zero2dash

Ok, I've google'd and read like mad over the last day and a half getting ideas on securing a wireless network. I took a lot of the info I read and combined it and put it all to work last night.

-Right now I only have 1 device that uses wireless...a Nintendo DS. The DS only supports WEP and not WPA, so I'm stuck with using WEP for now (unless Nintendo does the smart thing and supports WPA soon). Right now since I don't own any DS WiFi games, I have the wireless disabled.

(I have a D-Link DI 524 router.)

I know most average/uneducated wireless users just activate WEP and that's it, but I didn't want to just merely do that (which is somewhat easily crackable from what I've read). Better than nothing though, right?

1. I changed the admin password of the router (but this is more of a router precaution, whether wired or wireless)
2. I activated WEP with a 128bit key; I chose a 13 character alphanumeric key (so it's not random HEX #s or gibberish ASCII chars) that doesn't have anything to do with my home, address, name, family, etc (easily guessed items)
3. I changed the SSID name and disabled the SSID broadcasting
4. I activated MAC filtering/entered the MAC address of my PC (wired) and my Xbox (wired)
5. I disabled DHCP and changed the network IP of the router (from the default 192.168.0.1)
6. I changed the signal strength to 12.5% (which should be enough to cover the area of the house I need)

I also stealthed port 113 (but again, that's more of a router issue, not a wireless security issue).

I don't have any drives being shared on my system at this time, but I plan on using NetBEUI/NetBUI (whatever it's called) when I do because I hear that's a lot more secure than the standard TCP/IP sharing that Windows uses.

Now, I know that someone with who sniffs the air (if they can get a signal, since it's weakened) can get the MAC address and clone it, or get the SSID name. Basically I know there's workarounds for most of the things I've done, but - my thought is that (hopefully) someone will realize there's no easy way to get in and just move on to the next house with a signal. I always use the adage about car alarms...just because you have a car alarm doesn't mean your car won't get broken into. But since you DO have something that is going to make the thief have to do some extra work, they'll probably move along to the next car that doesn't have an alarm.

---

Is there anything else anyone would recommend? (Or do you think this setup is decently safe...*knock on wood*.)

I thought about using WPA when I'm not using the DS and then using WEP when I am, or disabling wireless like I have right now...I'll probably do the latter.

TIA everyone...Jeffbx - network guru, where you at?

Jeffbx

Did I hear someone call my name?

OK, question #1 - do you NEED to encrypt your data?

99.99% of all users out there don't have the time/knowledge to crack simple MAC authentication. Yes, it's a trivial thing to do, but it's much faster to move on to an open WAP.

Unless you're on a campus, in an apartment or in some other heavily populated area where you have numerous people within range of your WAP, I say turn on MAC authentication & forget about encryption.

I'd say you're definitely safe to stay with the setup you have now, if you're in a single family home. You could even turn off WEP & you'd still be safe. As I said, as easy as it is to crack, it's much easier for someone to move onto the next WAP.