Newbie tips on security for wireless home network

Discussion in 'Wireless Internet' started by Ryan, Sep 1, 2004.

  1. Ryan

    Ryan Guest

    I am completely new to 802.11. When my new laptop arrives in a week I
    will be sharing my Internet connection between two machines (and also
    networking the laptop with my existing desktop machine). I'm running
    Win2K on the desktop and WinXP Home on the laptop.

    What are the basic steps I need to take to ensure I'm not opening my
    machines to univited visitors? Is one brand of router better than
    others when it comes to security? Can anyone recommend a good site
    with solid tips for beginners like me?

    -- Ryan
    Ryan, Sep 1, 2004
    1. Advertisements

  2. Ryan,

    Welcome to the Monkey House.

    If your laptop has an 802.11G wireless card, they usually come with "WPA"
    encryption capability. Be sure that you turn it on for all machines. If
    you'll be using 802.11B, then you're probably limited to WEP encryption,
    which can be easily cracked but is better than nothing.

    I suggest you purchase a router/NAT box, such as a Linksys WRT54G, and use
    that to handle the interface chores. If you're going to do without a router,
    and share your connection by using Interent Connection Sharing on your PC,
    you'll need to put the wireless cards into "Ad Hoc" mode.

    Basic security steps:

    1. _NEVER_ enable a "writeable" share! To transfer information between
    machines, share _ONE_ folder in "Read Only" mode, and _PULL_ the information
    from that PC to its destination, i.e., use the destination machine to access
    the shared folder on the source, and copy/paste into the destination folder.
    You will, of course, have to move the files into the shared folder on the
    source machine first.

    2. Be sure _all_ your machines are up-to-date with _all_ security patches.
    Ditto for AntiVirus software.

    3. Disable unneeded services, such as Windows Messenging Service and
    Personal Web Server, to reduce your exposure to vulnerabilities.

    4. If you have a machine connected directly to the net, pay for firewall
    software such as Zone Alarm. On second thought, put firewall software in no
    matter how you get to the net.

    5. Never use the Administrator account for routine business. Always create
    restricted user accounts for all users, yourself included, and use
    Administrator only for specific tasks that require it, such as software

    6. While you're at it, rename the Administrator account to something else.
    Some viruses test commonly-used passwords on the Administrator account, and
    if they find a match, you're owned. Don't worry about losing functionality:
    the "Administrator" name is just a convention, and the actual user id is a
    number that doesn't change.

    7. Run a vulverability scan on each machine. There are a number of free
    scanners available, and they'll check for weak passwords, open shares, and
    common exploits.

    8. Ask yourself what information is on the machines, and whether anyone else
    would want it. The answer is usually "No", but remember that locks are used
    to keep honest people honest, and you should use them if you have them. If
    you have material on the PC's that could help your business competitors in
    some big way, then the game changes and you need to hire someone like me to
    improve your security.


    William Warren, Sep 2, 2004
    1. Advertisements

  3. Ryan

    dold Guest

    If you are on a wireless network, you should have a firewall on every
    machine, wireless or not, that is on the router.
    Anyone connecting to your Wireless network is on "your side" of the
    hardware firewall provided by the router.

    This is aside from making some attempt to deter people from joining your
    wireless network.

    And when you drop by Starbucks, or some airport or hotel hotspot, you'll
    already have the firewall in place.

    WinXP has a firewall already built in. It isn't very configurable, though.
    It's not clear what it is doing for me. I can't see how to "bless" an IP
    address the way you do with ZoneAlarm, and yet I am able to share my
    folders with that machine. That implies to me that any machine on the
    local subnet is allowed access, which runs against my idea that you don't
    trust everyone on your local [wireless] network.
    dold, Sep 2, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.