TheFuhrmans  
Family Photos, Video and Computer Advice  
Home Networking

Diagram

Wireless

Wired

Security

Setup

Servers / NAS

Network Security

 Previous  Next

Last Updated: October 13, 2007


Wireless Insecurity

Wireless network equipment is sold with all of the security features turned off to allow for an easier installation.  If the security features were all turned on at the factory, then you couldn't get to the installation screens to set up the wireless network.  The danger lies when people don't turn on the security features or turn on only some of them.


Wireless network equipment transmits and receives signals inside and outside of your house up 300 feet.  With all of the security features turned off, others can use your internet connection.  Others can also see your hard drive as easily as if they were sitting at your computer if the "file and print sharing" feature on your computer was turned on.  All it takes is a computer with a wireless network card.  Even with some of the security features enabled, it's harder, but still possible to gain access.  That's why it's important to activate all of the security features.


Wireless Networks in Hotels, Airports and Coffee Shops

Most hotels, airports and coffee shops have an unsecured wireless internet service.  It's wireless because it's easy and cheap to install.  It's unsecured so you can log in quickly without touching a configuration screen and the hotel, airport or coffee shop doesn't need to hire 24 hour tech support.  The downside when you connect, all of the other hotel guests, airport passengers, or coffee shop customers have access to your hard drive IF you don't have firewall software installed.  I use the free version of Zone Alarm to stop intruders.  Look for the button that says, "I only want basic ZoneAlarm protection."  However, someone nearby could use a free program called a network sniffer to see what web site you visited and what user ID and password you used.  That's why I like encrypted wireless or a wired connection for public places.


Use JiWire Hotspot Helper to encrypt the data from your laptop to the hotel's or airport's wireless access point and beyond.  This means a network sniffer won't work and your information remains private.  PC Magazine rated them the best (Jan 2006).  The cost is $25/year.  Make sure to purchase and setup the software on a secure connection at home before using the software.


Notebook computers with Windows 2000 or Windows XP (SP1, not SP2) may connect to other notebook computers in an airplane, airport, hotel or coffee shop without your knowledge.  If the wireless card can't find an access point to connect to the internet, it then searches for an "ad hoc" connection with other wireless notebook computers.  There aren't any popup windows to warn you if a connection was successful, but that was changed with Windows XP Service Pack 2.  Read more at PC Magazine (Mar 2006).  Turn off this feature in Windows XP by clicking on the Wi-Fi icon in the lower right corner of the screen.  Select Change advanced settings.  On the Wireless Network tab, choose Advanced followed by Access point (infrastructure) networks only.  Uncheck Automatically connect to non-preferred networks.


The New York Times has a great article about Web Surfing in Public Places Is a Way to Court Trouble (Aug 2006).  Tom's Networking writes The Smart Traveler's Guide to Data Theft Protection (July 2006).  Both are worth reading.


Added Layer of Security

Even if you only have one computer, a wired or wireless router will add a layer of security.  Without the router, Zone Alarm firewall software was logging several attempts every hour of people on the internet trying to copy a virus directly to my hard drive.  After several years of using a router, Zone Alarm has never logged an attempted break in.  When I didn't use a router, everyone on the internet could see my IP address.  The router hides it.  It's hard to knock on a door when you can't see the door.


Secure a Wireless Network

A wireless network is never secure, but use these security options:

  • Suppress broadcasting the SSID (the access point's ID number).
  • Change the default SSID.
  • Change the access point's default IP address.
  • Change the access point's default password.
  • Enable WPA (Wi-Fi Protected Access) or WEP (Wired Equivalent Privacy).  Change the setting to mandatory, choose 128-bit encryption {or higher}, and change the passphrase to change the key.  Enter the new key into your access cards.
  • Enter the MAC addresses of the wireless network cards that are allowed to gain access into the access point.
  • Make sure the router's built in firewall is turned on, especially the feature called Stateful Packet Inspection (SPI).

Firewall Software is Still Needed

Even though gateways and routers have built in firewalls, firewall software is still required.  Gateways, routers, and firewall software all check incoming data for intrusion, but only the software checks outgoing data.  Make sure each PC has the firewall software installed and updated with the latest patches from the vendor's web site.


Change Default Workgroup Name

When you are setting up the network and Windows asks you to name your workgroup of computers, choose something else besides the default name of "workgroup" or "MSHome."  It will make your network harder for hackers to gain access.


I See My Neighbor's Network

ExtremeTech writes, "But the other evening, I discovered something I'd never seen before: someone else's network in my house.  This little discovery, while funny at first, became quite an annoyance when my laptop insisted on associating with my neighbor's AP {Access Point} in parts of my house.  It wouldn't even see my network! ... I could even see their shared volumes {hard drives}."


Wireless access points come with 11 channels.  Work with your neighbor so their channel and your channel are 4 or 5 channel numbers apart from one another.


How Easy is it for Someone to Hack Into My Wireless Network?

I've never done it, but this is what I've read.  All you need is a computer with a wireless network card.  If the SSID is being broadcast, then a free program like NetStumbler will catalog as much information about the network as possible.  A portable GPS can be hooked up to the computer to add GPS coordinates.  If the network signal strength is too weak, then a $150 antenna can be used to gain access up to 300 feet away.  The antenna, GPS, and software work so well that someone can drive by at 55mph and pick up your your network info for use at a later time.  If you use WEP encryption, then free software called wireless sniffers can watch data going across your network and figure out the encryption key to gain access.  Airsnort is a popular sniffer, but there are others.  WPA encryption is newer and much more secure, but its just a matter of time before someone learns how to break the encryption code.  There are even web sites dedicated to showing where they can get free wireless internet access.  Even with all of the wireless security features turned on, the last way to get access is to clone all of the IDs and settings of a legitimate user already on the network.  I don't know the software that does this, but I'm sure it's free on the internet.  Most hackers uses Linux instead of Windows because Linux is much more powerful of an operating system for controlling networks.  All of this hardware and software is legal and easy to obtain.  Scary, huh?  How you use the hardware and software may be legal or illegal.


How to Crack WEP and How to Defend Against Hacking

SmallNetBuilder.com has a 3 part series on how to crack WEP and what you can do to prevent someone from hacking into your system.  Changing to WPA encryption would be an easy first start.


WEP Cracking...Reloaded (Aug 2007)


How To Crack WEP - Part 1: Setup and Network Recon (May 2005)

How To Crack WEP - Part 2: Performing the Crack (May 2005)

How To Crack WEP - Part 3: Securing your WLAN (June 2005)

Previous  Next