How can i make my wireless connection more secure?

Forums › New Zealand Broadband › How can i make my wireless connection more secure?

Jono

73 posts

Master Geek

#9175 27-Aug-2006 01:13

Hi there guys

Just got a D-Link 604 Router and i was wondering how i go about making it more secure.

What settings should i apply? And in the D-Link Login.

Cheers
Jono

muppet

2568 posts

Uber Geek

Trusted

#44758 27-Aug-2006 02:51

Turn on at least "Wep" encryption, though if it supports "WPA" then use that (it's stronger)

Also, if your device supports adding MAC addresses to it, find out the MAC address of your laptop and put that in, then disallow all other MAC addresses from connecting.

Mark

1653 posts

Uber Geek

#45089 31-Aug-2006 17:56

Turn it off.

;-)

Sadly both WEP and WPA are hackable with tools off of the internet (thankyou penguin huggers! .. sorry just poking fun :-)

If you want to secure it use WPA, it'll be good enough for home, lock your router to specific MAC addresses (this way it will only talk the WiFi cards you own), don't use DHCP- hard set your IPs to some strange range (this way if they do get past the MAC address filtering, and break your WPA key they still have to find what IPs you are using .. might slow them down .. oooh 10 minutes ?) and turn off SSID broadcasting. Then choose a nice long complicate key.

Like I said, if someone REALLY wants in and have the skills and tools, then there is not much you can do.

DON'T use WEP! I was horrified how quick it took me to get access to a WEP protected access point .. using tools of the internet it took 5 minutes of gathering packets and then 2 minutes of processing to give me the WEP key! Not good! (PS. I "hacked" my own access point .. wanted to see how long it took :-)

barf

643 posts

Ultimate Geek

#45106 31-Aug-2006 20:25

a whole 10 minutes to get around a MAC address filter and static IPs? sniffing the IPs out of the packets is'nt much harder than sniffing the packets in the first place and changing your MAC address is easy with a supported chipset.

use WPA2 instead of WPA if your dlink supports it.

physically securing your access point may also be a good idea, put it in a place where the signal is only usable from within your house and not outside of it. This will upset most wardrivers who use internal antennas but, I've been able to connect to d-links with their standard omni-antenna from 1-2 kilometers away using a dish.

Sniffing the glue holding the Internet together

johnr

19282 posts

Uber Geek
Inactive user

#45107 31-Aug-2006 20:35

Use a LAN cable turn off wifi

Can't be cracked then

DonGould

3892 posts

Uber Geek

#45115 31-Aug-2006 22:11

Run a nix box with ipsec tunnels behind the router. Problem solved.

HTH

Cheers Don

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

tonyhughes

Hawkes Bay
8476 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#45124 1-Sep-2006 09:51

Hi Jono. Marks reply is about the best in the list.

I have the same router.

Use WPA-PSK
Use Static IPs
Change your SSID
Enable Hidden SSID
Enable MAC Access List and add your device(s)
Put your router as far away from the roadside as possible

Thats about the best most (l)users can hope for, without using a decent router/firewall/gateway box of some sort.
A committed cracker will still get in if they want, but the same is true of ANY system. Its just how much you want to spend to delay them.

Jono

73 posts

Master Geek

#45135 1-Sep-2006 13:10

tonyhughes: Hi Jono. Marks reply is about the best in the list.

I have the same router.

Use WPA-PSK
Use Static IPs
Change your SSID
Enable Hidden SSID
Enable MAC Access List and add your device(s)
Put your router as far away from the roadside as possible

Thats about the best most (l)users can hope for, without using a decent router/firewall/gateway box of some sort.
A committed cracker will still get in if they want, but the same is true of ANY system. Its just how much you want to spend to delay them.

So do i do all this through windows or throught the D-Link Admin setup thing?

When i clicked on WPA in the D-Link setup its asks me for my server IP address and secret?

Sorry im all new to this so excuse me if i sound dumb!

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Mark

1653 posts

Uber Geek

#45167 1-Sep-2006 18:25

Select "WPA" and "PSK String" .. there are a couple of flavours of WPA, one of them goes off and authenticates against a dedicated server .. you won't have that.

If you don't have the "PSK String" section then you might be running an old firmware on the router, D-Link have the latest/greatest on their website (make sure you get the NZ version of the firmware)

If you want I can configure things for you if you like ... send me a private message and I can run through what you need to do to give me access to your router from the outside world, I can then log in do as much tightening as possible and then log out. Though it would be a better learning experience for you to do it your self :-)

Regards!