Making Wireless access secure

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hello All,

I have the following Network installed and working like a dream:-

Broadband via a cable set top box with built in modem - Etherent cable to
PC1 Ethernet card.

Second Ethernet card from PC1 feeds an 8 port hub.

8 port hub has three connections - two wired connections to two other PC's
and a Wire to a Wireless Access Point,

Have a lap top and a fourth desktop PC with Wireless connections that both
connect to the WA Point without problem.

Obviously for this set up to work, PC1 has to be switched on all the time
and acts as a server. All PC's and laptop running XP.

My problem is how to make the Wireless access Point secure - I can't seem to
find any way to do this at all. PC1 only has two Network Connections - one
that brings broadband in and the second that is on the Home Network (eg. IP
192.168.0.01) and is a wired connection to a hub

Any idea's?

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

there are a number of approaches to increase the security... the
following are in order that you should try them... and you will need to
reference your ap's user manual as well as reconfiguring all devices as
you make some of these changes.

Insure that your pc shares are all "password protected"

Activate WEP ...simplest but will not stop a dedicated attacker

Increase WEP level... increases time to crack

Turn off SSID broadcast... if you are not easily visible, most users
will pass you by... note... doing so may make connections difficut or
impossible for some devices.

Set your AP to allow only specific mac addresses... however, macs can be
"spoofed"

Impliment stronger encryptions offered by newer devices... will vary by
eqipment and may lock out some existing users who do not have the
stronger protocols.


The first question being "what's your exposure" ...if you just want to
stop casual connectors attending a neighbor's party, WEP is normally
sufficient. If you need serious protection, might reconsider using wifi ;-)

One tip that I have not seen posted very often is to monitor current ap
connections... set it in a small browser window in the backgroud... this
will alert you to outsiders trying to get in and give a partial overview
of your exposure.

Beverly Howard [MS MVP-Mobile Devices]

 

[Jack]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi
This page might not provide much more then already mentioned, but it does it
in an orderly way.
Wireless - Basic Security: http://www.ezlan.net/Wireless_Security.html
To take advantage of every thing you might need to use the original
manufacturer utility.
Jack (MVP-Networking).


"NTL Newsgroups" <fids_e@ntlworld.com> wrote in message
news:eFRMd.1784$PV3.1198@newsfe4-gui.ntli.net...
> Hello All,
>
> I have the following Network installed and working like a dream:-
>
> Broadband via a cable set top box with built in modem - Etherent cable to
> PC1 Ethernet card.
>
> Second Ethernet card from PC1 feeds an 8 port hub.
>
> 8 port hub has three connections - two wired connections to two other PC's
> and a Wire to a Wireless Access Point,
>
> Have a lap top and a fourth desktop PC with Wireless connections that both
> connect to the WA Point without problem.
>
> Obviously for this set up to work, PC1 has to be switched on all the time
> and acts as a server. All PC's and laptop running XP.
>
> My problem is how to make the Wireless access Point secure - I can't seem
to
> find any way to do this at all. PC1 only has two Network Connections -
one
> that brings broadband in and the second that is on the Home Network (eg.
IP
> 192.168.0.01) and is a wired connection to a hub
>
> Any idea's?
>
>

 

[jeff]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

If you are ultra paranoid beyond WPA-PSK w/long keys you
could run WPA2/Enterprise with a RADIUS server. If you
run Windows XP on PC1 there is a program called TinyPEAP
that works great or if PC1 is Windows Server use IAS.

>-----Original Message-----
>Hello All,
>
>I have the following Network installed and working like a
dream:-
>
>Broadband via a cable set top box with built in modem -
Etherent cable to
>PC1 Ethernet card.
>
>Second Ethernet card from PC1 feeds an 8 port hub.
>
>8 port hub has three connections - two wired connections
to two other PC's
>and a Wire to a Wireless Access Point,
>
>Have a lap top and a fourth desktop PC with Wireless
connections that both
>connect to the WA Point without problem.
>
>Obviously for this set up to work, PC1 has to be switched
on all the time
>and acts as a server. All PC's and laptop running XP.
>
>My problem is how to make the Wireless access Point
secure - I can't seem to
>find any way to do this at all. PC1 only has two Network
Connections - one
>that brings broadband in and the second that is on the
Home Network (eg. IP
>192.168.0.01) and is a wired connection to a hub
>
>Any idea's?
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Keep in mind that a cloaked, ie. non-broadcasting, SSID can still easily discovered with tools like
Kismet. Not broadcasting the SSID is not a valid security measure...Plus you simply cause yourself
other connectivity problems...

Other measures...

Change the access point SSID to something other than the default.
Change the access point administrative password to something other than the default and use a
*STRONG* password.
Use the highest level of WEP available or better yet use WPA with a random key >25 characters, if
your hardware supports WPA.

http://www.microsoft.com/technet/community/columns/cableguy/cg1104.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0303.mspx
http://www.microsoft.com/WindowsXP/expertzone/columns/bowman/03july28.asp

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in message
news:OtNdkJwCFHA.2288@TK2MSFTNGP14.phx.gbl...
> there are a number of approaches to increase the security... the following are in order that you
> should try them... and you will need to reference your ap's user manual as well as reconfiguring
> all devices as you make some of these changes.
>
> Insure that your pc shares are all "password protected"
>
> Activate WEP ...simplest but will not stop a dedicated attacker
>
> Increase WEP level... increases time to crack
>
> Turn off SSID broadcast... if you are not easily visible, most users will pass you by... note...
> doing so may make connections difficut or impossible for some devices.
>
> Set your AP to allow only specific mac addresses... however, macs can be "spoofed"
>
> Impliment stronger encryptions offered by newer devices... will vary by eqipment and may lock out
> some existing users who do not have the stronger protocols.
>
>
> The first question being "what's your exposure" ...if you just want to stop casual connectors
> attending a neighbor's party, WEP is normally sufficient. If you need serious protection, might
> reconsider using wifi ;-)
>
> One tip that I have not seen posted very often is to monitor current ap connections... set it in a
> small browser window in the backgroud... this will alert you to outsiders trying to get in and
> give a partial overview of your exposure.
>
> Beverly Howard [MS MVP-Mobile Devices]
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I forgot to add that I use WPA-PSK (TKIP) on my home LAN wireless segment with a *VERY LONG RANDOM
ASCII* key... This is with a Buffalo WBR-G54 4-Port Broadband Router/802.11b/g Wireless Access
Point. My 802.11b client is an iPAQ 5555 PocketPC...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
news:eg14XmwCFHA.3824@TK2MSFTNGP10.phx.gbl...
> Keep in mind that a cloaked, ie. non-broadcasting, SSID can still easily discovered with tools
> like Kismet. Not broadcasting the SSID is not a valid security measure...Plus you simply cause
> yourself other connectivity problems...
>
> Other measures...
>
> Change the access point SSID to something other than the default.
> Change the access point administrative password to something other than the default and use a
> *STRONG* password.
> Use the highest level of WEP available or better yet use WPA with a random key >25 characters, if
> your hardware supports WPA.
>
> http://www.microsoft.com/technet/community/columns/cableguy/cg1104.mspx
> http://www.microsoft.com/technet/community/columns/cableguy/cg0303.mspx
> http://www.microsoft.com/WindowsXP/expertzone/columns/bowman/03july28.asp
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in message
> news:OtNdkJwCFHA.2288@TK2MSFTNGP14.phx.gbl...
>> there are a number of approaches to increase the security... the following are in order that you
>> should try them... and you will need to reference your ap's user manual as well as reconfiguring
>> all devices as you make some of these changes.
>>
>> Insure that your pc shares are all "password protected"
>>
>> Activate WEP ...simplest but will not stop a dedicated attacker
>>
>> Increase WEP level... increases time to crack
>>
>> Turn off SSID broadcast... if you are not easily visible, most users will pass you by... note...
>> doing so may make connections difficut or impossible for some devices.
>>
>> Set your AP to allow only specific mac addresses... however, macs can be "spoofed"
>>
>> Impliment stronger encryptions offered by newer devices... will vary by eqipment and may lock out
>> some existing users who do not have the stronger protocols.
>>
>>
>> The first question being "what's your exposure" ...if you just want to stop casual connectors
>> attending a neighbor's party, WEP is normally sufficient. If you need serious protection, might
>> reconsider using wifi ;-)
>>
>> One tip that I have not seen posted very often is to monitor current ap connections... set it in
>> a small browser window in the backgroud... this will alert you to outsiders trying to get in and
>> give a partial overview of your exposure.
>>
>> Beverly Howard [MS MVP-Mobile Devices]
>>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Thanks for this - my problem is on which PC to make the network private - I
can obviously see the wireless connection on the laptop and the PC that
connects via wireless to the access point, but not on my main PC (the one
that shares the internet connection) as I can only see the LAN connections.
I had a wired network (typically MSHOME) and the wireless action point is
connected on to that. If I create a secure network on say the laptop, will
this make the WAP protected and still connect to MSHOME/PC1?

FYI - I only want to stop casual connections - nothing else worth
protecting!


"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
message news:OtNdkJwCFHA.2288@TK2MSFTNGP14.phx.gbl...
> there are a number of approaches to increase the security... the following
> are in order that you should try them... and you will need to reference
> your ap's user manual as well as reconfiguring all devices as you make
> some of these changes.
>
> Insure that your pc shares are all "password protected"
>
> Activate WEP ...simplest but will not stop a dedicated attacker
>
> Increase WEP level... increases time to crack
>
> Turn off SSID broadcast... if you are not easily visible, most users will
> pass you by... note... doing so may make connections difficut or
> impossible for some devices.
>
> Set your AP to allow only specific mac addresses... however, macs can be
> "spoofed"
>
> Impliment stronger encryptions offered by newer devices... will vary by
> eqipment and may lock out some existing users who do not have the stronger
> protocols.
>
>
> The first question being "what's your exposure" ...if you just want to
> stop casual connectors attending a neighbor's party, WEP is normally
> sufficient. If you need serious protection, might reconsider using wifi
> ;-)
>
> One tip that I have not seen posted very often is to monitor current ap
> connections... set it in a small browser window in the backgroud... this
> will alert you to outsiders trying to get in and give a partial overview
> of your exposure.
>
> Beverly Howard [MS MVP-Mobile Devices]
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Sorry - Should add I've jsut changed my username in my Newsreader


"Fids" <fids_e@ntlworld.com> wrote in message
news8SMd.2007$PV3.1735@newsfe4-gui.ntli.net...
> Thanks for this - my problem is on which PC to make the network private -
> I can obviously see the wireless connection on the laptop and the PC that
> connects via wireless to the access point, but not on my main PC (the one
> that shares the internet connection) as I can only see the LAN
> connections. I had a wired network (typically MSHOME) and the wireless
> action point is connected on to that. If I create a secure network on say
> the laptop, will this make the WAP protected and still connect to
> MSHOME/PC1?
>
> FYI - I only want to stop casual connections - nothing else worth
> protecting!
>
>
> "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
> message news:OtNdkJwCFHA.2288@TK2MSFTNGP14.phx.gbl...
>> there are a number of approaches to increase the security... the
>> following are in order that you should try them... and you will need to
>> reference your ap's user manual as well as reconfiguring all devices as
>> you make some of these changes.
>>
>> Insure that your pc shares are all "password protected"
>>
>> Activate WEP ...simplest but will not stop a dedicated attacker
>>
>> Increase WEP level... increases time to crack
>>
>> Turn off SSID broadcast... if you are not easily visible, most users will
>> pass you by... note... doing so may make connections difficut or
>> impossible for some devices.
>>
>> Set your AP to allow only specific mac addresses... however, macs can be
>> "spoofed"
>>
>> Impliment stronger encryptions offered by newer devices... will vary by
>> eqipment and may lock out some existing users who do not have the
>> stronger protocols.
>>
>>
>> The first question being "what's your exposure" ...if you just want to
>> stop casual connectors attending a neighbor's party, WEP is normally
>> sufficient. If you need serious protection, might reconsider using wifi
>> ;-)
>>
>> One tip that I have not seen posted very often is to monitor current ap
>> connections... set it in a small browser window in the backgroud... this
>> will alert you to outsiders trying to get in and give a partial overview
>> of your exposure.
>>
>> Beverly Howard [MS MVP-Mobile Devices]
>>
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

What's important to understand is that an access point is simply an
extension to your wired ethernet network, the network protocol is the same.

Without wap implimented, anyone connected via a wifi card to the access
point has exactly the same connection to the wired network as someone
with a laptop connected to the same network by plugging an ethernet
cable into your router... more accurately into the same port the access
point is connected to. If your PC shares are not protected, anyone
connected to the network has direct access to all shares on all pc's.

Just as password protecting your shares gives the pc's protection from
others connected by wire, it provides the same protection from someone
connected via wifi.

WAP is implimented in the AccessPoint... thereafter, any connection via
wireless will require that the wireless pc be configured to use the WAP
code implimented on the access point.

All of the suggestions I made other than password protecting the shares
are implimented using the AccessPoint's setup utility.

Beverly Howard [MS MVP-Mobile Devices]

 

[bar]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

You may also be asked to choose an SSID (service set identifier) I recommend
that you do not accept the default setting as anyone nearby with a wireless
device can also use your internet access. Set your SSID to a meaningful name
use your Business Name. For work-group name use ‘Wireless’ and a wireless
channel select from 1 – 11, I recommend you use a higher channel as default
settings usually select the lower end. Keep these consistent for all of your
machines.

Security
For additional security you can and should use Wired Equivalent Privacy
(WEP) algorithm: and set this at 64bit: you can then choose a combination of
10 hexadecimal characters [0-9 + A-F], again for this may I recommend you
select your mobile phone number as it is 10 characters long and not known to
all your neighbours.

Additionally you can set the Access Point to only allow access to specific
units, where you would enter their MAC address, again a series of Hex
numbers, usually found on the Wireless Card plugged into the Laptops or other
desktop PCs.


"NTL Newsgroups" wrote:

> Hello All,
>
> I have the following Network installed and working like a dream:-
>
> Broadband via a cable set top box with built in modem - Etherent cable to
> PC1 Ethernet card.
>
> Second Ethernet card from PC1 feeds an 8 port hub.
>
> 8 port hub has three connections - two wired connections to two other PC's
> and a Wire to a Wireless Access Point,
>
> Have a lap top and a fourth desktop PC with Wireless connections that both
> connect to the WA Point without problem.
>
> Obviously for this set up to work, PC1 has to be switched on all the time
> and acts as a server. All PC's and laptop running XP.
>
> My problem is how to make the Wireless access Point secure - I can't seem to
> find any way to do this at all. PC1 only has two Network Connections - one
> that brings broadband in and the second that is on the Home Network (eg. IP
> 192.168.0.01) and is a wired connection to a hub
>
> Any idea's?
>
>
>