|
|
Wireless Security
|
|
|
First, be sure to connect to the router using an Ethernet cable for your configuration work – otherwise, with the first change, you’ll get locked out. If you are using wireless to login to the router, if you get locked out, you’ll have to wait for the router to time out and close that login.
Know these definitions,
- SSID = Server Set ID – basically, this is the network name
- MAC Address = a unique code for every networking device
- WEP = "Wired Equivalent Privacy" (don’t you believe it!)
- WPA = newer technology "Wi-Fi Protected Access"
First, I recommend that you secure your network. Many people believe in having their network open -- available to anyone who might want to use it. Without considering whether such sharing this may or may not be in compliance with your ISP's terms and conditions of your service, you should consider the impact on the individual computers of your network.
If you are using a DHCP server to assign addresses and do not control access to your network, you will not be able to share files and printers between the other computers of your network. You will also open those computers to malicious, or just bored, attack by someone accessing your network.
You should pick and use the maximum security options that your computer and operating system are capable of using. If you are using Windows XP, you should use WPA, not a variety of WEP. This also means you should purchase or upgrade to at least an 802.11g router -- you have to use up-to-date equipment to have up-to-date security options. Most manufacturers provide excellent instructions in their manuals on setting up a wireless network securely. You can download many of these manuals from the manufacturers' websites to help you in your pre-purchase decisions.
My equipment recommendations: Windows XP Home or Windows XP Professional, Linksys WRT54G Wireless Router
- Connect router to pc/notebook with Ethernet cable –– so you don't get locked out.
- Set to Infrastructure (with router), not ad-hoc (peer to peer)–– router can do more filtering (e.g., only talk to certain MAC addresses) than the PC’s cards can.
- Change the default SSID name.
- Turn on MAC address filtering for all wireless cards & router
- Turn off broadcasting of the SSID.
- Turn on WPA/WEP128/WEP64bit – the higher the number, the better
- Change the default Login ID (if applicable) and default password on the wireless router
- Ensure that remote management is turned off.
- Consider placement of the AP to get the signals where you want them and minimize signals going where you don't want them. Usually, the middle of the house.
There are three more important things to do if you are using a portable wireless device — a notebook computer or a wireless PDA to connect to your network for file and/or printer sharing.
-
Run any of the firewall programs that I recommend on my Security Software Recommendations page. Do not trust the Windows Firewall — it gives no control over outbound communications and responses to them. If you're computer has been subverted by trojans, adware or spyware, the Windows Firewall will still let them do whatever they want to do. Other firewalls allow you to control outbound communication attempts also.
-
Use a non-default IP range for your home network. Why? Because, you'll probably set the firewall to "Trust" anyone on your local network's IP range. If you use the default IP range, and if you go to the coffee shop, you just told it to "Trust" any computer on that network, too! Most routers for the home market default to 192.168.0.1 - 192.168.0.255 or 192.168.1.1 - 192.168.1.255.
What are the valid IP ranges you can use? These IP addresses are "Reserved for Private Networks" -- like yours.
10.0.0.0 - 10.255.255.255
17.16.0.0 - 17.31.255.255 and
192.168.0.0 - 192.168.255.255.
- Use a non-default Workgroup name for your local network. Windows will default to "MSHOME." You don't want to accidentally share files with the others in the coffee shop.
Each router model is set up differently. If you can not figure out how to do these steps, read your manual –– all the manuals that I have examined have good instructions, although I like Linksys' the best.
If you need help, get your local computer guru or computer consultant to give you a hand. Most computer shops also have staff who make house calls.
Please, do not skip these security steps.
After you finish, you are not finished! Check for firmware updates occasionaly. Sometimes, these fix security holes that have been found. Other times, they make dramatic improvements in the wireless connection's stability. I have seen computers that were unable to maintain a wireless connection with the router -- a firmware update to the router completely solved the problem.
- You ARE running a firewall aren’t you? If not, get the Sunbelt Personal Firewall or combine anti-virus, anti-spam and firewall with
Trend Micro PC-cillin Internet Security 2006
or Panda Software's Platinum 2006 Internet Security
- Set your network card’s SSID to "ANY" and disable the WEP encryption. That’s all it takes to connect.
- Remember, nothing you send is encrypted (unless you're using a "https" website). Anyone with the know-how can intercept your radio signal and read it. Don't send passwords or sensitive information unless you are sure they will be encrypted.
- Make sure you've handled the issues in the section above (Wireless Networking with Notebooks and PDAs) so that you do not have unplanned security holes.
Link to this page — just add this code to your web page!
<a href="http://www.terryscomputertips.com/computers/wireless-security.php">Wireless Security</a>
Copyright © 2005-2006 Terry A. Stockdale. All rights reserved.
|
|
