DLINK wireless 524 router security

I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
win98se), i am wondering if i have done the best for what i have.

1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
the range.
2- I have enabled mac filter to my mac address.
3- I have enable wep with 128 hex encryp.
4- I have disabled ssid broadcast ( i read both sides of this and
selected disable)
5- I have decreased my antenna strength to 12.5%10dBM. It covers the
parts of the house i need.

6- I changed the default SSID name and setup an admin and user
passwords.
7 - Authentication is share key.
8- Upgraded to the latest firmware.

Ok.. What did i miss or is this the best i can do with what I have
until i can get WAP going on a new OS. Thanks for any response and
help. Rich

"rich" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
> win98se), i am wondering if i have done the best for what i have.
>
> 1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
> the range.
> 2- I have enabled mac filter to my mac address.
> 3- I have enable wep with 128 hex encryp.
> 4- I have disabled ssid broadcast ( i read both sides of this and
> selected disable)
> 5- I have decreased my antenna strength to 12.5%10dBM. It covers the
> parts of the house i need.
>
> 6- I changed the default SSID name and setup an admin and user
> passwords.
> 7 - Authentication is share key.
> 8- Upgraded to the latest firmware.
>
> Ok.. What did i miss or is this the best i can do with what I have
> until i can get WAP going on a new OS. Thanks for any response and
> help. Rich

As strange as it sounds, you'll get better security from Open Authentication
than you will from Shared Key Authentication. The Shared Key Authentication
scheme is so flawed that it gives away important clues to your WEP key.

Ron Bandes, CCNP, CTT+, etc.

On 27 Jul 2004 20:09:05 -0700, (E-Mail Removed) (rich) wrote:

>I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
>win98se), i am wondering if i have done the best for what i have.
>
>1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
>the range.
>2- I have enabled mac filter to my mac address.
>3- I have enable wep with 128 hex encryp.
>4- I have disabled ssid broadcast ( i read both sides of this and
>selected disable)
>5- I have decreased my antenna strength to 12.5%10dBM. It covers the
>parts of the house i need.
>
>6- I changed the default SSID name and setup an admin and user
>passwords.
>7 - Authentication is share key.
>8- Upgraded to the latest firmware.
>
>Ok.. What did i miss or is this the best i can do with what I have
>until i can get WAP going on a new OS. Thanks for any response and
>help. Rich

Well, lets pretend I was interested in breaking into your network. I
would monitor your traffic for a while and accumulate a large capture
file. I would then process the file through one of the numerous WEP
crackers. This is one case where an obscure and obtuse password is a
requirement. Use Hexadecimal and not ASCII.

Once I have cracked the WEP key (takes about 3-4 days of typical
traffic), I would sniff the encapulated 802.3 ethernet packets and
extract your IP addreses, the MAC address of your wireless card
(BSSID) and the SSID. I would then clone your MAC address and your IP
address and proceed to hijack your connection.

Reducing your xmit power isn't going to do much for an attacker with a
high gain directional antenna and proper radio equipment. My favorite
demo is to attach a 24dBi dish and point it at the hot spot at a
coffee shop that's about 1 mile away. It usually works (not always).

At home, my favorite security feature is the on/off switch. I use a
non-wireless ethernet router for the wired machines to the internet.
The wireless access point is only powered on when I need it and is off
when I leave for work.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Ok thanks for the great info.

If i implement WPA - Are there minimum standards for the passphase? Is
the length unlimited? Sorry, newbie ish to the wpa thing. Any other
info provided on wpa security greatly appreciated. rich


Jeff Liebermann <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> On 27 Jul 2004 20:09:05 -0700, (E-Mail Removed) (rich) wrote:
>
> >I just setup my 524 and 630 laptop card: Since i cannot use WAP (using
> >win98se), i am wondering if i have done the best for what i have.
> >
> >1- I have enable DHCP to only assign 1 IP. Firewall/Filter the rest of
> >the range.
> >2- I have enabled mac filter to my mac address.
> >3- I have enable wep with 128 hex encryp.
> >4- I have disabled ssid broadcast ( i read both sides of this and
> >selected disable)
> >5- I have decreased my antenna strength to 12.5%10dBM. It covers the
> >parts of the house i need.
> >
> >6- I changed the default SSID name and setup an admin and user
> >passwords.
> >7 - Authentication is share key.
> >8- Upgraded to the latest firmware.
> >
> >Ok.. What did i miss or is this the best i can do with what I have
> >until i can get WAP going on a new OS. Thanks for any response and
> >help. Rich
>
> Well, lets pretend I was interested in breaking into your network. I
> would monitor your traffic for a while and accumulate a large capture
> file. I would then process the file through one of the numerous WEP
> crackers. This is one case where an obscure and obtuse password is a
> requirement. Use Hexadecimal and not ASCII.
>
> Once I have cracked the WEP key (takes about 3-4 days of typical
> traffic), I would sniff the encapulated 802.3 ethernet packets and
> extract your IP addreses, the MAC address of your wireless card
> (BSSID) and the SSID. I would then clone your MAC address and your IP
> address and proceed to hijack your connection.
>
> Reducing your xmit power isn't going to do much for an attacker with a
> high gain directional antenna and proper radio equipment. My favorite
> demo is to attach a 24dBi dish and point it at the hot spot at a
> coffee shop that's about 1 mile away. It usually works (not always).
>
> At home, my favorite security feature is the on/off switch. I use a
> non-wireless ethernet router for the wired machines to the internet.
> The wireless access point is only powered on when I need it and is off
> when I leave for work.