Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Lycan]

It's available because if we were to take it off, all the people that believe it's a real form of security would cry.

[Ghostnyc]

It's available because if we were to take it off, all the people that believe it's a real form of security would cry.

Is that the official response from DLINK? LMAO

Lycan- how do you secure your network?

[twk3]

All about choices. If you decided you were going to have an open network, cause you didn't want to deal with passwords and encryption and anything, but still didn't want you neighbour to grab up your internet, (let's say they aren't hackers, or aren't 16+ and know that you can dl wep cracking programs to do it for you if you ask google where to find them), then you might set your SSID to something interesting, and make it invisible. And that might work for you.

Secure, nope. Effective in keeping your non-tech neighbour from eating your bandwidth, maybe 80% of the time.

(Note that even some default utilities use more than just the SSID. Using an atheros adapter, with the atheros profiler/connection utility will sometime list invisible networks as well, depending on which version you are using.)

[Ghostnyc]

All about choices. If you decided you were going to have an open network, cause you didn't want to deal with passwords and encryption and anything, but still didn't want you neighbour to grab up your internet, (let's say they aren't hackers, or aren't 16+ and know that you can dl wep cracking programs to do it for you if you ask google where to find them), then you might set your SSID to something interesting, and make it invisible. And that might work for you.

Secure, nope. Effective in keeping your non-tech neighbour from eating your bandwidth, maybe 80% of the time.

(Note that even some default utilities use more than just the SSID. Using an atheros adapter, with the atheros profiler/connection utility will sometime list invisible networks as well, depending on which version you are using.)

Lets say you're going for 90-95% security rate and you have mixed bag of newbies and knowledgable people who either want to use your bandwith or get into to see your private **** stash-  What would YOU do to secure your network?   Top 10 steps (or Top 5)

[Lycan]

No, its my opinion.
I use WPA2/AES and MAC filtering, and pc running Ubuntu to monitor and audit network connectivity.

[twk3]

Using WPA2 usually keeps out even people in the know because it requires that the hacker use a dictionary attack. (Or a handoff I suppose) Using AES instead of TKIP, (not that it really matters, but TKIP does have one security flaw that has been demonstrated)

To protect against a dictionary attack, you need a strong password. It's not always easy to make a strong password. Using the WPS option (that we both have turned off atm >_<) allows the router to create strong keys for devices, you have to add the device to the network using a PIN number, but once the device is added, it uses the strong key.

Your blackberry supports WPS.

Also, use a SSID that is not on this list: http://www.wigle.net/gps/gps/Stat
Something to do with rainbow tables, no clue how it works or why, but that's what I've heard.


You should also secure your computers by keeping their OS updated.

I personally don't use the mac filtering, some people do. I have DHCP reservations for all of my devices, and I simply check my logs every once in a while to see what's up. But MAC Filtering is certainly one way to go.

I like Lycan's network audit setup. If I was running server services I might want a dedicated PC to monitor and audit the network. If you're hardcore on security you can throw in a honeypot

[Ghostnyc]

Using WPA2 usually keeps out even people in the know because it requires that the hacker use a dictionary attack. (Or a handoff I suppose) Using AES instead of TKIP, (not that it really matters, but TKIP does have one security flaw that has been demonstrated)

To protect against a dictionary attack, you need a strong password. It's not always easy to make a strong password. Using the WPS option (that we both have turned off atm >_<) allows the router to create strong keys for devices, you have to add the device to the network using a PIN number, but once the device is added, it uses the strong key.

Your blackberry supports WPS.

Also, use a SSID that is not on this list: http://www.wigle.net/gps/gps/Stat
Something to do with rainbow tables, no clue how it works or why, but that's what I've heard.


You should also secure your computers by keeping their OS updated.

I personally don't use the mac filtering, some people do. I have DHCP reservations for all of my devices, and I simply check my logs every once in a while to see what's up. But MAC Filtering is certainly one way to go.

I like Lycan's network audit setup. If I was running server services I might want a dedicated PC to monitor and audit the network. If you're hardcore on security you can throw in a honeypot

twk3, Lycan-  Thanks for the feedback- will start playing with my configuration tonight.

2 other questions about DIR 655 if you could indulge my newbness - USB port on the back is it 2.0?  and what is up with the refresh button on the side of the router? 

[twk3]

It is 2.0, and that button on the side is the WPS configuration button, for the non-PIN method of adding WPS enabled devices to the network.

If the device supports Wi-Fi Protected Setup and has a configuration button, you can add it to the network by pressing the configuration button on the device and then the on the router within 60 seconds. The status LED on the router will flash three times if the device has been successfully added to the network.

^grammar mistake in the manual "then the on the router"=>"then the one on the router"