Wireless Security
Wireless Security
by Doctor Inferno on Mon 31 Dec - 11:25
Lesson 1: Getting started: Wireless Security
A wireless, or Wi-Fi, network is extremely convenient for home and small business users. It’s inexpensive, easy to set up, and it allows two or more computers to share a broadband Internet connection without the hassles of wires.
Wi-Fi security is every bit as important as virus and malware protection. It takes a bit of effort, but you can’t afford to let it slide.
Let’s get started by defining some key terms:
* IEEE 802.11: A family of wireless networking standards developed by the Institute of Electrical and Electronics Engineers (IEEE). The 802.11b/g protocols are most common among wireless LANs. While g is faster than b-running at 54 megabits per second (Mbps) versus 11Mbps–the upcoming 802.11n spec promises far speedier performance for demanding applications like video. In the interim, routers based on an early draft of 802.11n, such as the routers based on an early draft of 802.11n, are now shipping.
* MAC address: A 12-digit number used to identify each piece of hardware on the network. MAC stands for Media Access Control.
* SSID: An acronym for Service Set Identifier, SSID is the name of your wireless network. It has up to 32 letters or numbers. When you buy a Wi-Fi router, it comes with a default SSID, which you’ll need to change for security reasons. (I’ll explain how to do this later.) In order to talk to each other, each device on your wireless LAN must use the same SSID.
* WEP: Wired Equivalent Privacy (WEP) encrypts data transmitted over wireless networks. It’s not the best security technology, and it’s easy to crack. On the other hand, WEP is easy to configure, and using it is far better than running a Wi-Fi network with all security turned off.
* WPA: A wireless security protocol that’s much better than the easily-hacked WEP. Short for Wi-Fi Protected Access, WPA offers improved data encryption, which makes it a lot harder for hackers to read intercepted messages. It also adds user authentication to thwart bad guys from posing as valid users. The downside: WPA is harder to set up, adds overhead to network packets, and can slow performance, and pre-2003 hardware might not be upgradeable to WPA. Still, it’s the better choice.
****************************************************************
Lesson 2: Securing your wireless hardware
This lesson describes how to configure your Wi-Fi hardware to maximize security.
Wireless networking devices are equipped with a lot of tools to secure your LAN. Unfortunately, some hardware makers leave these features turned off. It’s your job to make sure they’re turned on.
» Change the default password: A wireless access point or router usually ships with an administrator password that you enter (via setup software) to change settings. Since default password lists are incredibly easy to find on the Internet, you’ll want to create a new password right away (see Figure 1). For added protection, your password should include letters, numbers, and unusual characters such as @,%,^,or ~.
Figure1
» Change the default SSID: This is the name of your wireless network. For instance, my SMC router has the default name, but I changed mine. (See Figure 2.) Your mission: Rename your network. While a new name won’t keep crackers away, it’ll show them you’re reasonably tech savvy and have probably implemented decent security.
Figure2
» Disable SSID broadcast: By default, your Wi-Fi network broadcasts its name to all wireless users within range. If you’ve used a Wi-Fi hot spot at a café or restaurant, you know the drill: Your wireless device picks up the access point’s SSID signal and tries to connect. By disabling SSID broadcast, you make your network invisible to your neighbors. (See Figure 3.)
Figure3
» Enable MAC address filtering: Many wireless access points and routers have a security feature called MAC address filtering, which lets you create a select list of devices that can access your LAN. While not bulletproof — hackers have been known to crack it — MAC address filtering is a good Wi-Fi security feature that you should implement. If your hardware supports address filtering, see your manual or vendor site for setup instructions.
Tip:
Congratulations! Your router supports MAC address filtering. But how do you find a MAC address? In Windows, click Start/Run and type cmd in the Open window. A DOS-style command prompt window pops up. Type ipconfig/all on the command line and hit Enter. Look for a line that reads Physical Address, followed by a 12-digit number. That number is the MAC address. (See Figure 4.)
A wireless, or Wi-Fi, network is extremely convenient for home and small business users. It’s inexpensive, easy to set up, and it allows two or more computers to share a broadband Internet connection without the hassles of wires.
Wi-Fi security is every bit as important as virus and malware protection. It takes a bit of effort, but you can’t afford to let it slide.
Let’s get started by defining some key terms:
* IEEE 802.11: A family of wireless networking standards developed by the Institute of Electrical and Electronics Engineers (IEEE). The 802.11b/g protocols are most common among wireless LANs. While g is faster than b-running at 54 megabits per second (Mbps) versus 11Mbps–the upcoming 802.11n spec promises far speedier performance for demanding applications like video. In the interim, routers based on an early draft of 802.11n, such as the routers based on an early draft of 802.11n, are now shipping.
* MAC address: A 12-digit number used to identify each piece of hardware on the network. MAC stands for Media Access Control.
* SSID: An acronym for Service Set Identifier, SSID is the name of your wireless network. It has up to 32 letters or numbers. When you buy a Wi-Fi router, it comes with a default SSID, which you’ll need to change for security reasons. (I’ll explain how to do this later.) In order to talk to each other, each device on your wireless LAN must use the same SSID.
* WEP: Wired Equivalent Privacy (WEP) encrypts data transmitted over wireless networks. It’s not the best security technology, and it’s easy to crack. On the other hand, WEP is easy to configure, and using it is far better than running a Wi-Fi network with all security turned off.
* WPA: A wireless security protocol that’s much better than the easily-hacked WEP. Short for Wi-Fi Protected Access, WPA offers improved data encryption, which makes it a lot harder for hackers to read intercepted messages. It also adds user authentication to thwart bad guys from posing as valid users. The downside: WPA is harder to set up, adds overhead to network packets, and can slow performance, and pre-2003 hardware might not be upgradeable to WPA. Still, it’s the better choice.
****************************************************************
Lesson 2: Securing your wireless hardware
This lesson describes how to configure your Wi-Fi hardware to maximize security.
Wireless networking devices are equipped with a lot of tools to secure your LAN. Unfortunately, some hardware makers leave these features turned off. It’s your job to make sure they’re turned on.
» Change the default password: A wireless access point or router usually ships with an administrator password that you enter (via setup software) to change settings. Since default password lists are incredibly easy to find on the Internet, you’ll want to create a new password right away (see Figure 1). For added protection, your password should include letters, numbers, and unusual characters such as @,%,^,or ~.
Figure1
» Change the default SSID: This is the name of your wireless network. For instance, my SMC router has the default name, but I changed mine. (See Figure 2.) Your mission: Rename your network. While a new name won’t keep crackers away, it’ll show them you’re reasonably tech savvy and have probably implemented decent security.
Figure2
» Disable SSID broadcast: By default, your Wi-Fi network broadcasts its name to all wireless users within range. If you’ve used a Wi-Fi hot spot at a café or restaurant, you know the drill: Your wireless device picks up the access point’s SSID signal and tries to connect. By disabling SSID broadcast, you make your network invisible to your neighbors. (See Figure 3.)
Figure3
» Enable MAC address filtering: Many wireless access points and routers have a security feature called MAC address filtering, which lets you create a select list of devices that can access your LAN. While not bulletproof — hackers have been known to crack it — MAC address filtering is a good Wi-Fi security feature that you should implement. If your hardware supports address filtering, see your manual or vendor site for setup instructions.
Tip:
Congratulations! Your router supports MAC address filtering. But how do you find a MAC address? In Windows, click Start/Run and type cmd in the Open window. A DOS-style command prompt window pops up. Type ipconfig/all on the command line and hit Enter. Look for a line that reads Physical Address, followed by a 12-digit number. That number is the MAC address. (See Figure 4.)
Last edited by Doctor Inferno on Mon 24 Nov - 11:38; edited 1 time in total
Re: Wireless Security
by Doctor Inferno on Mon 31 Dec - 11:41
Lesson 3: Wireless security features in Windows XP
In this lesson, I’ll use Windows XP’s wireless security tools to bolster Wi-Fi protection.
Windows XP supports both WEP and WPA security. As discussed in Lesson 1 , WPA provides superior protection and is the better choice. But if your Wi-Fi hardware is a few years old, it may not be upgradeable to WPA. Contact your vendor to find out if it is.
Tip:
A WEP-to-WPA upgrade can be tricky. Your wireless access points, network adapters, and clients will need software upgrades, and access points may require a firmware update. The Microsoft Support Site provides a detailed overview of what’s needed.
If you’re configuring a new Wi-Fi network, use the Windows XP Wireless Network Setup Wizard.
Figure1
* Go to Start/Control Panel/Wireless Network Setup Wizard. (See Figure 1.)
* You’ll need to enter the SSID, or network name, which can be up to 32 characters long. Use the SSID you created in Lesson 2.
* You should add either WEP or WPA security. The wizard selects WEP by default, but you can switch to WPA by checking a box at the bottom of the screen.
* Windows will automatically select a WEP security key, which wireless clients will need to access your network. (This should stop the neighbors from piggybacking on your Internet connection.) If you prefer, you can create your own security key, too. (See Figure 2.)
Figure2
Use a USB flash drive to save your network settings. (The wizard recommends this.) The flash drive, shown in Figure 3, allows you to quickly port the wireless LAN settings to other Wi-Fi devices. The slower, more tedious alternative is to manually reenter these settings on each device.
Figure3
If you take the manual route, don’t forget to print your network settings before completing the wizard. Doing this is easy: Just click the Print Network Settings button on the final screen. (See Figure 4.)
Tip:
Adding a wireless printer to your network? It’s easy to add new devices. Simply launch the Wireless Network Setup Wizard and select Add new computers or devices to [your network’s name] on the second screen.
****************************************************************
Lesson 4: Wireless security and firewalls
In this lesson, I’ll examine the firewall’s role in wireless network security and discuss potential conflicts.
Your wireless network needs a firewall for protection against malicious hackers. You’ll want a wireless router or access point with a hardware firewall, meaning one that operates inside the device and protects all the computers on the network. Naturally, it should offer plenty of configuration options for managing data traffic traveling to and from your computer ports.
Tip:
Do you need to connect to your network while on the road? Look for a firewall that allows VPN connections. VPN, or Virtual Private Networking, lets you send data via an encrypted private tunnel over the public Internet. My SMC router is an example of a wireless router (with a firewall) that supports VPN pass-through. For most home users, though, a VPN is unnecessary.
With a hardware firewall, there’s no need to run a separate software firewall, such as the one that comes with Windows XP. You can, however, run one for added protection, although sometimes conflicts arise when two firewalls try to do the same job. For instance, your Internet connection may drop.
Or you can disable the software firewall running on each computer, and free up system resources for other tasks. To turn off the Symantec Client Firewall, for instance:
* Right-click your Firewall icon in the Taskbar tray.
* Click Disable your Firewall.
* Other firewall vendors, including ZoneAlarm, provide a similarly easy solution. To disable the Windows XP SP2 firewall, which is turned on by default, go to Start/Control Panel/Security Center and click Windows Firewall.
Another benefit of the hardware firewall: All of your applications follow the same rules when it comes to Internet access.
Tip:
A NAT firewall is a good choice for added protection. NAT, or Network Address Translation, is a technology that hides your internal IP addresses from the public Internet. It uses one set of addresses inside your network and another set externally.
In this lesson, I’ll use Windows XP’s wireless security tools to bolster Wi-Fi protection.
Windows XP supports both WEP and WPA security. As discussed in Lesson 1 , WPA provides superior protection and is the better choice. But if your Wi-Fi hardware is a few years old, it may not be upgradeable to WPA. Contact your vendor to find out if it is.
Tip:
A WEP-to-WPA upgrade can be tricky. Your wireless access points, network adapters, and clients will need software upgrades, and access points may require a firmware update. The Microsoft Support Site provides a detailed overview of what’s needed.
If you’re configuring a new Wi-Fi network, use the Windows XP Wireless Network Setup Wizard.
Figure1
* Go to Start/Control Panel/Wireless Network Setup Wizard. (See Figure 1.)
* You’ll need to enter the SSID, or network name, which can be up to 32 characters long. Use the SSID you created in Lesson 2.
* You should add either WEP or WPA security. The wizard selects WEP by default, but you can switch to WPA by checking a box at the bottom of the screen.
* Windows will automatically select a WEP security key, which wireless clients will need to access your network. (This should stop the neighbors from piggybacking on your Internet connection.) If you prefer, you can create your own security key, too. (See Figure 2.)
Figure2
Use a USB flash drive to save your network settings. (The wizard recommends this.) The flash drive, shown in Figure 3, allows you to quickly port the wireless LAN settings to other Wi-Fi devices. The slower, more tedious alternative is to manually reenter these settings on each device.
Figure3
If you take the manual route, don’t forget to print your network settings before completing the wizard. Doing this is easy: Just click the Print Network Settings button on the final screen. (See Figure 4.)
Tip:
Adding a wireless printer to your network? It’s easy to add new devices. Simply launch the Wireless Network Setup Wizard and select Add new computers or devices to [your network’s name] on the second screen.
****************************************************************
Lesson 4: Wireless security and firewalls
In this lesson, I’ll examine the firewall’s role in wireless network security and discuss potential conflicts.
Your wireless network needs a firewall for protection against malicious hackers. You’ll want a wireless router or access point with a hardware firewall, meaning one that operates inside the device and protects all the computers on the network. Naturally, it should offer plenty of configuration options for managing data traffic traveling to and from your computer ports.
Tip:
Do you need to connect to your network while on the road? Look for a firewall that allows VPN connections. VPN, or Virtual Private Networking, lets you send data via an encrypted private tunnel over the public Internet. My SMC router is an example of a wireless router (with a firewall) that supports VPN pass-through. For most home users, though, a VPN is unnecessary.
With a hardware firewall, there’s no need to run a separate software firewall, such as the one that comes with Windows XP. You can, however, run one for added protection, although sometimes conflicts arise when two firewalls try to do the same job. For instance, your Internet connection may drop.
Or you can disable the software firewall running on each computer, and free up system resources for other tasks. To turn off the Symantec Client Firewall, for instance:
* Right-click your Firewall icon in the Taskbar tray.
* Click Disable your Firewall.
* Other firewall vendors, including ZoneAlarm, provide a similarly easy solution. To disable the Windows XP SP2 firewall, which is turned on by default, go to Start/Control Panel/Security Center and click Windows Firewall.
Another benefit of the hardware firewall: All of your applications follow the same rules when it comes to Internet access.
Tip:
A NAT firewall is a good choice for added protection. NAT, or Network Address Translation, is a technology that hides your internal IP addresses from the public Internet. It uses one set of addresses inside your network and another set externally.
Re: Wireless Security
by Doctor Inferno on Mon 31 Dec - 12:30
Lesson 5: Protection at public Wi-Fi hot spots
In this lesson, I’ll show you ways to keep your system secure when using a public Wi-Fi hot spot.
So you’re sitting in a public Wi-Fi hot spot, such as a coffee shop or motel, and you’re browsing travel sites for airline tickets. You’ve found an amazing deal and you’re ready to buy. Out comes the credit card. Warning: You’ve entered the Wi-Fi Danger Zone!
A public Wi-Fi hot spot, such as those found at cafes and airports–and even throughout some cities–poses a serious security threat, particularly for the naive user. Why? Most hotspots commit the Deadly Sins of Wireless Security:
* They don’t use WEP or WPA encryption. A cracker could read all data traveling to and from your computer.
* They broadcast their SSIDs.
* They don’t bother with passwords, MAC address filtering, and other security stuff.
Of course, a public hot spot can’t implement these security features and still offer free Internet access to all. So how do you protect yourself when surfing there?
* Limit your hot spot usage to basic Internet surfing. Don’t do online banking, shopping, or other activities that require sensitive information such as passwords or credit card numbers.
* If you’re a telecommuter or business traveler connecting to the office LAN, use a virtual private network (VPN), which encrypts your data and routes it via a private tunnel over the public Internet.
* Watch out for the Evil Twin. This may sound like a cheesy horror flick, but it’s a real threat. A cracker sets up a rogue Wi-Fi access point with a name very similar to that of the legitimate hotspot. An unsuspecting user connects to the rogue hot spot, and the hacker begins mining the user’s hard drive for personal information. The solution is to make sure you’re connecting to the official hot spot. If it’s a restaurant or cafe, ask the staff for the hot spot’s name (but don’t be surprised if they don’t know).
Also, configure Windows so that it doesn’t automatically connect to “non-preferred” wireless networks. This prevents your laptop from automatically reconnecting to a potentially dangerous access point, should the public hot spot go down. (Windows may already be set this way, but you should check.)
* Right-click the Wireless Network Connection icon in the Taskbar tray, and select View Available Wireless Networks.
* In the Related Tasks window, click Change Advanced Settings.
* Click the Wireless Networks tab, then the Advanced button.
* Uncheck the Automatically connect to non-preferred networks box.
****************************************************************
Lesson 6: Battling viruses, spam, and other threats
In this lesson, I’ll show you some new ways that Wi-Fi users can fight malware.
By now you’re aware that wireless networks face security threats that don’t affect wired LANs. Unfortunately, the Wi-Fi crowd must contend with traditional dangers too, including spam, spyware, and viruses.
Until recently, the only solution for battling malware was to run security software such as Kaspersky Internet Security or ESET Smart Security. But these powerful utilities can hamper performance on the computers that run them, gobbling up memory and processor power better spent on other tasks.
In addition to running hardware or software security tools, Windows users should install the latest “critical” updates as soon as Microsoft releases them (which, alas, is often). These updates patch security holes in Internet Explorer and other operating system components.
* Go to Start/Control Panel/Security Center.
* Select Automatic Updates (if it isn’t already turned on). Click OK.
* On the Security Center screen, under Resources, click Check for the latest updates from Windows Update.
* Your browser will load and take you to the Windows Update site. Click Express to download and install any available updates.
In this lesson, I’ll show you ways to keep your system secure when using a public Wi-Fi hot spot.
So you’re sitting in a public Wi-Fi hot spot, such as a coffee shop or motel, and you’re browsing travel sites for airline tickets. You’ve found an amazing deal and you’re ready to buy. Out comes the credit card. Warning: You’ve entered the Wi-Fi Danger Zone!
A public Wi-Fi hot spot, such as those found at cafes and airports–and even throughout some cities–poses a serious security threat, particularly for the naive user. Why? Most hotspots commit the Deadly Sins of Wireless Security:
* They don’t use WEP or WPA encryption. A cracker could read all data traveling to and from your computer.
* They broadcast their SSIDs.
* They don’t bother with passwords, MAC address filtering, and other security stuff.
Of course, a public hot spot can’t implement these security features and still offer free Internet access to all. So how do you protect yourself when surfing there?
* Limit your hot spot usage to basic Internet surfing. Don’t do online banking, shopping, or other activities that require sensitive information such as passwords or credit card numbers.
* If you’re a telecommuter or business traveler connecting to the office LAN, use a virtual private network (VPN), which encrypts your data and routes it via a private tunnel over the public Internet.
* Watch out for the Evil Twin. This may sound like a cheesy horror flick, but it’s a real threat. A cracker sets up a rogue Wi-Fi access point with a name very similar to that of the legitimate hotspot. An unsuspecting user connects to the rogue hot spot, and the hacker begins mining the user’s hard drive for personal information. The solution is to make sure you’re connecting to the official hot spot. If it’s a restaurant or cafe, ask the staff for the hot spot’s name (but don’t be surprised if they don’t know).
Also, configure Windows so that it doesn’t automatically connect to “non-preferred” wireless networks. This prevents your laptop from automatically reconnecting to a potentially dangerous access point, should the public hot spot go down. (Windows may already be set this way, but you should check.)
* Right-click the Wireless Network Connection icon in the Taskbar tray, and select View Available Wireless Networks.
* In the Related Tasks window, click Change Advanced Settings.
* Click the Wireless Networks tab, then the Advanced button.
* Uncheck the Automatically connect to non-preferred networks box.
****************************************************************
Lesson 6: Battling viruses, spam, and other threats
In this lesson, I’ll show you some new ways that Wi-Fi users can fight malware.
By now you’re aware that wireless networks face security threats that don’t affect wired LANs. Unfortunately, the Wi-Fi crowd must contend with traditional dangers too, including spam, spyware, and viruses.
Until recently, the only solution for battling malware was to run security software such as Kaspersky Internet Security or ESET Smart Security. But these powerful utilities can hamper performance on the computers that run them, gobbling up memory and processor power better spent on other tasks.
In addition to running hardware or software security tools, Windows users should install the latest “critical” updates as soon as Microsoft releases them (which, alas, is often). These updates patch security holes in Internet Explorer and other operating system components.
* Go to Start/Control Panel/Security Center.
* Select Automatic Updates (if it isn’t already turned on). Click OK.
* On the Security Center screen, under Resources, click Check for the latest updates from Windows Update.
* Your browser will load and take you to the Windows Update site. Click Express to download and install any available updates.
Last edited by Doctor Inferno on Mon 24 Nov - 11:39; edited 1 time in total
thank you so much doc
Re: Wireless Security
by jbender on Tue 2 Dec - 9:19
awesome. very informative, always a pleasure doc. Thank you.