|
|
650-728-7918 tech@mikecomputerguy.com
Wireless Security
|
|
The popularity of home and small office wireless networks is growing very quickly. Many computer users are installing
these systems without changing the default settings. This leaves their network wide open to anyone within range of
their wireless signal. Recently a wireless network owner was held responsible for damage done to a corporate network
by someone who broke into the corporate network using the owner's unsecured wireless network.
By default, wireless network hardware is configured to be easily installed, sometimes taking no additional configuration
on the part of the user to get it up and running. There are some simple settings that can make your network harder to break
into, but no solution works 100%. If someone wants to get in badly enough, and they have the know how, they will get in.
Simple steps to securing your wireless network:
- Change the administrator password in the wireless router. Anyone who has owned a Linksys router knows the default
password is admin. A malicious person could get in and change your router's settings including the password.
- Change your SSID (This is your wireless network's name) to something other than the default. I have a computer in
my work truck with a wireless network card. I am amazed at how many wireless networks I can see while driving down the
highway. When I see a network named "Linksys" I know this person probably did not change any of the default settings.
This means I could park in front of their house and use their Internet connection. If I used what is known as a packet
sniffer, I could also see what web pages are being viewed and I could see any email messages being sent or received.
It may also be possible to get into any other computers on a network hooked up to the wireless router and delete or steal data.
- Enable WEP (Wired Equivalent Privacy, often incorrectly referred to as Wireless Encryption Protocol). WEP has received a lot of bad press as it is an encryption scheme that can be
easily cracked. The casual cracker will not be able to get passed it, so use it. It is like locking the door to your
house. The casual guy looking for unlocked doors will pass your house up, but someone who is determined to get in will.
You will want to use the maximum bits allowed by your wireless system. 128 bit WEP is recommended if available.
Not so simple step to securing your wireless network:
Enable the MAC address filtering. This feature is not available on all wireless units. A MAC address is a hex number
that uniquely identifies a particular piece of hardware. Each wireless network card has a MAC address. In some wireless
units it is possible to tell it to only allow certain MAC addresses to access the network.
To get the MAC address of your wireless network card:
- In Windows 2000 and XP go to the "Run" command in Windows then type "cmd". This brings up the command window.
- In other Windows versions open a DOS Window from the program menu.
- Type "ipconfig /all", then look for your wireless card. Look for the line that says "Physical Address". That is the
MAC address. Enter this number into the MAC table in your wireless unit's configuration screen. Be aware that there is
often an option to "filter" these MAC addresses which will deny access to the MAC addresses filtered.
Difficult but much more secure step to securing your wireless network:
- Setup a VPN (Virtual Private Network) between your wirelessly connected device and your server. This is no trivial
feat and requires a Windows 2000 or 2003 server. It is preferred that you have a dedicated VPN server as VPN has issues
with other Microsoft services. For more information check out
http://www.zensecurity.co.uk/resources/howto.asp?url=2000vpn.
|
|
