Making Wireless access secure

Discussion in 'Wireless Networking' started by NTL Newsgroups, Feb 4, 2005.

  1. Hello All,

    I have the following Network installed and working like a dream:-

    Broadband via a cable set top box with built in modem - Etherent cable to
    PC1 Ethernet card.

    Second Ethernet card from PC1 feeds an 8 port hub.

    8 port hub has three connections - two wired connections to two other PC's
    and a Wire to a Wireless Access Point,

    Have a lap top and a fourth desktop PC with Wireless connections that both
    connect to the WA Point without problem.

    Obviously for this set up to work, PC1 has to be switched on all the time
    and acts as a server. All PC's and laptop running XP.

    My problem is how to make the Wireless access Point secure - I can't seem to
    find any way to do this at all. PC1 only has two Network Connections - one
    that brings broadband in and the second that is on the Home Network (eg. IP
    192.168.0.01) and is a wired connection to a hub

    Any idea's?
    NTL Newsgroups, Feb 4, 2005
    #1
    1. Advertising

  2. there are a number of approaches to increase the security... the
    following are in order that you should try them... and you will need to
    reference your ap's user manual as well as reconfiguring all devices as
    you make some of these changes.

    Insure that your pc shares are all "password protected"

    Activate WEP ...simplest but will not stop a dedicated attacker

    Increase WEP level... increases time to crack

    Turn off SSID broadcast... if you are not easily visible, most users
    will pass you by... note... doing so may make connections difficut or
    impossible for some devices.

    Set your AP to allow only specific mac addresses... however, macs can be
    "spoofed"

    Impliment stronger encryptions offered by newer devices... will vary by
    eqipment and may lock out some existing users who do not have the
    stronger protocols.


    The first question being "what's your exposure" ...if you just want to
    stop casual connectors attending a neighbor's party, WEP is normally
    sufficient. If you need serious protection, might reconsider using wifi ;-)

    One tip that I have not seen posted very often is to monitor current ap
    connections... set it in a small browser window in the backgroud... this
    will alert you to outsiders trying to get in and give a partial overview
    of your exposure.

    Beverly Howard [MS MVP-Mobile Devices]
    Beverly Howard [Ms-MVP/MobileDev], Feb 4, 2005
    #2
    1. Advertising

  3. NTL Newsgroups

    Fids Guest

    Thanks for this - my problem is on which PC to make the network private - I
    can obviously see the wireless connection on the laptop and the PC that
    connects via wireless to the access point, but not on my main PC (the one
    that shares the internet connection) as I can only see the LAN connections.
    I had a wired network (typically MSHOME) and the wireless action point is
    connected on to that. If I create a secure network on say the laptop, will
    this make the WAP protected and still connect to MSHOME/PC1?

    FYI - I only want to stop casual connections - nothing else worth
    protecting!


    "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
    message news:...
    > there are a number of approaches to increase the security... the following
    > are in order that you should try them... and you will need to reference
    > your ap's user manual as well as reconfiguring all devices as you make
    > some of these changes.
    >
    > Insure that your pc shares are all "password protected"
    >
    > Activate WEP ...simplest but will not stop a dedicated attacker
    >
    > Increase WEP level... increases time to crack
    >
    > Turn off SSID broadcast... if you are not easily visible, most users will
    > pass you by... note... doing so may make connections difficut or
    > impossible for some devices.
    >
    > Set your AP to allow only specific mac addresses... however, macs can be
    > "spoofed"
    >
    > Impliment stronger encryptions offered by newer devices... will vary by
    > eqipment and may lock out some existing users who do not have the stronger
    > protocols.
    >
    >
    > The first question being "what's your exposure" ...if you just want to
    > stop casual connectors attending a neighbor's party, WEP is normally
    > sufficient. If you need serious protection, might reconsider using wifi
    > ;-)
    >
    > One tip that I have not seen posted very often is to monitor current ap
    > connections... set it in a small browser window in the backgroud... this
    > will alert you to outsiders trying to get in and give a partial overview
    > of your exposure.
    >
    > Beverly Howard [MS MVP-Mobile Devices]
    >
    >
    >
    Fids, Feb 4, 2005
    #3
  4. NTL Newsgroups

    Fids Guest

    Sorry - Should add I've jsut changed my username in my Newsreader


    "Fids" <> wrote in message
    news:p8SMd.2007$...
    > Thanks for this - my problem is on which PC to make the network private -
    > I can obviously see the wireless connection on the laptop and the PC that
    > connects via wireless to the access point, but not on my main PC (the one
    > that shares the internet connection) as I can only see the LAN
    > connections. I had a wired network (typically MSHOME) and the wireless
    > action point is connected on to that. If I create a secure network on say
    > the laptop, will this make the WAP protected and still connect to
    > MSHOME/PC1?
    >
    > FYI - I only want to stop casual connections - nothing else worth
    > protecting!
    >
    >
    > "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
    > message news:...
    >> there are a number of approaches to increase the security... the
    >> following are in order that you should try them... and you will need to
    >> reference your ap's user manual as well as reconfiguring all devices as
    >> you make some of these changes.
    >>
    >> Insure that your pc shares are all "password protected"
    >>
    >> Activate WEP ...simplest but will not stop a dedicated attacker
    >>
    >> Increase WEP level... increases time to crack
    >>
    >> Turn off SSID broadcast... if you are not easily visible, most users will
    >> pass you by... note... doing so may make connections difficut or
    >> impossible for some devices.
    >>
    >> Set your AP to allow only specific mac addresses... however, macs can be
    >> "spoofed"
    >>
    >> Impliment stronger encryptions offered by newer devices... will vary by
    >> eqipment and may lock out some existing users who do not have the
    >> stronger protocols.
    >>
    >>
    >> The first question being "what's your exposure" ...if you just want to
    >> stop casual connectors attending a neighbor's party, WEP is normally
    >> sufficient. If you need serious protection, might reconsider using wifi
    >> ;-)
    >>
    >> One tip that I have not seen posted very often is to monitor current ap
    >> connections... set it in a small browser window in the backgroud... this
    >> will alert you to outsiders trying to get in and give a partial overview
    >> of your exposure.
    >>
    >> Beverly Howard [MS MVP-Mobile Devices]
    >>
    >>
    >>

    >
    >
    Fids, Feb 4, 2005
    #4
  5. Keep in mind that a cloaked, ie. non-broadcasting, SSID can still easily discovered with tools like
    Kismet. Not broadcasting the SSID is not a valid security measure...Plus you simply cause yourself
    other connectivity problems...

    Other measures...

    Change the access point SSID to something other than the default.
    Change the access point administrative password to something other than the default and use a
    *STRONG* password.
    Use the highest level of WEP available or better yet use WPA with a random key >25 characters, if
    your hardware supports WPA.

    http://www.microsoft.com/technet/community/columns/cableguy/cg1104.mspx
    http://www.microsoft.com/technet/community/columns/cableguy/cg0303.mspx
    http://www.microsoft.com/WindowsXP/expertzone/columns/bowman/03july28.asp

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in message
    news:...
    > there are a number of approaches to increase the security... the following are in order that you
    > should try them... and you will need to reference your ap's user manual as well as reconfiguring
    > all devices as you make some of these changes.
    >
    > Insure that your pc shares are all "password protected"
    >
    > Activate WEP ...simplest but will not stop a dedicated attacker
    >
    > Increase WEP level... increases time to crack
    >
    > Turn off SSID broadcast... if you are not easily visible, most users will pass you by... note...
    > doing so may make connections difficut or impossible for some devices.
    >
    > Set your AP to allow only specific mac addresses... however, macs can be "spoofed"
    >
    > Impliment stronger encryptions offered by newer devices... will vary by eqipment and may lock out
    > some existing users who do not have the stronger protocols.
    >
    >
    > The first question being "what's your exposure" ...if you just want to stop casual connectors
    > attending a neighbor's party, WEP is normally sufficient. If you need serious protection, might
    > reconsider using wifi ;-)
    >
    > One tip that I have not seen posted very often is to monitor current ap connections... set it in a
    > small browser window in the backgroud... this will alert you to outsiders trying to get in and
    > give a partial overview of your exposure.
    >
    > Beverly Howard [MS MVP-Mobile Devices]
    >
    >
    >
    Sooner Al [MVP], Feb 4, 2005
    #5
  6. I forgot to add that I use WPA-PSK (TKIP) on my home LAN wireless segment with a *VERY LONG RANDOM
    ASCII* key... This is with a Buffalo WBR-G54 4-Port Broadband Router/802.11b/g Wireless Access
    Point. My 802.11b client is an iPAQ 5555 PocketPC...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Sooner Al [MVP]" <> wrote in message
    news:...
    > Keep in mind that a cloaked, ie. non-broadcasting, SSID can still easily discovered with tools
    > like Kismet. Not broadcasting the SSID is not a valid security measure...Plus you simply cause
    > yourself other connectivity problems...
    >
    > Other measures...
    >
    > Change the access point SSID to something other than the default.
    > Change the access point administrative password to something other than the default and use a
    > *STRONG* password.
    > Use the highest level of WEP available or better yet use WPA with a random key >25 characters, if
    > your hardware supports WPA.
    >
    > http://www.microsoft.com/technet/community/columns/cableguy/cg1104.mspx
    > http://www.microsoft.com/technet/community/columns/cableguy/cg0303.mspx
    > http://www.microsoft.com/WindowsXP/expertzone/columns/bowman/03july28.asp
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in message
    > news:...
    >> there are a number of approaches to increase the security... the following are in order that you
    >> should try them... and you will need to reference your ap's user manual as well as reconfiguring
    >> all devices as you make some of these changes.
    >>
    >> Insure that your pc shares are all "password protected"
    >>
    >> Activate WEP ...simplest but will not stop a dedicated attacker
    >>
    >> Increase WEP level... increases time to crack
    >>
    >> Turn off SSID broadcast... if you are not easily visible, most users will pass you by... note...
    >> doing so may make connections difficut or impossible for some devices.
    >>
    >> Set your AP to allow only specific mac addresses... however, macs can be "spoofed"
    >>
    >> Impliment stronger encryptions offered by newer devices... will vary by eqipment and may lock out
    >> some existing users who do not have the stronger protocols.
    >>
    >>
    >> The first question being "what's your exposure" ...if you just want to stop casual connectors
    >> attending a neighbor's party, WEP is normally sufficient. If you need serious protection, might
    >> reconsider using wifi ;-)
    >>
    >> One tip that I have not seen posted very often is to monitor current ap connections... set it in
    >> a small browser window in the backgroud... this will alert you to outsiders trying to get in and
    >> give a partial overview of your exposure.
    >>
    >> Beverly Howard [MS MVP-Mobile Devices]
    >>
    Sooner Al [MVP], Feb 4, 2005
    #6
  7. What's important to understand is that an access point is simply an
    extension to your wired ethernet network, the network protocol is the same.

    Without wap implimented, anyone connected via a wifi card to the access
    point has exactly the same connection to the wired network as someone
    with a laptop connected to the same network by plugging an ethernet
    cable into your router... more accurately into the same port the access
    point is connected to. If your PC shares are not protected, anyone
    connected to the network has direct access to all shares on all pc's.

    Just as password protecting your shares gives the pc's protection from
    others connected by wire, it provides the same protection from someone
    connected via wifi.

    WAP is implimented in the AccessPoint... thereafter, any connection via
    wireless will require that the wireless pc be configured to use the WAP
    code implimented on the access point.

    All of the suggestions I made other than password protecting the shares
    are implimented using the AccessPoint's setup utility.

    Beverly Howard [MS MVP-Mobile Devices]
    Beverly Howard [Ms-MVP/MobileDev], Feb 4, 2005
    #7
  8. NTL Newsgroups

    Jack Guest

    Hi
    This page might not provide much more then already mentioned, but it does it
    in an orderly way.
    Wireless - Basic Security: http://www.ezlan.net/Wireless_Security.html
    To take advantage of every thing you might need to use the original
    manufacturer utility.
    Jack (MVP-Networking).


    "NTL Newsgroups" <> wrote in message
    news:eFRMd.1784$...
    > Hello All,
    >
    > I have the following Network installed and working like a dream:-
    >
    > Broadband via a cable set top box with built in modem - Etherent cable to
    > PC1 Ethernet card.
    >
    > Second Ethernet card from PC1 feeds an 8 port hub.
    >
    > 8 port hub has three connections - two wired connections to two other PC's
    > and a Wire to a Wireless Access Point,
    >
    > Have a lap top and a fourth desktop PC with Wireless connections that both
    > connect to the WA Point without problem.
    >
    > Obviously for this set up to work, PC1 has to be switched on all the time
    > and acts as a server. All PC's and laptop running XP.
    >
    > My problem is how to make the Wireless access Point secure - I can't seem

    to
    > find any way to do this at all. PC1 only has two Network Connections -

    one
    > that brings broadband in and the second that is on the Home Network (eg.

    IP
    > 192.168.0.01) and is a wired connection to a hub
    >
    > Any idea's?
    >
    >
    Jack, Feb 5, 2005
    #8
  9. NTL Newsgroups

    Jeff Guest

    If you are ultra paranoid beyond WPA-PSK w/long keys you
    could run WPA2/Enterprise with a RADIUS server. If you
    run Windows XP on PC1 there is a program called TinyPEAP
    that works great or if PC1 is Windows Server use IAS.

    >-----Original Message-----
    >Hello All,
    >
    >I have the following Network installed and working like a

    dream:-
    >
    >Broadband via a cable set top box with built in modem -

    Etherent cable to
    >PC1 Ethernet card.
    >
    >Second Ethernet card from PC1 feeds an 8 port hub.
    >
    >8 port hub has three connections - two wired connections

    to two other PC's
    >and a Wire to a Wireless Access Point,
    >
    >Have a lap top and a fourth desktop PC with Wireless

    connections that both
    >connect to the WA Point without problem.
    >
    >Obviously for this set up to work, PC1 has to be switched

    on all the time
    >and acts as a server. All PC's and laptop running XP.
    >
    >My problem is how to make the Wireless access Point

    secure - I can't seem to
    >find any way to do this at all. PC1 only has two Network

    Connections - one
    >that brings broadband in and the second that is on the

    Home Network (eg. IP
    >192.168.0.01) and is a wired connection to a hub
    >
    >Any idea's?
    >
    >
    >.
    >
    Jeff, Feb 5, 2005
    #9
  10. You may also be asked to choose an SSID (service set identifier) I recommend
    that you do not accept the default setting as anyone nearby with a wireless
    device can also use your internet access. Set your SSID to a meaningful name
    use your Business Name. For work-group name use ‘Wireless’ and a wireless
    channel select from 1 – 11, I recommend you use a higher channel as default
    settings usually select the lower end. Keep these consistent for all of your
    machines.

    Security
    For additional security you can and should use Wired Equivalent Privacy
    (WEP) algorithm: and set this at 64bit: you can then choose a combination of
    10 hexadecimal characters [0-9 + A-F], again for this may I recommend you
    select your mobile phone number as it is 10 characters long and not known to
    all your neighbours.

    Additionally you can set the Access Point to only allow access to specific
    units, where you would enter their MAC address, again a series of Hex
    numbers, usually found on the Wireless Card plugged into the Laptops or other
    desktop PCs.


    "NTL Newsgroups" wrote:

    > Hello All,
    >
    > I have the following Network installed and working like a dream:-
    >
    > Broadband via a cable set top box with built in modem - Etherent cable to
    > PC1 Ethernet card.
    >
    > Second Ethernet card from PC1 feeds an 8 port hub.
    >
    > 8 port hub has three connections - two wired connections to two other PC's
    > and a Wire to a Wireless Access Point,
    >
    > Have a lap top and a fourth desktop PC with Wireless connections that both
    > connect to the WA Point without problem.
    >
    > Obviously for this set up to work, PC1 has to be switched on all the time
    > and acts as a server. All PC's and laptop running XP.
    >
    > My problem is how to make the Wireless access Point secure - I can't seem to
    > find any way to do this at all. PC1 only has two Network Connections - one
    > that brings broadband in and the second that is on the Home Network (eg. IP
    > 192.168.0.01) and is a wired connection to a hub
    >
    > Any idea's?
    >
    >
    >
    =?Utf-8?B?QkFS?=, Feb 5, 2005
    #10
  11. NTL Newsgroups

    jasonnogaliza

    Joined:
    Mar 27, 2011
    Messages:
    2
    SECURITY KEY

    HOW TO CREAT SECURITY (WEP KEY) ON MY LAPTOP. DUE TO SOME NEIGBOORS USING IT WITHOUT PAYING.
    jasonnogaliza, Mar 27, 2011
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. KerplunKuK

    Secure and non secure warnings

    KerplunKuK, Aug 24, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    536
    Blinky the Shark
    Aug 24, 2004
  2. Jene Keller
    Replies:
    4
    Views:
    519
  3. Miss Mary
    Replies:
    1
    Views:
    1,442
    sean.archer
    Sep 21, 2007
  4. Replies:
    0
    Views:
    562
  5. Replies:
    0
    Views:
    610
Loading...

Share This Page