|MICRO CENTER: COMPUTERS AND ELECTRONICS|
|In The Lab
by chris & rob
Rob: Today, we're going to talk about wireless security. I'm sure that all of our readers at least want a wireless network, if they don't have one set up already.
To keep those pesky neighbors and WAR drivers from sucking up your bandwidth and accessing your files, you'll need to practice some "safe wireless networking."
The first thing you should do (or should have done when you set up your router) is change the default user name and password.
Chris: The manufacturer of a router usually uses the same user name and password for all their routers, which makes setup easy. If you don't change them, anyone with access to your network could try the default user name and password to access your router's settings and could keep you from connecting.
Rob: If that does happen, you can always do a hardware reset of your router, but that's a pain. And you'll have to set up your router all over again.
Chris: The next thing you'll want to do is change the default SSID (Service Set IDentifier), or name of the wireless network. Changing the SSID does not really provide any security to your network since many client applications give you some way to browse available networks. Changing the SSID from the default makes it slightly more difficult to determine "known" information about the router (like its capabilities or default passwords).
Rob: An additional step is to disable the router's broadcast of the SSID. When your router broadcasts its SSID, a wireless computer can "see" the router on the list of available networks. If the router is configured not to broadcast an SSID, then a casual passerby will not be able to connect without manually configuring their client settings. Hiding the SSID won't keep them out, but it will slow them down.
Chris: To access a wireless network router that has the SSID "hidden," you must create a connection setting that has the SSID entered manually. To do this in Windows XP, click on the option to "Change Advanced Settings" in the Windows XP SP2 Wireless Connection Wizard, you have access to the "original" Windows XP Wireless configuration screens. From here you can add a new connection, specify the SSID (as it was entered in your router) and specify other settings required for the connection such as WEP and the associated encryption keys. To accomplish this in Mac OSX, see last month's Tech Tip.
Rob: The next level of security you can enable for your wireless network is WEP (Wired Equivalent Privacy) encryption. Like the SSID, WEP won't prevent a determined hacker from accessing your network, but it will prevent or discourage the casual "war drivers" and neighbors. Choices for WEP security may be presented in several ways, but the core features work out to no encryption, 64-bit encryption or 128-bit encryption. (Microsoft and some of the wireless vendors may describe this as 40-bit and 104-bit encryption.)
Chris: WEP encryption codes can be entered as a hexadecimal string (numbers 0-9, letters a-f), or generated with a text-based pass-phrase, (the pass-phrase is used to create the hexadecimal string). If the method to generate the string is not consistent between your different clients (usually a result of using a different vendor for your router and another for your wireless card), you will need to manually enter the resulting hexadecimal string generated by your router into your wireless computers. The new Wireless Networking Wizard that is part of Windows XP Service Pack 2 includes a method of saving this configuration detail to a USB flash drive (or other storage media) to transfer the necessary settings to other XP SP2 systems.
Rob: Some routers and clients may support enhanced security features that are stronger than WEP encryption. WPA automatically rotates or changes the encryption key, making it more difficult for eavesdroppers to determine the codes necessary to access your network. All of your devices must support this feature, so check your documentation.
Chris: Almost all wireless routers support MAC (Media Access Control) address filtering. Each network adapter has a unique MAC address and this is the most extreme way to limit access to your network. MAC filtering also has the most maintenance when expanding the network. Each time you want to add a computer to the network, even temporarily, you need to log into the router and add another MAC address. To determine the hardware (MAC) address for your wireless network adapter, examine the details of your wireless adapter properties or use the text IP configuration utility with the /ALL switch (IPCONFIG /ALL). Once a list of your known adapters has been entered into the router and the MAC filtering feature is active, only devices with these addresses will have access to the router. Again, there are ways around this, but only if a hacker is really determined to get into your equipment.
Rob: Hiding the SSID, using WEP, WPA and MAC Address filtering are a good start for "safe wireless networking," but if you don't secure your computer, you're only winning half of the battle.
Chris: You should take general Internet and networking security precautions as well. Standard security measures would include virus scanning, firewalls, and restricting your resources being shared.
Rob: As a good Random Access reader, I'm sure you've got an anti-virus program running and you keep your virus definitions fresh. Most anti-virus programs scan any files saved to your computer as they arrive, even in the background, blocking or deleting threats before they can infect your system. When sharing your hard drive or directory on the network, most will detect infected files as they arrive, even from "trusted" users on the network.
Chris: Firewalls are software that monitor and block suspicious network activity. Windows XP has a basic firewall that can be enabled for any network connection, including wireless connections. With Service Pack 2, a more robust version that allows you more configuration options is installed. The main feature of the Windows Firewall is to block external threats from accessing your computer over your network. Third party Firewalls can expand on the features to monitor activity generated by the various programs on your computer, alerting you to suspicious behavior as it occurs. This has the advantage of detecting (and blocking) Spyware and Adware types of software, attempting to report your activity or sending personal information out to the Internet.
Rob: As with any network, you can share printers and files over the network. But without some sort of security, anyone connecting to your network can access these resources. For this reason, sharing your files on the network can be a risk to either privacy or the security of the system itself.
Chris: If you share your C: drive for example, you are allowing people on the network access to all of the files on the drive, and not just ones that might be in your pictures or documents folder. There would be network access open to your system files, to the hidden boot files, and to your programs and data files as well.
Rob: If someone were to alter or delete one of the critical system files (even by accident), it is possible that your system would not be able to start the next time you power it on. If a program directory were deleted, that application would have to be re-installed before you could use it again. And if you lose the only copy of your report or thesis paper, you could be out of luck in more ways than one.
Chris: What can you do to prevent this type of issue? The easiest way to avoid problems like this is not to share printers and files on the network, but if you need to do so, only share the folder that contains files that you want others to be able to access. In simple terms, share individual folders and not drives.
Rob: You can also restrict access to files that are being shared by creating a read-only share. When you share a folder, one of the options is to "Allow others to make changes to the files." By leaving this check box blank, others can access your shared folder and the files you place inside, but they cannot delete or change the files themselves.
© Micro Center