D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-857 => Topic started by: HS-1971 on June 26, 2012, 01:16:19 PM

Title: Security Guidelines
Post by: HS-1971 on June 26, 2012, 01:16:19 PM
Are there any guidelines or recommendations on the router setup to ensure network security or at least provide high level of security against hackers or others nearby trying to access the internet through the WiFi network? Are there any special features on the DIR-857 router to improve home network security?
Title: Re: Security Guidelines
Post by: FurryNutz on June 26, 2012, 01:33:55 PM
Preferred security is WPA-Personal. WPA2/AES Only. Some WiFi adapters don't support AES, so you might want to try TPIK only or Auto. Ensure the password used is something you can remember and is complex enough for you and your authorized users.

Ensure the Admin log in password is changed to something different.

Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking
Title: Re: Security Guidelines
Post by: HS-1971 on June 27, 2012, 06:58:48 PM
Thanks for the info. I did most of obvious steps to ensure some degree of security.
Title: Re: Security Guidelines
Post by: FurryNutz on June 28, 2012, 07:04:53 AM
You could make the WiFi SSID broadcast invisible if your in a high populated neighborhood or apt complex. Might make connecting more of a pain since you'd have specify at the clients what SSID to look for in stead of automatically connecting. Other then that you should be good to go.
Title: Re: Security Guidelines
Post by: HS-1971 on June 28, 2012, 09:59:34 PM
Thanks for the tips. I am in an apartment complex and at the middle of the city, so your suggestion might be a good approach. can you elaborate a bit about your suggestion? I don't know what an SSID is :)
Title: Re: Security Guidelines
Post by: FurryNutz on June 29, 2012, 09:50:22 AM
Under Wireless settings on the routers web page, there is an option to Hide or Visable. Hiding causes the SSID or the wireless name that you normally see on your desktop or laptop to disappear from any one looking at these names. It does not cause the wireless to stop working, however if the name and password is known, then all a user needs to do is to use the specified wireless options on there desktop or laptop to input the name and password to get connected while the name is hidden from view.

Be aware that we are seeing a lot of wireless problems with people living in apt complexes and high populated neighborhoods with Wifi routers running. I call it WiFi congestion. The channels  on 2.4Ghz are being used up and making it hard on each router to find a clear and open channel to use. Hiding the name does not prevent this. I hope in your case your not seeing any WiFi problems at this time.

Title: Re: Security Guidelines
Post by: magius on June 29, 2012, 09:13:37 PM
Just wanted to quickly chime in that "hiding" your SSID does not really do much for security. Only one instance where the name of your wireless network is broadcasted is hidden. Anyone with the right tools can still find out, one, that you are running a wireless network, and two, what is the "hidden" SSID. This is because the name is still broadcasted when authorized computers connect to it. Hiding it is useless as a security measure and usually more of a pain for you.

Now having a real strong password for both your router and your network key will protect you from people trying to break in. This means a nice long password, ideally randomized, with numbers, letters (some capitalized), and special characters if possible. Long as in more than 10 characters, the longer the better. Your wireless key should be even longer if you want to fend off brute force attacks. Mine is 20+.

And don't use names, dates, and so on. The best tip I can give you is to use a long phrase you will remember (make one up, no famous phrases please), use the first letter of each word, and mix it up. Capitalize some, change others to special characters, etc..

Also make sure to turn off WiFi Protected Setup (WPS), its been proven to be vulnerable to exploitation. Enabling Spoof Checking under Advanced->Firewall cannot hurt (but there may be a performance hit, not sure).

Finally, check now and again for firmware upgrades that fix security holes (if any).
Title: Re: Security Guidelines
Post by: HS-1971 on June 30, 2012, 11:29:35 AM
Thanks Magius for your valuable suggestion. I did not hide the SSID as I thought this will provide more pain than necessary. I will check the WPS settings to ensure it is off. I know that any wireless security is never 100% guaranteed, but one should at least take necessary basic measures to make it as secure as possible.

Thanks again.