Wireless Security - Securing Your Network
Router password
The user name and password for accessing
a wireless router and access point does not directly
impact on wireless security because it only affects
the router not the network. It does create a security
hole if you do not change it or set a password at all.
The reason being that even if you take all the other
suggested steps with SSID, WEP and WPA settings, the
wireless transmission of data is not 100% secure. If
someone succeeds in accessing your network, the security
settings in the router cannot be changed without access
the menus.
SSID - Service Set IDentifier
Changing the
SSID does not really provide any security to your network
since many client applications give you some way to
browse available networks. Changing the SSID from the
default makes it slightly more difficult to determine "known" information
about the router (like its capabilities or default
passwords.) But if you don't know the SSID because
the router is configured not to broadcast it, then
a casual passerby will not be able to connect without
manually configuring their client settings. This means
they either have to monitor wireless activity and capture
network packets to analyze, or know the SSID in advance.
Hiding the SSID won't keep them out, but it will slow
them down.
When the SSID broadcast feature is disabled on a router, the list of available wireless networks (on the client) will not display it in the list. To access a wireless network router that has the SSID "hidden" you must create a connection setting that has the SSID entered manually. To do this, click on the option to "Change Advanced Settings" in the Windows XP SP2 Wireless Connection Wizard, you have access to the "original" Windows XP Wireless configuration screens. From here you can add a new connection, specify the SSID (as it was entered in your router) and specify other settings required for the connection such as WEP and the associated encryption keys.
WEP - Wired Equivalent
Privacy
The next level
of security you can enable for your wireless network
is WEP encryption. Although WEP encrypts your data,
people using special network utilities may be able
to collect enough information to identify the WEP key
that is in use. Once they have the SSID and WEP key,
then they can access the network. Like the SSID, WEP
won't prevent a determined hacker from accessing your
network, but it will prevent or discourage the casual "war
drivers" and neighbors. Choices for WEP security
may be presented in several ways, but the core features
work out to no encryption, 64-bit encryption or 128-bit
encryption. (Microsoft and some of the wireless vendors
may describe this as 40 bit and 104 bit encryption.)
WEP encryption codes can be entered as a hexadecimal string (numbers 0-9 letters a-f), or generated with a text-based pass-phrase. (The pass-phrase is used to create the hexadecimal string.) If the method to generate the string is not consistent between your different clients, you may need to copy or manually enter the resulting hexadecimal string from one device, and then paste or manually enter it into the rest of the network configuration boxes. The new Wireless Networking Wizard that is part of Windows XP Service Pack 2 includes a method of saving this configuration detail to a USB flash drive (or other storage media) to transfer the necessary settings to other XP SP2 systems.
WPA -Wi-Fi
Protected Access
Some routers and clients may support
enhanced security features that are stronger than WEP
encryption. WPA automatically rotates or changes the
encryption key, making it more difficult for eavesdroppers
to determine the codes necessary to access your network.
All of your devices must support the feature to be
able to take advantage of this, so check your documentation.
If you are using equipment from assorted manufacturers,
and one piece does not support WPA, then you must decide
whether to use WPA - but not with that adapter, or
not use WPA.
MAC
Media Access Control address filtering
Almost all wireless routers support this feature. To
determine the hardware (MAC) address for your wireless
network adapter, examine the details of your wireless
adapter properties or use the text IP configuration
utility with the /ALL switch (IPCONFIG /ALL). You can
manually enter this address into a client list through
the router's setup menus. Once a list of your known
adapters has been entered and the MAC filtering feature
is active, only devices with these addresses will have
access to the router. Again, there are ways around
this, but only if the hacker is really determined to
get into your equipment.
MAC filtering must be enabled in the router or access point. Once this has been done, there should be a section to select or enter the MAC Address of the wireless client that you want to have access on the network. Devices that are not in the MAC address list will not be able to connect to the network. The MAC address for your adapter can be found on a label on the adapter itself in most cases, although if this is a wireless adapter built-in to a notebook computer, you will find it easier to just check the network connection status. To do this, open your Network Connections, either from the Control Panel or by right clicking on "My Network Places" and selecting "Properties". Double click on your wireless connection icon to open the status window. Click the "Details" button to display the current configuration details and the MAC address (Physical Address) at the top of the list. Most routers will allow you to add MAC address from a list of devices that have recently connected to the router. Verify that the MAC address you select is the one that matches your client computer.
General Network
Security
Hiding the SSID, using WEP, WPA and MAC Address
filtering are all features of Wireless Networking;
In addition to these, you should take general Internet
and networking security precautions as well. Standard
security measures would include Virus Scanning, Firewalls,
and restricting your resources being shared.
Virus
Scanning
Virus scanners with current definition files
will generally scan any file or attachment that gets
saved to your computer. Most Anti-Virus programs scan
the files as they arrive, even in the background, blocking
or deleting threats before they can infect your system.
When sharing your hard drive or directory on the network,
most will detect infected files as they arrive, even
from "trusted" users on the network.
Firewalls
Firewalls are software that monitor and block suspicious
network activity. Windows XP has a basic firewall that
can be enabled for any network connection, including
Wireless connections. With Service Pack 2, a more robust
version that allows you more configuration options
is installed. The main feature of the Windows Firewall
is to block external threats from accessing your computer
over your network. Third party Firewalls can expand
on the features to monitor activity generated by the
various programs on your computer, alerting you to
suspicious behavior as it occurs. This has the advantage
of detecting (and blocking) Spyware and Adware types
of software, attempting to report your activity or
sending personal information out to the Internet.
Resource
Sharing
As with any network, you can share printers
and files on the network. But without some sort of
security, anyone connecting to your network can access
these resources. For this reason, sharing your files
on the network can be a risk to either privacy or the
security of the system itself. If you share your C:
drive for example, you are allowing people on the network
access to all of the files on the drive, and not just
ones that might be in your pictures or documents folder.
There would be network access open to your system files,
to the hidden boot files, and to your programs and
data files as well. If an unknown someone were to alter
or delete one of the critical system files, it is possible
that your system would not be able to start the next
time you power on. If a program directory were deleted,
that application would have to be re-installed before
you could use it again. And if you lose the only copy
of your report or thesis paper, you could be out of
luck in more ways than one. What can you do to prevent
this type of issue? The easiest way to avoid problems
like this is not to share printers and files on the
network, but if you need to do so, only share the folder
that contains files that you want others to be able
to access. In simple terms, share individual folders
and not drives.
You can also restrict access to files that are being shared by creating a read-only share. When you share a folder, one of the options is to "Allow others to make changes to the files." By leaving this check box blank, others can access your shared folder and the files you place inside, but they cannot delete or change the files themselves.
If you want to get really paranoid, or you just like the level of control that was standard in Windows NT or Windows 2000, then turn off "Simple File Sharing" under the folder options. When this feature is disabled, you can set security and access permissions for folders or individual files. Additional levels of security can be set, allowing you to allow one user read-only access, and another full-modification access. You can prevent the folder directory from being shown, but allow access to a file if they know the name. To enable or disable simple file sharing, open My Computer, select "Folder Options" from the Tools menu, select the "View" tab and scroll to the bottom of the checkmark list. To be able to grant permissions to a specific user, you will have to add users from "User Accounts" in the control panel. If you get thoroughly confused after looking at this, change it back by replacing the check mark next to "Use Simple File Sharing".
• Understanding
Tech
• Get
In-store Clinic Update
• Print
this article
• Shop
Online
© 2008 Micro Electronics, Inc.