beginner wireless security

[JOJO]

Archived from groups: alt.internet.wireless (More info?)

Hi all.

I purchased the bare basics.
Dell inspirion Laptop XP sp2 with wireless card
belkin 54 mps wireless router and yahoo DSL.

When I connect (no problems by the way, even for a newbie like me)
I get great signal strength.

I need now to understand what I should do about security.
My new laptop comes with Norton Internet security
and XP has a firewall. Then the belkin has basic security features.

When I connect, it always says I'm connected to and unsecured network.

What do I need to do first?

Thanks,
jojo

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

When I connect, it always says I'm connected to and unsecured network.

This means your wireless connection is unsecure. Depending on what your
belkin supports you can use WEP or WPA-PSK. The latter being the most secure
Your Docs should show you how to set it up. Once you enable it on the router
your card will no longer be able to talk to it until you configure the card.


"jojo" <cgv_2000*yourhat*@yahoo.com> wrote in message
news:vrMjd.11511$fC4.1063@newssvr11.news.prodigy.com...
> Hi all.
>
> I purchased the bare basics.
> Dell inspirion Laptop XP sp2 with wireless card
> belkin 54 mps wireless router and yahoo DSL.
>
> When I connect (no problems by the way, even for a newbie like me)
> I get great signal strength.
>
> I need now to understand what I should do about security.
> My new laptop comes with Norton Internet security
> and XP has a firewall. Then the belkin has basic security features.
>
> When I connect, it always says I'm connected to and unsecured network.
>
> What do I need to do first?
>
> Thanks,
> jojo
>
>

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

jojo wrote:
> Hi all.
>
> I purchased the bare basics.
> Dell inspirion Laptop XP sp2 with wireless card
> belkin 54 mps wireless router and yahoo DSL.
>
> When I connect (no problems by the way, even for a newbie like me)
> I get great signal strength.
>
> I need now to understand what I should do about security.
> My new laptop comes with Norton Internet security
> and XP has a firewall. Then the belkin has basic security features.
>
> When I connect, it always says I'm connected to and unsecured network.
>
> What do I need to do first?
>
> Thanks,
> jojo
>
>
1. change the admin userid/password for the router.
2. disable ssid broadcast, so nobody can see your access point.
3. enable WEP (or preferably WPA if your AP supports it).
4. enable MAC address filtering so that only authorised wifi adapters
can connect to the AP.
5. enable your firewall.
6. make sure your anti virus is kept up to date.
7. surf safely - don't download and install dodgy software - never open
email attachments unless you are absolutely sure they are safe.


This is about as much as you can do with the equipment you have - should
be strong enough to deter all but the most persistent (and
knowledgeable) intruders.

Hope this helps
Peter Phillips
Software Director
Kinetiq Airzone

 

[JOJO]

Archived from groups: alt.internet.wireless (More info?)

> 1. change the admin userid/password for the router.
> 2. disable ssid broadcast, so nobody can see your access point.

I'm not sure I understand the difference between a router and and access
point.

> 3. enable WEP (or preferably WPA if your AP supports it).
> 4. enable MAC address filtering so that only authorised wifi adapters
> can connect to the AP.
> 5. enable your firewall.

That would be norton firewall or windows firewall?

> 6. make sure your anti virus is kept up to date.
> 7. surf safely - don't download and install dodgy software - never open
> email attachments unless you are absolutely sure they are safe.
>
>
> This is about as much as you can do with the equipment you have - should
> be strong enough to deter all but the most persistent (and
> knowledgeable) intruders.

Thanks for your help!!!
jojo


>
> Hope this helps
> Peter Phillips
> Software Director
> Kinetiq Airzone

 

[JOJO]

Archived from groups: alt.internet.wireless (More info?)

"Airhead" <campbell@alliancecable.net> wrote in message
news:418f95a8$0$799$2c56edd9@news.cablerocket.com...
> When I connect, it always says I'm connected to and unsecured network.
>
> This means your wireless connection is unsecure. Depending on what your
> belkin supports you can use WEP or WPA-PSK. The latter being the most
secure
> Your Docs should show you how to set it up. Once you enable it on the
router
> your card will no longer be able to talk to it until you configure the
card.


Thanks! I'll set that WEP up.

jojo

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

SandyBaby wrote:

> 1. change the admin userid/password for the router.

That an important but often forgetten point.

> 2. disable ssid broadcast, so nobody can see your access point.

Well that won't help. Hiding the SSID can give you a lot of troubles but it
does not really increase security. The SSID is broadcasted on every logon
so it can be found out by everybody. The positon of your WLAN can be found
anyway, with or without broadcasted SSID.

> 3. enable WEP (or preferably WPA if your AP supports it).

You may see the manual to do so.
Check if all your components support WPA. If they do use "WPA-PSK" and enter
a long and random secret key.

> 4. enable MAC address filtering so that only authorised wifi adapters
> can connect to the AP.

That's even more useless then the hidden SSID. The MAC address is sent with
every packet (even the encrypted) and it's very simple to fake it.

> 5. enable your firewall.
> 6. make sure your anti virus is kept up to date.
> 7. surf safely - don't download and install dodgy software - never open
> email attachments unless you are absolutely sure they are safe.

That are no special WLAN security hints but also very important.
I just have to add that you have to read carefull what the firewall tool is
asking. Never click 'OK' or 'Allow' without knowing what it means.
But even without firewall you are pretty save. An attacker from the internet
can see the router only.

And last but not least:
8. NEVER, NEVER, NEVER, use the Internet Explorer!
Nearly every dialer, trojan horse or virus infecting your system from an
internet page is doing so by using Internet Explorer scriping features
(including several security problems). On other browser like Mozilla or
Opera they just won't work.

Thomas

 

[JOJO]

Archived from groups: alt.internet.wireless (More info?)

>
> And last but not least:
> 8. NEVER, NEVER, NEVER, use the Internet Explorer!
> Nearly every dialer, trojan horse or virus infecting your system from
an
> internet page is doing so by using Internet Explorer scriping features
> (including several security problems). On other browser like Mozilla or
> Opera they just won't work.
>
> Thomas

Really...I should use Mozilla or Opera? I have never heard of either.
I have been using IE for years and years. Does everyone here concurr?

Thanks,
jojo

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

jojo wrote:

>
>> 1. change the admin userid/password for the router.
>> 2. disable ssid broadcast, so nobody can see your access point.
>
> I'm not sure I understand the difference between a router and and
> access
> point.

A DSL router is a device connecting one or more computers to the internet
over a DSL line.
An Access Point is the base station for a wireless network.
DSL WLAN router are a router and an Access Point in one device.

>> 3. enable WEP (or preferably WPA if your AP supports it).
>> 4. enable MAC address filtering so that only authorised wifi adapters
>> can connect to the AP.
>> 5. enable your firewall.
>
> That would be norton firewall or windows firewall?

That are two possibilies. But it can also be any other personal firewall
product.

Thomas

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, jojo mused:
|
| Really...I should use Mozilla or Opera? I have never heard of either.
| I have been using IE for years and years. Does everyone here concurr?

If your browsing habits are safe, then IE will be fine. Certainly,
there are other browsers that are more secure, but if IE were the insecure
mess some believe you'd be hearing about how people have been hacked with it
every day. But, more often than not, you hear about the vulnerabilities ...
but very few actual accounts of it being exploited.

 

[ME]

Archived from groups: alt.internet.wireless (More info?)

On Mon, 08 Nov 2004 17:59:24 +0100, Thomas Krüger
<newsgroups@nospam.nowire.org> wrote:

<snip>

>>> 5. enable your firewall.
>>
>> That would be norton firewall or windows firewall?
>
>That are two possibilies. But it can also be any other personal firewall
>product.

Thomas

What's the answer to JoJo's question? Should either or neither Norton
or Window's firewall be enabled with a router in place?

--
Peter Langley

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Yes.

Regardless of the router's security you should always enable a firewall on
your PC. Windows, Norton, ZoneAlarm or Tiny, they all do a reasonable job
of keeping your system secure and, importantly, of preventing an infection
spreading _out_ of your machine shoudl the worst happen.

Evan

<me@privacy.net> wrote in message
news:u5tvo0d0j90gg0m1jqv5oirtg936g9kp4p@4ax.com...
> On Mon, 08 Nov 2004 17:59:24 +0100, Thomas Krüger
> <newsgroups@nospam.nowire.org> wrote:
>
> <snip>
>
>>>> 5. enable your firewall.
>>>
>>> That would be norton firewall or windows firewall?
>>
>>That are two possibilies. But it can also be any other personal firewall
>>product.
>
> Thomas
>
> What's the answer to JoJo's question? Should either or neither Norton
> or Window's firewall be enabled with a router in place?
>
> --
> Peter Langley

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, Radovan mused:
|
| Regardless of the router's security you should always enable a firewall on
| your PC. Windows, Norton, ZoneAlarm or Tiny, they all do a reasonable job
| of keeping your system secure and, importantly, of preventing an infection
| spreading _out_ of your machine shoudl the worst happen.

Slight correction on your statement. The Windows firewall has little to
no outbound protection ... especially when compared to the other software
firewalls. If you have a router, the Windows firewall is pretty much
redundant.

 

[Avalanche]

Archived from groups: alt.internet.wireless (More info?)

On Mon, 08 Nov 2004 16:59:55 GMT, "jojo" <cgv_2000*yourhat*@yahoo.com>
wrote:

>
>
>>
>> And last but not least:
>> 8. NEVER, NEVER, NEVER, use the Internet Explorer!
>> Nearly every dialer, trojan horse or virus infecting your system from
>an
>> internet page is doing so by using Internet Explorer scriping features
>> (including several security problems). On other browser like Mozilla or
>> Opera they just won't work.
>>
>> Thomas
>
>Really...I should use Mozilla or Opera? I have never heard of either.
>I have been using IE for years and years. Does everyone here concurr?
>
>Thanks,
>jojo
>
I like Mozilla's Firefox, available 11/9 free at
http://www.mozilla.org.

See also
http://www.boston.com/business/technology/articles/2004/11/09/web_power_to_the_people/
from The Boston Globe 11/9 about Firefox (which is browser-only,
without Mozilla's email and newsgroups).

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Mon, 08 Nov 2004 19:21:00 GMT, in alt.internet.wireless , "mhicaoidh"
<®êmõvé_mhic_aoidh@hotÑîXmailŠPäM.com> wrote:

>Taking a moment's reflection, jojo mused:
>|
>| Really...I should use Mozilla or Opera? I have never heard of either.
>| I have been using IE for years and years. Does everyone here concurr?
>
> If your browsing habits are safe, then IE will be fine.

This isn't true. Clever social engineering or and hacked supposedly safe
websites can redirect you to dodgy websites without you even having to do
anything overtly unsafe.

>Certainly,
>there are other browsers that are more secure, but if IE were the insecure
>mess some believe you'd be hearing about how people have been hacked with it
>every day.

You might want to read the technology papers a little more closely.


--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Mon, 08 Nov 2004 22:42:47 +0000, in alt.internet.wireless ,
me@privacy.net wrote:

>What's the answer to JoJo's question? Should either or neither Norton
>or Window's firewall be enabled with a router in place?

Security is like an onion - do it in layers. So yes.

--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, Mark McIntyre mused:
|
| This isn't true. Clever social engineering or and hacked supposedly safe
| websites can redirect you to dodgy websites without you even having to do
| anything overtly unsafe.

Cite me cases which indicate this as a rash problem of epidemic
proportions.

| You might want to read the technology papers a little more closely.

See above. I acknowledge that it is possible, but it's just not
widespread given the shear numbers of people on the internet.

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Thomas Krüger <newsgroups@nospam.nowire.org> wrote in message news:<cmo83b$42e$02$1@news.t-online.com>...
> SandyBaby wrote:
> > 2. disable ssid broadcast, so nobody can see your access point.
>
> Well that won't help. Hiding the SSID can give you a lot of troubles but it
> does not really increase security. The SSID is broadcasted on every logon
> so it can be found out by everybody. The positon of your WLAN can be found
> anyway, with or without broadcasted SSID.
>
> > 4. enable MAC address filtering so that only authorised wifi adapters
> > can connect to the AP.
>
> That's even more useless then the hidden SSID. The MAC address is sent with
> every packet (even the encrypted) and it's very simple to fake it.
>
> Thomas


These two points are not useless. Each of them increase the level of
skill and the amount of effort required to access the network.

I'm not saying they should be relied on as the only network security.
But they have their place and should be included in the security
setup.

Any security can be beaten. The trick is to put in enough roadblocks
to make it no longer worthwhile.

Mal

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On 12 Nov 2004 09:35:58 -0800, whatmal@hotmail.com (Mal) wrote:

>These two points are not useless. Each of them increase the level of
>skill and the amount of effort required to access the network.

Agreed and disagreed. Agreed that MAC address filtering is not useless
because it provides one more hurdle over which anyone intend on gaining
access to your network must jump. I doubt, however, that it is a
particularly high hurdle to someone who has already been able to crack the
encryption, but it is still a hurdle.

Disagree with hiding SSID. If someone is out to hunt down access points
and break into them they'll have the tools to spot your network, hidden or
otherwise. The only people that hiding the SSID will defeat are the people
that were not a threat to you anyway. More likely you'll cause a nuisance
of yourself because people with nearby access points won't know you're
there, and therefore what channel you are on - and if they don't know what
channel you're on they might choose the same one. Even worse if they hide
their SSID as well because then neither of you know about the other and
spend ages wondering why networks run slow or have very limited range!

>Any security can be beaten. The trick is to put in enough roadblocks
>to make it no longer worthwhile.

Agreed but hiding SSID is more of a cattle grid than a road block. Sure
the cattle will be stuck but the guy with the pickup will just roll
straight over it with no delay caused.
--
Simon Pleasants <plesbit@hotmail.com>
"Keep a dream in your pocket....
....never let it fade away"

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, Mal mused:
|
| These two points are not useless. Each of them increase the level of
| skill and the amount of effort required to access the network.

Only in terms without encryption being used. With encryption enabled
SSID hiding and MAC Filtering become redundant. Certainly, the potential
negative effects of SSID hiding far out weight the security benefits.

Quite simply, anyone with the ability to even *attempt* to crack WEP or
WPA passphrases will also have the ability to clone MAC addresses and detect
an SSID whether hidden or not.