Sign in with
Sign up | Sign in
Your question

unwanted computer on network

Last response: in Wireless Networking
Share
Anonymous
a b F Wireless
March 4, 2005 8:01:01 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

i am running a wireless network and some1 accross the road can see our
network. is it possible to block them.

thanks in advance
March 4, 2005 8:25:48 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Mark Hall wrote:

> i am running a wireless network and some1 accross the road can see our
> network. is it possible to block them.
>
> thanks in advance

There is no way you can prevent someone just seeing your wireless
network; that is how wireless works. You can turn off SSID
broadcasting, but this is not advantageous for your own network and
really provides no security. You should make sure you have enabled
encryption on your network, and you may also choose to do MAC address
filtering on your router, only allowing your own computers to access
the network. Then, although your network will be visible to outsiders,
they will not be able to connect. Here is a link regarding basic
wireless security:

Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
a b F Wireless
March 4, 2005 1:11:00 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

"Malke" <noreply@invalid.com> wrote in message
news:ePmqu2LIFHA.2744@tk2msftngp13.phx.gbl...

> There is no way you can prevent someone just seeing your wireless
> network; that is how wireless works. You can turn off SSID
> broadcasting, but this is not advantageous for your own network and
> really provides no security. You should make sure you have enabled
> encryption on your network, and you may also choose to do MAC address
> filtering on your router, only allowing your own computers to access
> the network. Then, although your network will be visible to outsiders,
> they will not be able to connect. Here is a link regarding basic
> wireless security:
>
> Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"

Not to be disagreeable, but disabling the Broadcast ID, while not providing
security per se, is one step in securing a wireless network. While it
doesn't technically make the network invisible, it does make it a lot harder
to find and connect when the SSID is changed and broadcast is turned off.
Related resources
Anonymous
a b F Wireless
March 4, 2005 1:28:52 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Yes, but note this. If you disable SSID on your access points etc, how do
your wireless clients know where to connect? You will have to instruct your
WiFi users as to what to use as an SSID to connect to your Wireless network.
It would be the same as if you also used WEP, you would still need to give
that info to your users.



I say run the network openly and perhaps issues certs to the users to use to
secure by MAC Address. You could use some "I think it's called NAS, someone
correct me please if I am wrong" radius type logins so that users would have
to enter in user id and passwords.
Anonymous
a b F Wireless
March 4, 2005 3:09:10 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

"Mr. Smith" <backup@yahoo.com> wrote in message
news:uOmUG7MIFHA.3588@TK2MSFTNGP14.phx.gbl...
> Yes, but note this. If you disable SSID on your access points etc, how do
> your wireless clients know where to connect? You will have to instruct
> your WiFi users as to what to use as an SSID to connect to your Wireless
> network. It would be the same as if you also used WEP, you would still
> need to give that info to your users.


Yes, you would have to configure the SSID per machine. But if you're
already manaully configuring your clients, you already have to configure the
WEP/WPA key, so the "extra" step of defining the SSID is already necessary.
And if you aren't using encryption, disabling the broadcast is really moot
anyway.

But this is the inherent problem with security; access becomes more
difficult. Access/convenience are traded off for security. If you want
complete convenience, resign yourself to no security.


> I say run the network openly and perhaps issues certs to the users to use
> to secure by MAC Address. You could use some "I think it's called NAS,
> someone correct me please if I am wrong" radius type logins so that users
> would have to enter in user id and passwords.


Correct, you could require authentication via a RADIUS server. But we're
talking about a home wireless network here. I sincerely doubt the OP, or
any other home user, wants to deploy a server scenario of this fashion or
purchase the hardware necessary to employ this authentication. In an
enterprise network utilizing WiFi, broadcast once again becomes moot if you
are using WiFi best practices; ie, secure logon, AD, blah, blah, blah.
Again, though, we're (or at least I am) not talking about an enterprise WiFi
deployment.

The best way to secure a Home Wireless Network is:

1) Disable the Broadcast ID
2) Change the default SSID
3) Enable WEP/WPA encryption with a strong key
4) Change the default admin password
5) Decrease the scope of the DHCP server to only the necessary number of
host addresses

And, if you aren't going to have variable clients;

5) Employ MAC filtering

A home user that wants to be really nitty-gritty and is running XP Pro can
also disable simple file sharing to require authentication for shared
resources as well. I liken (for novice users) the above steps to "hiding
the door to your house", "changing your address", "using a lock", "changing
the keys", and "making sure there aren't too many keys available". Not
perfect, but it gets the point across.

Anyone with any WiFi experience knows that none of this makes you perfectly
secure, but it certainly does make it a lot harder to attack your network.

In my experience, and I've deployed/installed numerous home wireless
networks, most users couldn't care less what security their network has.
They just want it to work. Frequently, I have to enable the security and,
if they realize I've done it, explain why it's necessary. If I ask up front
whether they want it or not, I usually get "don't bother". IMHO, not
employing even minimal security is foolish.
March 4, 2005 3:09:11 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

DJ Borell wrote:

> "Mr. Smith" <backup@yahoo.com> wrote in message
> news:uOmUG7MIFHA.3588@TK2MSFTNGP14.phx.gbl...
>> Yes, but note this. If you disable SSID on your access points etc,
>> how do
>> your wireless clients know where to connect? You will have to
>> instruct your WiFi users as to what to use as an SSID to connect to
>> your Wireless network. It would be the same as if you also used WEP,
>> you would still need to give that info to your users.
>
>
> Yes, you would have to configure the SSID per machine. But if you're
> already manaully configuring your clients, you already have to
> configure the WEP/WPA key, so the "extra" step of defining the SSID is
> already necessary. And if you aren't using encryption, disabling the
> broadcast is really moot anyway.
>
> But this is the inherent problem with security; access becomes more
> difficult. Access/convenience are traded off for security. If you
> want complete convenience, resign yourself to no security.
>
>
>> I say run the network openly and perhaps issues certs to the users to
>> use
>> to secure by MAC Address. You could use some "I think it's called
>> NAS, someone correct me please if I am wrong" radius type logins so
>> that users would have to enter in user id and passwords.
>
>
> Correct, you could require authentication via a RADIUS server. But
> we're
> talking about a home wireless network here. I sincerely doubt the OP,
> or any other home user, wants to deploy a server scenario of this
> fashion or
> purchase the hardware necessary to employ this authentication. In an
> enterprise network utilizing WiFi, broadcast once again becomes moot
> if you are using WiFi best practices; ie, secure logon, AD, blah,
> blah, blah. Again, though, we're (or at least I am) not talking about
> an enterprise WiFi deployment.
>
> The best way to secure a Home Wireless Network is:
>
> 1) Disable the Broadcast ID
> 2) Change the default SSID
> 3) Enable WEP/WPA encryption with a strong key
> 4) Change the default admin password
> 5) Decrease the scope of the DHCP server to only the necessary number
> of host addresses
>
> And, if you aren't going to have variable clients;
>
> 5) Employ MAC filtering
>
> A home user that wants to be really nitty-gritty and is running XP Pro
> can also disable simple file sharing to require authentication for
> shared
> resources as well. I liken (for novice users) the above steps to
> "hiding the door to your house", "changing your address", "using a
> lock", "changing
> the keys", and "making sure there aren't too many keys available".
> Not perfect, but it gets the point across.
>
> Anyone with any WiFi experience knows that none of this makes you
> perfectly secure, but it certainly does make it a lot harder to attack
> your network.
>
> In my experience, and I've deployed/installed numerous home wireless
> networks, most users couldn't care less what security their network
> has.
> They just want it to work. Frequently, I have to enable the security
> and,
> if they realize I've done it, explain why it's necessary. If I ask up
> front
> whether they want it or not, I usually get "don't bother". IMHO, not
> employing even minimal security is foolish.

You've never been disagreeable to *me*, DJ ;-) and 1) I never mind being
corrected because I like to learn; and 2) we don't have to agree on
everything. It's just that from what I've read by networking experts I
respect, enabling SSID is something you really want to do. I think
Windows wireless works better with it enabled, and so do the MS guys
who've posted about it. But as I said, we can disagree and still be
friends. I say a home user should change the SSID from the default,
leave it enabled, use as strong encryption as his/her hardware permits,
and do MAC filtering if you want.

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
a b F Wireless
March 4, 2005 6:38:26 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

You would not want the hassle of setting up radius servers on a small home
network. Come on, obviously the OP is not that knowledgable or else he
really would not be asking this qustion, and your suggesting this stuff???
Come on....


"Mr. Smith" <backup@yahoo.com> wrote in message
news:uOmUG7MIFHA.3588@TK2MSFTNGP14.phx.gbl...
> Yes, but note this. If you disable SSID on your access points etc, how do
> your wireless clients know where to connect? You will have to instruct
> your WiFi users as to what to use as an SSID to connect to your Wireless
> network. It would be the same as if you also used WEP, you would still
> need to give that info to your users.
>
>
>
> I say run the network openly and perhaps issues certs to the users to use
> to secure by MAC Address. You could use some "I think it's called NAS,
> someone correct me please if I am wrong" radius type logins so that users
> would have to enter in user id and passwords.
>
>
Anonymous
a b F Wireless
March 4, 2005 6:51:56 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi
Windows Zero Configuration (WZC) needs the SSID broadcast to be On in order
to work correctly (some Wireless Clients need the Broadcast On even with
their own utilities).
Broadcast means that while resting (i.e. the Wireless connection is not use)
the Wireless Source transmits burst of signal with its SSID. However,
switching the Broadcast Off is Not a Big security feature. When the Wireless
is actually used it Broadcasts the SSID regardless of the status at Rest.
In other word While you are using your Wireless your SSID will popup on any
neighbor computer whether the Broadcast is On or Off. In addition there are
simple Utilities that can wake the Wireless even if the Broadcast is Off and
you are not using it at the moment.
MAC filter is a good thing to use because it does not have any impact on the
Wireless besides restricting the Wireless client to the few with a specific
MAC address.
However, MAC filtering is a Good feature to leave out innocent neighbors
that might log onto your system and might not be aware that they are doing
so. However with MAC protection only it is very easy for real Hacker to get
in if he wants to.
Encrypting the Wireless traffic is currently the preferred method of
securing the Wireless Network.
Older system use to have WEP only protection, which evolved into WPA, which
is evolved now into WPA-PSK-TIK.
Log to this page if you would like to understand more about the Basic of
these methods.
Wireless Encryption - WEP, WPA, and the Future (802.11i) -
http://www.ezlan.net/wpa_wep.html
You can use only One of these Methods. If you have WPA-PSK-TIK, use it if
not use WPA, if Not use WEP.
Additional mean of securing a Network can be achieved by restricting the
log-in of the Wireless computers to pre assigned Clients. This is done by
using a RADIUS server. This method is used by many corporations to control
who can use their Wireless.
If you Do Not have a system with RADIUS Server make sure that your WZC
801.11x RADIUS Server setting is Off otherwise your Wireless would Not work.
Jack (MVP-Networking).




"Malke" <noreply@invalid.com> wrote in message
news:#RtRwMPIFHA.1280@TK2MSFTNGP09.phx.gbl...
> DJ Borell wrote:
>
> > "Mr. Smith" <backup@yahoo.com> wrote in message
> > news:uOmUG7MIFHA.3588@TK2MSFTNGP14.phx.gbl...
> >> Yes, but note this. If you disable SSID on your access points etc,
> >> how do
> >> your wireless clients know where to connect? You will have to
> >> instruct your WiFi users as to what to use as an SSID to connect to
> >> your Wireless network. It would be the same as if you also used WEP,
> >> you would still need to give that info to your users.
> >
> >
> > Yes, you would have to configure the SSID per machine. But if you're
> > already manaully configuring your clients, you already have to
> > configure the WEP/WPA key, so the "extra" step of defining the SSID is
> > already necessary. And if you aren't using encryption, disabling the
> > broadcast is really moot anyway.
> >
> > But this is the inherent problem with security; access becomes more
> > difficult. Access/convenience are traded off for security. If you
> > want complete convenience, resign yourself to no security.
> >
> >
> >> I say run the network openly and perhaps issues certs to the users to
> >> use
> >> to secure by MAC Address. You could use some "I think it's called
> >> NAS, someone correct me please if I am wrong" radius type logins so
> >> that users would have to enter in user id and passwords.
> >
> >
> > Correct, you could require authentication via a RADIUS server. But
> > we're
> > talking about a home wireless network here. I sincerely doubt the OP,
> > or any other home user, wants to deploy a server scenario of this
> > fashion or
> > purchase the hardware necessary to employ this authentication. In an
> > enterprise network utilizing WiFi, broadcast once again becomes moot
> > if you are using WiFi best practices; ie, secure logon, AD, blah,
> > blah, blah. Again, though, we're (or at least I am) not talking about
> > an enterprise WiFi deployment.
> >
> > The best way to secure a Home Wireless Network is:
> >
> > 1) Disable the Broadcast ID
> > 2) Change the default SSID
> > 3) Enable WEP/WPA encryption with a strong key
> > 4) Change the default admin password
> > 5) Decrease the scope of the DHCP server to only the necessary number
> > of host addresses
> >
> > And, if you aren't going to have variable clients;
> >
> > 5) Employ MAC filtering
> >
> > A home user that wants to be really nitty-gritty and is running XP Pro
> > can also disable simple file sharing to require authentication for
> > shared
> > resources as well. I liken (for novice users) the above steps to
> > "hiding the door to your house", "changing your address", "using a
> > lock", "changing
> > the keys", and "making sure there aren't too many keys available".
> > Not perfect, but it gets the point across.
> >
> > Anyone with any WiFi experience knows that none of this makes you
> > perfectly secure, but it certainly does make it a lot harder to attack
> > your network.
> >
> > In my experience, and I've deployed/installed numerous home wireless
> > networks, most users couldn't care less what security their network
> > has.
> > They just want it to work. Frequently, I have to enable the security
> > and,
> > if they realize I've done it, explain why it's necessary. If I ask up
> > front
> > whether they want it or not, I usually get "don't bother". IMHO, not
> > employing even minimal security is foolish.
>
> You've never been disagreeable to *me*, DJ ;-) and 1) I never mind being
> corrected because I like to learn; and 2) we don't have to agree on
> everything. It's just that from what I've read by networking experts I
> respect, enabling SSID is something you really want to do. I think
> Windows wireless works better with it enabled, and so do the MS guys
> who've posted about it. But as I said, we can disagree and still be
> friends. I say a home user should change the SSID from the default,
> leave it enabled, use as strong encryption as his/her hardware permits,
> and do MAC filtering if you want.
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
Anonymous
a b F Wireless
March 4, 2005 8:14:49 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

"Jack (MVP)" <Jack(MVP)@discussions.microsoft.com.> wrote in message
news:%23yWtPtPIFHA.2456@TK2MSFTNGP09.phx.gbl...
> Hi
> Windows Zero Configuration (WZC) needs the SSID broadcast to be On in
> order
> to work correctly (some Wireless Clients need the Broadcast On even with
> their own utilities).
> Broadcast means that while resting (i.e. the Wireless connection is not
> use)
> the Wireless Source transmits burst of signal with its SSID. However,
> switching the Broadcast Off is Not a Big security feature. When the
> Wireless
> is actually used it Broadcasts the SSID regardless of the status at Rest.
> In other word While you are using your Wireless your SSID will popup on
> any
> neighbor computer whether the Broadcast is On or Off. In addition there
> are
> simple Utilities that can wake the Wireless even if the Broadcast is Off
> and
> you are not using it at the moment.

As I don't seen any need to engage in a technical debate on wireless frame
traffic composition, I'll agree to disagree on the usefullnes / necessity of
the Broadcast SSID feature.

The bottom line, regardless of the broadcast configuration, (and I think we
agree here) is that there are more important / secure steps that should be
taken anyway. Encryption chief among them.
Anonymous
a b F Wireless
March 4, 2005 10:31:00 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi.
I am not trying to advocate this as a solution for Home/SOHO users, however
for the record.
NAS is Network Attached Storage.
You meant IAS: Internet Authentication Service
IAS can be used a form of RADIUS Server to authenticate Wireless Connection.
http://www.microsoft.com/technet/community/chats/trans/...
Jack (MVP-Networking).



"Mr. Smith" <backup@yahoo.com> wrote in message
news:uOmUG7MIFHA.3588@TK2MSFTNGP14.phx.gbl...
> Yes, but note this. If you disable SSID on your access points etc, how do
> your wireless clients know where to connect? You will have to instruct
your
> WiFi users as to what to use as an SSID to connect to your Wireless
network.
> It would be the same as if you also used WEP, you would still need to give
> that info to your users.
>
>
>
> I say run the network openly and perhaps issues certs to the users to use
to
> secure by MAC Address. You could use some "I think it's called NAS,
someone
> correct me please if I am wrong" radius type logins so that users would
have
> to enter in user id and passwords.
>
>
Anonymous
a b F Wireless
March 28, 2005 1:06:21 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

The short answer is no.

The longer answer - If your wireless network is in use, every packet sent to
your access point has a destination that can be read by any client that is
configured to listen(your neighbor). There are many utilities that do this
and they are very simple to use.

Some mention has also been made of disabling broadcast SSIDs. This provides
no additional security and degrades the client experience. Your network
name is out in the air with or without this flag.

Jack has offered some links and information on securing your wireless
connection and it is good advice.

--
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mark Hall" <mahall1988@ntlworld.com> wrote in message
news:96bca26a.0503040441.33037156@posting.google.com...
>i am running a wireless network and some1 accross the road can see our
> network. is it possible to block them.
>
> thanks in advance
Anonymous
a b F Wireless
April 5, 2005 12:02:06 AM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

>> i am running a wireless network and some1 accross the road can see our
>> network. is it possible to block them.

>There is no way you can prevent someone just seeing your wireless
>network; that is how wireless works. You can turn off SSID
>broadcasting, but this is not advantageous for your own network and
>really provides no security. You should make sure you have enabled
>encryption on your network, and you may also choose to do MAC address
>filtering on your router, only allowing your own computers to access
>the network. Then, although your network will be visible to outsiders,
>they will not be able to connect. Here is a link regarding basic
>wireless security:
>
>Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html

Any hacker who can get through encryption and MAC filtering will have
no problem finding an SSID. And some network configurations will not
work unless the SSID is turned on.
!