Wireless Security

[FearfullyMade 0]

Right now my home network is really simple, mainly because I have just one computer. I have it plugged into the cable modem with ethernet, and that's it. However, in a month I'm getting married. My fiancee has her own computer so I'm going to have to upgrade my network to get her on. I thought about just getting a traditional router, but since a wireless one is only $10 more I'll probably get a wireless one. I'll still connect our two desktops with cable since they will be in the same room. I have a PDA I'll use wirelessly and I may be getting a laptop at some point.My question is what do I need to do to make my wireless network as secure as possible? I've heard that wireless networks are really easy to get on and that the built-in security isn't very good. I want to set it up so that only the two of us can get onto the network. What are the different options for wireless security and what is the best solution? Also, is there anything I need to do to protect our desktops just incase someone can get in? I'm not too worried about that, I don't have anything on my computer worth the time it would take to break in. My main concern is I don't want someone using my internet connection for free.

[BigmanB 0]

Depending on what type of wireless router you bought there may be more or less security options you accessible to. The best wireless router I found was by Linksys and Belkin. They are the top brands with the latest security features. Below I will list some basic features that will hopefully fit all kinds of wireless routers, but most of the solutions would apply to 802.11b type routers. Enjoy

 

Helpful Tips on Securing Your Wireless LAN Router

 

1 ~ Using TCP/IP for File and Printer sharing!

 

It is really simple DON"T USE IT because there are access points that are automatically installed on your LAN. If anyone gets that access point they will be part of your LAN network. Since they are accessing your network by TCP/IP to connect to your computer you can deny their access to your Microsoft File and Printer Sharing by using another protocol other than the TCP/IP. The only problem is that they will still be able to use your router as an internet connection but will not be able to have access to your files.

 

2 ~ Proper secure file-sharing procedures!

 

Share only what you need to share. Keep in mind folders and not whole hard drives. Password protect anything that your are sending. The best passwords are ones will letters and numbers mixed.

 

3 ~ WEP Encryption!

 

Simply ENABLE it and use a non-obvious encryption key. I recommend looking for and use products that support 128bit WEP for a better encryption on your wireless router.

 

4 ~ Use WEP

 

Use WEP for data and authentication. Some wireless router gives you two options 'Shared Key' and 'Open System'. You should use Shared Key because it is used to both encrypt its data and to authenticate your client.

 

5 ~ Use non-obvious WEP keys!

 

You should always use hard passwords and access keys. You shouldn't keep your keys and passwords the same for a year so you need to periodically change them over and over. I would suggest that you change them every month.

 

6 ~ Secure your Access Point!

 

Your Access Point should make you have a password to access its Admin features. If it doesn't, you need to get one that will! Also, you need to change your default password and use a solid one.

 

9 ~ Don't send the ESSID and don't accept any ESSID!

 

Orinoco and Apple have called the ability to stop their products from sending out or accepting any of the networks ESSID which is the "closed network" feature. Other manufactures are doing the same thing so make sure your routers has its latest updates and firmware upgrades.

 

10 ~ Use MAC address based Access and Association control

 

There are many routers and Access Points being upgraded to have the new features to control the clients that can access them. MAC addresses are famous to be tied to physical network adapters which mean that this method would require no that much coordination and maybe inconvenience for LAN users. If you already have a product that doesn't include this feature, check your Manufacturer's Web site for a firmware upgrade.

[Soleq 0]

Basically, you're venturing into pretty safe territory. As stated above, if you don't need to share files or printers, don't. Turn on your WEP protection, and if you're really paranoid, only allow your MAC addresses to access the router. If you have a suspecion that someone is piggybacking on your router, use a packet sniffer to see the data going to and fro. If you see stuff out of the ordinary, than you know that you need to take some steps. I believe the lastest 2600 has an article on this. Really, I've had a wireless network for over 2 years now, and I've had 0 problems with it.

[FearfullyMade 0]

Cool. Thanks alot for your replies. It sounds like I shouldn't have much trouble with setting my wireless network up. I've never done it before so I want to be sure not to miss anything important. From you replies it sounds like I'll have everything I need, I just need to enable the security and set it up right.BigmanB, I had planned on getting a Linksys router because they seem to have a good reputation. I'm looking at getting the Wireless-G Broadband Router. I assume that it will have the security features that you were talking about. If you have a different suggestion for which one I should buy let me know.

[Rebecca1405241499 0]

Okay, here's some more practical advice:1. Assuming you live in a single-family home, signal strength alone will keep people from easily using your internet connection.2. The chances of your neighbors even knowing how to crack WEP or having the inclination to do so are slim.3. Disabling SSID broadcast causes you hassles (especially with Windows computers) and provides zero security benefit, it's easy enough to find out.4. WPA-Personal PSK with TKIP encryption is very secure and I would trust it totally, I used it for the longest time until I needed to use a non-WPA compatible device on my network. Now I use WEP128 and feel confident enough still that I'm secure from my neighbors, who aren't the brightest with computers.5. Enable MAC address filtering on your router.Setting all this up varies depending on your router, but it's from a web interface and is mentioned in your owners manual.

[OneStopReefShop 0]

When you mention "Enabling MAC address filtering on your router"... I'm hoping this is something that is fairly straight forward in setting up? Being a newbie also to the Computer Network world, will I find out how to get my MAC address by simply going to the "Help and Support" section on my WIN XP computer, and typing in MAC address?As I understand it, the MAC address is a unique identification assigned to a card, modem, and/or the like, that have the LAN capabilities???? Not the piticular IP of a computer, but more hardware related???I know... some very basic questions. Sorry, but I'm just trying to understand more as I tag along on this thread.Thank you.

[Soleq 0]

Yeah, you have the basic idea of what a MAC is. It's basically the serial number of your particular machine's network interface. Thus, you can specify in your router to only allow certain computers access to your network. If someone else tries to access the network (meaning another computer), the router won't accept the connection. Usually very secure. You should be able to figure out your MAC somewhere in the networking control panels (sorry, I only use Macs, and it's found in the Network preferences so I'm assuming it's the same for Windows).

[OneStopReefShop 0]

Thank you Soleq... I appreciate your help muchly!!!After some reading thru the included HELP files for Windows XP, and some experimenting, I managed to figure out how to find my MAC address.I brought up a dos window, and input the fillowing command:ipconfig /allSure enough, it shows me my "physical address" of my internal lan on my laptop, as well as the physical address of my wireless adapter!!!Good Stuff!!! Thanks for starting this thread, and once again Soleq, thank you for your input to my question!!!

[FearfullyMade 0]

Rebbeca, I have a question about signal strength. If I lived in a house by myself then I wouldn't worry too much about it. However I leave in an apartment complex. I was wondering how far the signal would normally go. Would it stop at my building (it isn't very large, only 4 2-bedroom apartments) or would it go even farther? I've heard of people being able to drive down streets and pick up signals from nearby houses.

[BigmanB 0]

The basic thing that needs to be remembered is that if you want thinks to be secure and private you need to have them encrypted and hard to find. What you want to be yours needs to be kept on your computer and safe from others/hackers. Don't be a fool secure your tool.

[WeaponX 0]

Rebbeca, I have a question about signal strength. If I lived in a house by myself then I wouldn't worry too much about it. However I leave in an apartment complex. I was wondering how far the signal would normally go. Would it stop at my building (it isn't very large, only 4 2-bedroom apartments) or would it go even farther? I've heard of people being able to drive down streets and pick up signals from nearby houses.

That would depend on your surroundings. Will you be using this in the apartment or are you trying to use it outside? Walls can interfere with the signals and also other devices using the same frequency range (2.4Ghz). You can however try to change the wireless channels (6 and 11 is best) so that the 2.4Ghz frequency range won't interfere with it (maybe not as much).
Those who use it outside have either extended their wireless access (probably using other wireless access points or wireless range extender or antenna) or they are wardriving. Basically wardriving is going around looking for "open" wireless hotspots and using it for free. Some places actually do have free wi-fi hotposts for people near by to use, but others just didn't secure it. I see a lot of great suggestions already mentioned above. If you do those, you are mostly free from these security problems (never 100% though ).