MICRO CENTER: COMPUTERS & ELECTRONICS
In-store Clinics

Wireless Security - Securing Your Network

Router password
The user name and password for accessing a wireless router and access point does not directly impact on wireless security because it only affects the router not the network. It does create a security hole if you do not change it or set a password at all. The reason being that even if you take all the other suggested steps with SSID, WEP and WPA settings, the wireless transmission of data is not 100% secure. If someone succeeds in accessing your network, the security settings in the router cannot be changed without access the menus.

SSID - Service Set IDentifier
Changing the SSID does not really provide any security to your network since many client applications give you some way to browse available networks. Changing the SSID from the default makes it slightly more difficult to determine "known" information about the router (like its capabilities or default passwords.) But if you don't know the SSID because the router is configured not to broadcast it, then a casual passerby will not be able to connect without manually configuring their client settings. This means they either have to monitor wireless activity and capture network packets to analyze, or know the SSID in advance. Hiding the SSID won't keep them out, but it will slow them down.

When the SSID broadcast feature is disabled on a router, the list of available wireless networks (on the client) will not display it in the list. To access a wireless network router that has the SSID "hidden" you must create a connection setting that has the SSID entered manually. To do this, click on the option to "Change Advanced Settings" in the Windows XP SP2 Wireless Connection Wizard, you have access to the "original" Windows XP Wireless configuration screens. From here you can add a new connection, specify the SSID (as it was entered in your router) and specify other settings required for the connection such as WEP and the associated encryption keys.

WEP - Wired Equivalent Privacy
The next level of security you can enable for your wireless network is WEP encryption. Although WEP encrypts your data, people using special network utilities may be able to collect enough information to identify the WEP key that is in use. Once they have the SSID and WEP key, then they can access the network. Like the SSID, WEP won't prevent a determined hacker from accessing your network, but it will prevent or discourage the casual "war drivers" and neighbors. Choices for WEP security may be presented in several ways, but the core features work out to no encryption, 64-bit encryption or 128-bit encryption. (Microsoft and some of the wireless vendors may describe this as 40 bit and 104 bit encryption.)

WEP encryption codes can be entered as a hexadecimal string (numbers 0-9 letters a-f), or generated with a text-based pass-phrase. (The pass-phrase is used to create the hexadecimal string.) If the method to generate the string is not consistent between your different clients, you may need to copy or manually enter the resulting hexadecimal string from one device, and then paste or manually enter it into the rest of the network configuration boxes. The new Wireless Networking Wizard that is part of Windows XP Service Pack 2 includes a method of saving this configuration detail to a USB flash drive (or other storage media) to transfer the necessary settings to other XP SP2 systems.

WPA -Wi-Fi Protected Access
Some routers and clients may support enhanced security features that are stronger than WEP encryption. WPA automatically rotates or changes the encryption key, making it more difficult for eavesdroppers to determine the codes necessary to access your network. All of your devices must support the feature to be able to take advantage of this, so check your documentation. If you are using equipment from assorted manufacturers, and one piece does not support WPA, then you must decide whether to use WPA - but not with that adapter, or not use WPA.

MAC
Media Access Control address filtering Almost all wireless routers support this feature. To determine the hardware (MAC) address for your wireless network adapter, examine the details of your wireless adapter properties or use the text IP configuration utility with the /ALL switch (IPCONFIG /ALL). You can manually enter this address into a client list through the router's setup menus. Once a list of your known adapters has been entered and the MAC filtering feature is active, only devices with these addresses will have access to the router. Again, there are ways around this, but only if the hacker is really determined to get into your equipment.

Wireless network status

Network connection details

MAC filtering must be enabled in the router or access point. Once this has been done, there should be a section to select or enter the MAC Address of the wireless client that you want to have access on the network. Devices that are not in the MAC address list will not be able to connect to the network. The MAC address for your adapter can be found on a label on the adapter itself in most cases, although if this is a wireless adapter built-in to a notebook computer, you will find it easier to just check the network connection status. To do this, open your Network Connections, either from the Control Panel or by right clicking on "My Network Places" and selecting "Properties". Double click on your wireless connection icon to open the status window. Click the "Details" button to display the current configuration details and the MAC address (Physical Address) at the top of the list. Most routers will allow you to add MAC address from a list of devices that have recently connected to the router. Verify that the MAC address you select is the one that matches your client computer.

General Network Security
Hiding the SSID, using WEP, WPA and MAC Address filtering are all features of Wireless Networking; In addition to these, you should take general Internet and networking security precautions as well. Standard security measures would include Virus Scanning, Firewalls, and restricting your resources being shared.

Virus Scanning
Virus scanners with current definition files will generally scan any file or attachment that gets saved to your computer. Most Anti-Virus programs scan the files as they arrive, even in the background, blocking or deleting threats before they can infect your system. When sharing your hard drive or directory on the network, most will detect infected files as they arrive, even from "trusted" users on the network.

Firewalls
Firewalls are software that monitor and block suspicious network activity. Windows XP has a basic firewall that can be enabled for any network connection, including Wireless connections. With Service Pack 2, a more robust version that allows you more configuration options is installed. The main feature of the Windows Firewall is to block external threats from accessing your computer over your network. Third party Firewalls can expand on the features to monitor activity generated by the various programs on your computer, alerting you to suspicious behavior as it occurs. This has the advantage of detecting (and blocking) Spyware and Adware types of software, attempting to report your activity or sending personal information out to the Internet.

Resource Sharing
As with any network, you can share printers and files on the network. But without some sort of security, anyone connecting to your network can access these resources. For this reason, sharing your files on the network can be a risk to either privacy or the security of the system itself. If you share your C: drive for example, you are allowing people on the network access to all of the files on the drive, and not just ones that might be in your pictures or documents folder. There would be network access open to your system files, to the hidden boot files, and to your programs and data files as well. If an unknown someone were to alter or delete one of the critical system files, it is possible that your system would not be able to start the next time you power on. If a program directory were deleted, that application would have to be re-installed before you could use it again. And if you lose the only copy of your report or thesis paper, you could be out of luck in more ways than one. What can you do to prevent this type of issue? The easiest way to avoid problems like this is not to share printers and files on the network, but if you need to do so, only share the folder that contains files that you want others to be able to access. In simple terms, share individual folders and not drives.

You can also restrict access to files that are being shared by creating a read-only share. When you share a folder, one of the options is to "Allow others to make changes to the files." By leaving this check box blank, others can access your shared folder and the files you place inside, but they cannot delete or change the files themselves.

If you want to get really paranoid, or you just like the level of control that was standard in Windows NT or Windows 2000, then turn off "Simple File Sharing" under the folder options. When this feature is disabled, you can set security and access permissions for folders or individual files. Additional levels of security can be set, allowing you to allow one user read-only access, and another full-modification access. You can prevent the folder directory from being shown, but allow access to a file if they know the name. To enable or disable simple file sharing, open My Computer, select "Folder Options" from the Tools menu, select the "View" tab and scroll to the bottom of the checkmark list. To be able to grant permissions to a specific user, you will have to add users from "User Accounts" in the control panel. If you get thoroughly confused after looking at this, change it back by replacing the check mark next to "Use Simple File Sharing".

Understanding Tech

Get In-store Clinic Update

Print this article

Shop Online

Send-To-A-
Friend

Your Name:

Your E-mail:

Your Friend's Name:

Your Friend's E-mail:


© Micro Electronics, Inc.