Newbie tips on security for wireless home network

Archived from groups: alt.internet.wireless (More info?)

I am completely new to 802.11. When my new laptop arrives in a week I
will be sharing my Internet connection between two machines (and also
networking the laptop with my existing desktop machine). I'm running
Win2K on the desktop and WinXP Home on the laptop.

What are the basic steps I need to take to ensure I'm not opening my
machines to univited visitors? Is one brand of router better than
others when it comes to security? Can anyone recommend a good site
with solid tips for beginners like me?

-- Ryan
2 answers Last reply
More about newbie tips security wireless home network
  1. Archived from groups: alt.internet.wireless (More info?)

    "Ryan" <nikespex@hotmail.com> wrote in message
    news:f05919fc.0409010844.110a215b@posting.google.com...
    > I am completely new to 802.11. When my new laptop arrives in a week I
    > will be sharing my Internet connection between two machines (and also
    > networking the laptop with my existing desktop machine). I'm running
    > Win2K on the desktop and WinXP Home on the laptop.
    >
    > What are the basic steps I need to take to ensure I'm not opening my
    > machines to univited visitors? Is one brand of router better than
    > others when it comes to security? Can anyone recommend a good site
    > with solid tips for beginners like me?
    >
    > -- Ryan

    Ryan,

    Welcome to the Monkey House.

    If your laptop has an 802.11G wireless card, they usually come with "WPA"
    encryption capability. Be sure that you turn it on for all machines. If
    you'll be using 802.11B, then you're probably limited to WEP encryption,
    which can be easily cracked but is better than nothing.

    I suggest you purchase a router/NAT box, such as a Linksys WRT54G, and use
    that to handle the interface chores. If you're going to do without a router,
    and share your connection by using Interent Connection Sharing on your PC,
    you'll need to put the wireless cards into "Ad Hoc" mode.

    Basic security steps:

    1. _NEVER_ enable a "writeable" share! To transfer information between
    machines, share _ONE_ folder in "Read Only" mode, and _PULL_ the information
    from that PC to its destination, i.e., use the destination machine to access
    the shared folder on the source, and copy/paste into the destination folder.
    You will, of course, have to move the files into the shared folder on the
    source machine first.

    2. Be sure _all_ your machines are up-to-date with _all_ security patches.
    Ditto for AntiVirus software.

    3. Disable unneeded services, such as Windows Messenging Service and
    Personal Web Server, to reduce your exposure to vulnerabilities.

    4. If you have a machine connected directly to the net, pay for firewall
    software such as Zone Alarm. On second thought, put firewall software in no
    matter how you get to the net.

    5. Never use the Administrator account for routine business. Always create
    restricted user accounts for all users, yourself included, and use
    Administrator only for specific tasks that require it, such as software
    upgrades.

    6. While you're at it, rename the Administrator account to something else.
    Some viruses test commonly-used passwords on the Administrator account, and
    if they find a match, you're owned. Don't worry about losing functionality:
    the "Administrator" name is just a convention, and the actual user id is a
    number that doesn't change.

    7. Run a vulverability scan on each machine. There are a number of free
    scanners available, and they'll check for weak passwords, open shares, and
    common exploits.

    8. Ask yourself what information is on the machines, and whether anyone else
    would want it. The answer is usually "No", but remember that locks are used
    to keep honest people honest, and you should use them if you have them. If
    you have material on the PC's that could help your business competitors in
    some big way, then the game changes and you need to hire someone like me to
    improve your security.

    HTH.

    William

    --
    William Warren
    (Filter noise from my address for direct replies.)
  2. Archived from groups: alt.internet.wireless (More info?)

    William Warren <william_warren_nonoise@comcast.net> wrote:
    > 4. If you have a machine connected directly to the net, pay for firewall
    > software such as Zone Alarm. On second thought, put firewall software in no
    > matter how you get to the net.

    If you are on a wireless network, you should have a firewall on every
    machine, wireless or not, that is on the router.
    Anyone connecting to your Wireless network is on "your side" of the
    hardware firewall provided by the router.

    This is aside from making some attempt to deter people from joining your
    wireless network.

    And when you drop by Starbucks, or some airport or hotel hotspot, you'll
    already have the firewall in place.


    WinXP has a firewall already built in. It isn't very configurable, though.
    It's not clear what it is doing for me. I can't see how to "bless" an IP
    address the way you do with ZoneAlarm, and yet I am able to share my
    folders with that machine. That implies to me that any machine on the
    local subnet is allowed access, which runs against my idea that you don't
    trust everyone on your local [wireless] network.

    --
    ---
    Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
Ask a new question

Read More

Wireless Laptops Wireless Networking