Hardware Firewall

[moxnix]

Untill recently (when I moved) I had a D-Link wieless router connected to my cable modem and 3 computers ( 1 wired and 2 wireless) connected behind that.

After I moved, at first I had the same setup, with only one computer (my laptop) wireless connection to the D-Link router and my cable modem. Since then, I have ran more cable to the room where I have my computer set up, and am directly connected to the cable modem.

I miss the extra feeling of safety of having a hardware router in my setup, but really don't wish to also have the extra security risk of a unneeded WAP.
When the D-Link was set up, I had SSID disabled, WEP engauged (the D-Link does not support WPA), and MAC access restricted to only my laptop. I also had the signal attenuated as much as possible through the router.

Does anyone know of some means to completely turn the WAP of this router off, so that I can use just the wired portion of it? It is a 4 port setup and of course the wireless portion also. I have considered openning the router box up and manually defeating the wireless portion, but am hesitant to do this as it may cause perminate damage to the router and I am probably going to want to make use of its wireless functions some time in the future.

I have checked the manufacers web site, but they don't address this issue.

The D-link 4 port wireless router is a DI-514.

[avdven]

I have considered openning the router box up and manually defeating the wireless portion, but am hesitant to do this as it may cause perminate damage to the router and I am probably going to want to make use of its wireless functions some time in the future.

Just a word of caution. I did something similar with a 2.4 GHz phone (it was a base station which you could add additional wireless handsets too). I opened it up and disabled the antenna 'cuz I wasn't using the extra handsets and it was interfering with my wireless network at the time. Within less than an hour, the whole thing was fried. Best I could figure out, the internal power overloaded the board because it didn't have anything to power. I may be wrong on that, but I think that's what happened (I'm not much of an electrical engineer... only took a couple digital circuitry courses).

As for disabling the wireless, there's usually no way to do that on the all-in-one routers. Why not just go out and buy a cheap router? Nowadays you can get 'em for the price of a regular switch... just a thought.

AJ

[moxnix]

As for disabling the wireless, there's usually no way to do that on the all-in-one routers. Why not just go out and buy a cheap router? Nowadays you can get 'em for the price of a regular switch... just a thought.

Mainly because money is very tight right now, and I can't afford even a cheap router. The D-Link is not a very expensive one by itself and I already have that.

I would just like to take advantange of the hardware firewall it provides, as I am more inclined to trust a hardware verses a software firewall solution.

[chsh]

Originally posted here by moxnix
I would just like to take advantange of the hardware firewall it provides, as I am more inclined to trust a hardware verses a software firewall solution.

It's all software at one level or another. Something to consider: A "software" firewall on a desktop is more readily updatable than a firmware-based solution.

As for disabling the wireless entirely, I don't think it's possible on the 5xx line. You may want to leave it configured the way it was in use, even if you aren't using it. That, or maybe wrap the antenna in lead.

[Tiger Shark]

Mox:

Look carefully through the wireless settings on the config pages. The Linksys has a Wireless on/off set of radio buttons - maybe the D-Link does too.

Next thought... The antennas on the Linksys come off so that you could change the antenna type. It's a simple coax like twist off affair. Removing them will severely limit the range and sig strength anyone could connect from.

Lastly. Stick it in an old cookie _tin_ or similar to minimize range/sig strength. Combine that with the previous suggestion and you probably won't get any use out of it at all.

[moxnix]

Not finding any software solution to my problem, I have resorted to a hardware solution.

Just a word of caution. I did something similar with a 2.4 GHz phone (it was a base station which you could add additional wireless handsets too). I opened it up and disabled the antenna 'cuz I wasn't using the extra handsets and it was interfering with my wireless network at the time. Within less than an hour, the whole thing was fried. Best I could figure out, the internal power overloaded the board because it didn't have anything to power

As avdven cautioned, it is very possible to really screw something up by disconnecting or disableing the antenna, which would enclude taking it off and having an incomplete circuit. So I opened it up and traced out the circuitry so I could desolder the RF drivers to compleatly disable all radio transmissions.

Now it is functioning as a wired router only and should I want the wireless capabilities again, all I need to do is to install the finial drivers for the RF again.

I realize (as chsh stated) that a firmware firewall is harder to update, but really wanted the layered defense of the hardware and software firewall solutions. If I was working right now, I would have just gone down and bought a new one to do the same thing, as I believe a man can never have too many toys and such.

And Tiger, unless I missed it multiple times, the D-Link does not have any way to shut off the wireless transmissions except via a hardware solution.

Thanks for the good advise everyone, but I am also curious as to if there is any other combination of firewall solutions that might provide a layered defence as good or better than a hardware and software firewall in a windows environment.

[Wilykiote]

Originally posted here by moxnix
Untill recently (when I moved) I had a D-Link wieless router connected to my cable modem and 3 computers ( 1 wired and 2 wireless) connected behind that.

After I moved, at first I had the same setup, with only one computer (my laptop) wireless connection to the D-Link router and my cable modem. Since then, I have ran more cable to the room where I have my computer set up, and am directly connected to the cable modem.

I miss the extra feeling of safety of having a hardware router in my setup, but really don't wish to also have the extra security risk of a unneeded WAP.
When the D-Link was set up, I had SSID disabled, WEP engauged (the D-Link does not support WPA), and MAC access restricted to only my laptop. I also had the signal attenuated as much as possible through the router.

Does anyone know of some means to completely turn the WAP of this router off, so that I can use just the wired portion of it? It is a 4 port setup and of course the wireless portion also. I have considered openning the router box up and manually defeating the wireless portion, but am hesitant to do this as it may cause perminate damage to the router and I am probably going to want to make use of its wireless functions some time in the future.

I have checked the manufacers web site, but they don't address this issue.

The D-link 4 port wireless router is a DI-514.

Try using IPSec filtering to allow ICMP internally and deny ICMP-ECHO REPLY externally.