WLAN Lockdown

If you fail to lock your wireless network, a perfect stranger could use your internet connection, steal data, interrupt file transfers, or even turn your computer into a ‘zombie’ PC. Windows shows you how to get protected...

  • E-Mail
By  Matthew Wade Published  November 1, 2005

|~|WLAN-lockdown---m.jpg|~|Wireless Encryption Protocol (WEP) is a security function that works by setting a 64-bit or 128-bit key between clients and an access point.|~|Quick Starter Guide If you're short on time, here are some quick tips to help keep prowlers out and your data safe: - Don't have WiFi enabled on your PC or laptop unless you're using your network - Avoid storing passwords, credit card numbers, bank information, or other personal data on your PC - Install anti-virus software and keep it up-to-date - Install up-to-date anti-spyware software such as Microsoft's Anti-Spyware or Lavasoft’s Ad-Aware program - Keep your wireless access point away from windows. Instead, keep it near the centre of your apartment or villa to reduce its signal strength outside of the intended coverage zone - Use strong and complex passwords (a combination of letters and numbers) - Connect your wireless access point to a network cable when sending sensitive data over the internet. (e.g. bank or credit card information). Now, if you've got a little time to spare, let's examine the process in depth: 1. Use a Firewall A firewall is the easiest way to protect your network. We recommend ZoneAlarm (www.zonealarm. com). Once installed, open ZoneAlarm and click the 'Firewall' tab. Then set the security mode. If set to 'High', your internet connection will be in stealth mode, which means you won't be able to play online games or share files. The next mode is Medium, which makes your PC visible online but stops users from accessing online resources. The 'Low' setting turns the firewall off. Next, set the trusted zone security settings. To add zones to the your 'Trusted Zone' list, click the 'Zones' tab, then 'Add', and choose the web site, IP address or subnet in question. All traffic sources not listed in the 'Trusted Zone' go in the 'Internet Zone' by default. Next, go to File Menu/Program Control to view a list of all the programs that have tried to access your internet connection or network, along with the permissions that were granted. To change the permission of a program, simply click the 'X', 'Y' or '?' and change it. If you choose 'Y', ZoneAlarm will allow that program to use your internet or network. 2. Enable WEP Wireless Encryption Protocol (WEP) is a security function that works by setting a 64-bit or 128-bit key between clients and an access point. It then uses this key to encrypt and de-encrypt the data that passes between these. To configure WEP, you must enable the protocol on the access point using its own interface (or console) and on each wireless adapter (using a card’s software). Next, assign a password for the network. This must be entered identically on each system and access point. It’s then used to negotiate the encryption between these. Since each access point differs as far as its interface is concerned, WEP settings may be found in different locations depending on which access point you use. With most access points these can be found under the 'Security' section of the configuration screen. Most access points have the option of 64-bit or 128-bit WEP. Enabling WEP will slow down 802.11b transmissions slightly and enabling 128-bit will further reduce the speed. For wireless home networks, we recommend 64-bit. Although WEP is not 100% hack-proof, the effort needed to break a WEP-protected network will deter most attackers. 3. Change SSID defaults, stop broadcasting All wireless access points come with a default username, password and SSID (System Set Identifier), which are used to identify the network. Such values could be known and used by hackers so we suggest you change these defaults. Make sure you refrain from giving your access point your name, as this will make it easy for others to guess. If you're using an access point, the SSID must be configured on the device itself. However, if you're using a peer-to-peer network, the SSID must be changed using your operating system. To change or create an SSID through Windows, go to Start/Control Panel/Network Connection. Next, right-click your wireless connection and click Properties and go to ‘Wireless Networks’. Then click Add, followed by the Association tab, and enter a complex SSID. Then select ‘Open’ from the Network Authentication tab and enter a network key (password). We also suggest that you turn SSID broadcasting off. All access points offer this option and it's the simplest way to prevent an intrusion. While your data may not be encrypted, most users will be unaware it even exists. (Some wireless cards have problems connecting to networks that don't broadcast SSID so there’s a chance it won’t work with everyone. Try it anyway.) 4. Practice Secure File Sharing If you fail to secure file sharing on your PC, anyone with access to your network will be able to access your precious data. If you work from home this could be very dangerous, as you may be leaving sensitive finance and contract documents in harm's way. To secure specific drives, files and folders, use Window XP's file sharing option. We suggest you share only what you need to, such as files or folders, but not an entire hard drive. To secure a drive, file or folder, open Windows Explorer, right-click the item in question and select 'Sharing and Security'. Next, click the Sharing tab and select the 'Do not share this folder' option. Now, click the Security tab. By default, all users defined on your XP Professional system have full permissions. If you want to give specific user(s) access to certain files or folders, click the Add button and locate the user or group. Now go to the Permission list below and assign or deny access for each user or group and click OK. After you do this, make sure you delete the group 'Everyone' from the 'Group or user name' list. 5. Disable DHCP To disable DHCP (Dynamic Host Configuration Protocol), refer to your access point's manual for details of how to access its administration and configuration screen. Next, configure each of your wireless network devices with a static IP address rather than automatically acquiring IP addresses using DHCP. To locate your current IP address details, click Start/Run and type 'cmd' followed by Enter. Next, type 'ipconfig' and press Enter. The results tell you the device's current IP address, Subnet Mask and Default Gateway, and the current DNS Servers. To reconfigure your device's IP address settings, click Start/Setting/Control Panel/Network Connections. Now, locate your wireless card on the list, right-click and select Properties. Under 'This connection uses the following items', select Internet Protocol (TCP/IP) entry and click Properties. Next, select 'Use the following IP address' and enter the IP address, subnet mask and default gateway of your choosing. For instance, you can assign 192.168.0.1 on your PC. If you have other PCs on the network, add sequential IP addresses such as 192.168.0.2, 192.168.0.3 and so on. However, if you want tighter network security still, space out your IP addresses to make it harder for your network to be cracked. 6. Disable Messenger Service We strongly recommend disabling Window XP's messenger service as this program has been used in the past by hackers to spread viruses and spyware over wireless networks. Some undesirables also use the service as a means of sending spam and unwanted messages. Unlike e-mail, which can be filtered, these messages won’t stop until you disable the messenger service. (Note: this is not the same as Microsoft's MSN instant messenger or Windows Messenger.) Therefore disabling it won’t have any effect your your instant messaging programs. To disable the service, first click on Start/Settings/Control Panel. Next, click Performance and Maintenance, followed by Administrative Tools. Now, double-click Services/Messenger. In the 'Start up' type list, select Disabled, click Stop and then OK. 7. Permit access via a MAC address A Media Access Control (MAC) address is a unique number that every network-enabled device can be identified by. Most wireless access points will let you set-up access based on MAC addresses, allowing communication with only those computers or devices that you've entered into the address table. This might be time-consuming, but it will definitely help prevent most crackers from breaking into your network. To locate your MAC address, go to Start/Run and type 'cmd'. When DOS opens, type 'ipconfig/all' and Enter. The value in the 'Physical Address' field is your MAC address. If you'd like to set your own MAC address, go to Control Panel/Network Connections, right-click you're chosen adapter and click Properties. Next, under the 'General' tab, click Configure. Now, click the Advanced button, check the 'Property' list, and the 'Locally Administered Address' option. Then check the value field and type your desired MAC address. Finally, use the access point's configuration software to enter your new MAC address. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code