many possible addresses that guessing is not likely.

    Good luck!
Sign In or Register to comment.