Sign in with
Sign up | Sign in
Your question

Newbie tips on security for wireless home network

Last response: in Wireless Networking
Share
September 1, 2004 1:44:27 PM

Archived from groups: alt.internet.wireless (More info?)

I am completely new to 802.11. When my new laptop arrives in a week I
will be sharing my Internet connection between two machines (and also
networking the laptop with my existing desktop machine). I'm running
Win2K on the desktop and WinXP Home on the laptop.

What are the basic steps I need to take to ensure I'm not opening my
machines to univited visitors? Is one brand of router better than
others when it comes to security? Can anyone recommend a good site
with solid tips for beginners like me?

-- Ryan
Anonymous
a b F Wireless
a b D Laptop
September 2, 2004 8:31:32 PM

Archived from groups: alt.internet.wireless (More info?)

"Ryan" <nikespex@hotmail.com> wrote in message
news:f05919fc.0409010844.110a215b@posting.google.com...
> I am completely new to 802.11. When my new laptop arrives in a week I
> will be sharing my Internet connection between two machines (and also
> networking the laptop with my existing desktop machine). I'm running
> Win2K on the desktop and WinXP Home on the laptop.
>
> What are the basic steps I need to take to ensure I'm not opening my
> machines to univited visitors? Is one brand of router better than
> others when it comes to security? Can anyone recommend a good site
> with solid tips for beginners like me?
>
> -- Ryan

Ryan,

Welcome to the Monkey House.

If your laptop has an 802.11G wireless card, they usually come with "WPA"
encryption capability. Be sure that you turn it on for all machines. If
you'll be using 802.11B, then you're probably limited to WEP encryption,
which can be easily cracked but is better than nothing.

I suggest you purchase a router/NAT box, such as a Linksys WRT54G, and use
that to handle the interface chores. If you're going to do without a router,
and share your connection by using Interent Connection Sharing on your PC,
you'll need to put the wireless cards into "Ad Hoc" mode.

Basic security steps:

1. _NEVER_ enable a "writeable" share! To transfer information between
machines, share _ONE_ folder in "Read Only" mode, and _PULL_ the information
from that PC to its destination, i.e., use the destination machine to access
the shared folder on the source, and copy/paste into the destination folder.
You will, of course, have to move the files into the shared folder on the
source machine first.

2. Be sure _all_ your machines are up-to-date with _all_ security patches.
Ditto for AntiVirus software.

3. Disable unneeded services, such as Windows Messenging Service and
Personal Web Server, to reduce your exposure to vulnerabilities.

4. If you have a machine connected directly to the net, pay for firewall
software such as Zone Alarm. On second thought, put firewall software in no
matter how you get to the net.

5. Never use the Administrator account for routine business. Always create
restricted user accounts for all users, yourself included, and use
Administrator only for specific tasks that require it, such as software
upgrades.

6. While you're at it, rename the Administrator account to something else.
Some viruses test commonly-used passwords on the Administrator account, and
if they find a match, you're owned. Don't worry about losing functionality:
the "Administrator" name is just a convention, and the actual user id is a
number that doesn't change.

7. Run a vulverability scan on each machine. There are a number of free
scanners available, and they'll check for weak passwords, open shares, and
common exploits.

8. Ask yourself what information is on the machines, and whether anyone else
would want it. The answer is usually "No", but remember that locks are used
to keep honest people honest, and you should use them if you have them. If
you have material on the PC's that could help your business competitors in
some big way, then the game changes and you need to hire someone like me to
improve your security.

HTH.

William

--
William Warren
(Filter noise from my address for direct replies.)
Anonymous
a b F Wireless
a b D Laptop
September 2, 2004 8:45:54 PM

Archived from groups: alt.internet.wireless (More info?)

William Warren <william_warren_nonoise@comcast.net> wrote:
> 4. If you have a machine connected directly to the net, pay for firewall
> software such as Zone Alarm. On second thought, put firewall software in no
> matter how you get to the net.

If you are on a wireless network, you should have a firewall on every
machine, wireless or not, that is on the router.
Anyone connecting to your Wireless network is on "your side" of the
hardware firewall provided by the router.

This is aside from making some attempt to deter people from joining your
wireless network.

And when you drop by Starbucks, or some airport or hotel hotspot, you'll
already have the firewall in place.





WinXP has a firewall already built in. It isn't very configurable, though.
It's not clear what it is doing for me. I can't see how to "bless" an IP
address the way you do with ZoneAlarm, and yet I am able to share my
folders with that machine. That implies to me that any machine on the
local subnet is allowed access, which runs against my idea that you don't
trust everyone on your local [wireless] network.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
!