Forum

  • Please could someone clear up some confusion and also offer some advice on securing my wireless home network?¡é?€?|

    I am an A+, NET+, MCDST, 2x MCP certified IT professional, but I lack wireless and security experience, something I would like to learn and get certified in one day.

    I have the following equipment:

    D-link Wireless router DI-624
    2x DW311U Wireless USB Print servers
    1 Win XP home edition PC (Wired)
    1 Win XP edition Laptop with Wireless D-link Aircard
    2x HP USB 1012 LaserJet printers

    When I use WEP 128-bit encryption with Open system selected on the router my 2 printer server?¡é?€??s work wirelessly, but when I select Shared key with WEP 128-bit encryption they do not work wirelessly (they only print when I plug in a network cable).

    I called D-link support and they told me you couldn?¡é?€??t use shared key with WEP 128-bit encryption, is this true?

    What is the difference between shared key and open system?

    Also I have took the following security measures:

    Enabled MAC filtering on my router for my 2 PC's and 2 print servers only

    Disabled SSID broadcasting

    Enabled WEP 128 encryption on my router for my 2 PC's and 2 print servers

    Changed the DHCP lease time to daily instead of weekly

    Installed Norton Firewall on each PC with antiVirus and spyware protection

    Only gave access to IP addresses used on my local network for my Router DHCP assignments in Norton Firewall

    Enabled Windows Update to run automatically on both PC's (but PC's upto date)


    Is this enough to be secure? Are there any other measures I can take to secure my wireless home network from attacks/hackers? Is there a way I can try and hack my own network? And what tools would I use?

    Aslo when setting up my network I also found 5 other networks in the area 5 SSID id?¡é?€??s displayed

  • datherley Escribi?3:

    Sorry
    2x DP311U Wireless USB Print servers

  • Hi Datherley:

    Do not use WEP. Do not use WEP-based shared key authentication. Do not hide SSIDs. Set your DHCP lease to a number convenient for your own use.

    Use WPA or WPA2, with either pre-shared key or authentication server. Update firmware or replace hardware if you must to get beyond WEP.

    If you use a pre-shared key (with either WPA or WPA2) make your pass phrase long and random. Arrange to cut and paste it into your equipment rather than type it.

    I hope this helps. Can you add your location to your forum profile? Thanks. /criss

  • I called D-link support and they told me you couldn?¡é?€??t use shared key with WEP 128-bit encryption, is this true?


    There's no reason in 802.11 why you can't use shared key with 128 bit WEP, but perhaps D-Link was saying that their specific devices didn't support that :-)

    As a previous poster pointed out, you should really be using WPA or WPA2 instead of WEP. It's possible that your D-Link print servers don't support WPA, which would be unfortunate, since WEP is pretty easily crackable (but better than nothing). MAC address filters are, in my opinion, more trouble than they're worth... I want my friends to be able to get onto my network when they bring their laptops over, and if I have WPA or WPA2, I can get sufficiently strong security without bothering with MAC filters.

  • Hi Datherly:

    I agree with Joshua. As a security measure MAC filtering deserves a little more respect than hiding SSIDs, but not much. MAC filtering can be useful in a lab setting.

    I hope this helps. Thanks. /criss

  • Open (RECOMMENDED)

    This default setting allows any device, regardless of its WEP keys, to authenticate and attempt to associate.

    Shared Key

    This setting tells the Access Point to send a plain-text, Shared Key query to any device attempting to associate with the Access Point. This query can leave the Access Point open to a known-text attack from intruders. Therefore, it is not as secure as the Open setting.

    What are these = DW311U Wireless USB Print servers. I can't find them?! It could be that they don't support shared key as it is notgood to use!

    I would put the printers on the wired side. WPA is better but it uses TKIP and it still uses WEP with a fix of the biggest attacks. But the weak IV's are still going to happen. AES will replace it and will be WPA2. Look for it on the box of a new ap! 802.1x will be supported with it to. If you have a RADIUS server, plug it in. YOu can alwas VPN into your network! It's all limmits, of money, time, ect... :)

    MAC filter will only add to your over head! The SSID is in all management frames. So you are only making it hard for your Windows 0 config to see the network.
    Go to Wigle.net look for you area.

Page 1 of 1
  • 1