I just set up my home wireless network. I am using a D-Link DI-624 Router and networking my laptop, My Dell Axim X30, and my desktop PC. I have enabled mac address filtering and allow only those 3 devices, I have added a password to the router log in. The SSID is still "default". I noticed a setting that says, "Block WAN ping". How will blocking the WAN ping affect my network security and the performance of my connections, both to the internet and between the various devices in the network? Any other suggestions for keeping my network safe from intrusion?
TIA,
-cadjak

Hi Cadjak

Blocking the WAN ping will allow your network to run in stealth mode, ie if you are pinged from outside there will be no reply and it will appear that you do not exist.

You might like to check that you are in stealth mode on all ports by visiting Gibson Research at https://grc.com/x/ne.dll?bh0bkyd2

You should change the SSID to something unique and make this change on each device not using the wireless link to do it.

I am not familiar with that wireless router but if it has wireless encription available you should enable it and make weekly changes to the key from each device and not over the wireless link. Use the longest key that is available for the devices in use.

Using MAC address filtering is a wise precaution.

Good luck with your wireless networking. BF

I went to GRC "shields up" and my port 113 showed as blocked not stealthed. That constitutes a security failure on the Gibson-meter.
-cadjak

Hi cadjak

Yes, that indicates to a potential intruder that there is a computer at your IP address, where as if you were running in stealth you are completely invisable, it would look like you don't even exist.

Take a look at which protocols you have installed on your machine you should have only TCP/IP.

The Blocked port could be coming from your router see the following from Gibson about this

QUOTE

Stealthing port 113 on NAT routers NAT router manufacturers certainly don't want to get the reputation that their NAT router causes connection trouble. But NAT routers have the problem that incoming IDENT requests are inherently unsolicited. As we know, NAT routers double as terrific hardware firewalls due to their natural tendency to drop all incoming unsolicited packets, thus stealthing their owner's networks. But since stealthing port 113 can "theoretically" cause connection problems (but probably never does) NAT routers usually treat port 113 specially. They deliberately return a "closed" status, actively rejecting connection attempts . . . but blowing their otherwise full-stealth cover in the process. New users of NAT routers, who use this site to check their security, are often disappointed to discover a single closed (blue) port floating in a calm sea of stealth green. The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status. It is my hope that NAT routers may consider incorporating the sort of adaptive dynamic IDENT handling which has always been (uniquely) offered by the Zone Alarm personal firewall . . . UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys!

See http://grc.com/port_113.htm

You might like to consider installing ZoneAlarm as a firewall on your computer. Disable any other software firewall on the machine and install ZA. It will configure to your network on installation. You will need to allow your browser and e-mail client to access the internet. You should stop all applications acting as a server, unless there is some specialist application that you use which serves outside your network.

You can get a free version of ZA from http://www.download.com/3000-2092-10039884...page&tag=button

Good luck. BF