unwanted computer on network

Discussion in 'Wireless Networking' started by Mark Hall, Mar 4, 2005.

  1. Mark Hall

    Mark Hall Guest

    i am running a wireless network and some1 accross the road can see our
    network. is it possible to block them.

    thanks in advance
    Mark Hall, Mar 4, 2005
    #1
    1. Advertising

  2. Mark Hall

    Malke Guest

    Mark Hall wrote:

    > i am running a wireless network and some1 accross the road can see our
    > network. is it possible to block them.
    >
    > thanks in advance


    There is no way you can prevent someone just seeing your wireless
    network; that is how wireless works. You can turn off SSID
    broadcasting, but this is not advantageous for your own network and
    really provides no security. You should make sure you have enabled
    encryption on your network, and you may also choose to do MAC address
    filtering on your router, only allowing your own computers to access
    the network. Then, although your network will be visible to outsiders,
    they will not be able to connect. Here is a link regarding basic
    wireless security:

    Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html

    Malke
    --
    MS MVP - Windows Shell/User
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    Malke, Mar 4, 2005
    #2
    1. Advertising

  3. Mark Hall

    DJ Borell Guest

    "Malke" <> wrote in message
    news:...

    > There is no way you can prevent someone just seeing your wireless
    > network; that is how wireless works. You can turn off SSID
    > broadcasting, but this is not advantageous for your own network and
    > really provides no security. You should make sure you have enabled
    > encryption on your network, and you may also choose to do MAC address
    > filtering on your router, only allowing your own computers to access
    > the network. Then, although your network will be visible to outsiders,
    > they will not be able to connect. Here is a link regarding basic
    > wireless security:
    >
    > Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html
    >
    > Malke
    > --
    > MS MVP - Windows Shell/User
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic!"


    Not to be disagreeable, but disabling the Broadcast ID, while not providing
    security per se, is one step in securing a wireless network. While it
    doesn't technically make the network invisible, it does make it a lot harder
    to find and connect when the SSID is changed and broadcast is turned off.
    DJ Borell, Mar 4, 2005
    #3
  4. Mark Hall

    Mr. Smith Guest

    Yes, but note this. If you disable SSID on your access points etc, how do
    your wireless clients know where to connect? You will have to instruct your
    WiFi users as to what to use as an SSID to connect to your Wireless network.
    It would be the same as if you also used WEP, you would still need to give
    that info to your users.



    I say run the network openly and perhaps issues certs to the users to use to
    secure by MAC Address. You could use some "I think it's called NAS, someone
    correct me please if I am wrong" radius type logins so that users would have
    to enter in user id and passwords.
    Mr. Smith, Mar 4, 2005
    #4
  5. Mark Hall

    DJ Borell Guest

    "Mr. Smith" <> wrote in message
    news:...
    > Yes, but note this. If you disable SSID on your access points etc, how do
    > your wireless clients know where to connect? You will have to instruct
    > your WiFi users as to what to use as an SSID to connect to your Wireless
    > network. It would be the same as if you also used WEP, you would still
    > need to give that info to your users.



    Yes, you would have to configure the SSID per machine. But if you're
    already manaully configuring your clients, you already have to configure the
    WEP/WPA key, so the "extra" step of defining the SSID is already necessary.
    And if you aren't using encryption, disabling the broadcast is really moot
    anyway.

    But this is the inherent problem with security; access becomes more
    difficult. Access/convenience are traded off for security. If you want
    complete convenience, resign yourself to no security.


    > I say run the network openly and perhaps issues certs to the users to use
    > to secure by MAC Address. You could use some "I think it's called NAS,
    > someone correct me please if I am wrong" radius type logins so that users
    > would have to enter in user id and passwords.



    Correct, you could require authentication via a RADIUS server. But we're
    talking about a home wireless network here. I sincerely doubt the OP, or
    any other home user, wants to deploy a server scenario of this fashion or
    purchase the hardware necessary to employ this authentication. In an
    enterprise network utilizing WiFi, broadcast once again becomes moot if you
    are using WiFi best practices; ie, secure logon, AD, blah, blah, blah.
    Again, though, we're (or at least I am) not talking about an enterprise WiFi
    deployment.

    The best way to secure a Home Wireless Network is:

    1) Disable the Broadcast ID
    2) Change the default SSID
    3) Enable WEP/WPA encryption with a strong key
    4) Change the default admin password
    5) Decrease the scope of the DHCP server to only the necessary number of
    host addresses

    And, if you aren't going to have variable clients;

    5) Employ MAC filtering

    A home user that wants to be really nitty-gritty and is running XP Pro can
    also disable simple file sharing to require authentication for shared
    resources as well. I liken (for novice users) the above steps to "hiding
    the door to your house", "changing your address", "using a lock", "changing
    the keys", and "making sure there aren't too many keys available". Not
    perfect, but it gets the point across.

    Anyone with any WiFi experience knows that none of this makes you perfectly
    secure, but it certainly does make it a lot harder to attack your network.

    In my experience, and I've deployed/installed numerous home wireless
    networks, most users couldn't care less what security their network has.
    They just want it to work. Frequently, I have to enable the security and,
    if they realize I've done it, explain why it's necessary. If I ask up front
    whether they want it or not, I usually get "don't bother". IMHO, not
    employing even minimal security is foolish.
    DJ Borell, Mar 4, 2005
    #5
  6. Mark Hall

    Malke Guest

    DJ Borell wrote:

    > "Mr. Smith" <> wrote in message
    > news:...
    >> Yes, but note this. If you disable SSID on your access points etc,
    >> how do
    >> your wireless clients know where to connect? You will have to
    >> instruct your WiFi users as to what to use as an SSID to connect to
    >> your Wireless network. It would be the same as if you also used WEP,
    >> you would still need to give that info to your users.

    >
    >
    > Yes, you would have to configure the SSID per machine. But if you're
    > already manaully configuring your clients, you already have to
    > configure the WEP/WPA key, so the "extra" step of defining the SSID is
    > already necessary. And if you aren't using encryption, disabling the
    > broadcast is really moot anyway.
    >
    > But this is the inherent problem with security; access becomes more
    > difficult. Access/convenience are traded off for security. If you
    > want complete convenience, resign yourself to no security.
    >
    >
    >> I say run the network openly and perhaps issues certs to the users to
    >> use
    >> to secure by MAC Address. You could use some "I think it's called
    >> NAS, someone correct me please if I am wrong" radius type logins so
    >> that users would have to enter in user id and passwords.

    >
    >
    > Correct, you could require authentication via a RADIUS server. But
    > we're
    > talking about a home wireless network here. I sincerely doubt the OP,
    > or any other home user, wants to deploy a server scenario of this
    > fashion or
    > purchase the hardware necessary to employ this authentication. In an
    > enterprise network utilizing WiFi, broadcast once again becomes moot
    > if you are using WiFi best practices; ie, secure logon, AD, blah,
    > blah, blah. Again, though, we're (or at least I am) not talking about
    > an enterprise WiFi deployment.
    >
    > The best way to secure a Home Wireless Network is:
    >
    > 1) Disable the Broadcast ID
    > 2) Change the default SSID
    > 3) Enable WEP/WPA encryption with a strong key
    > 4) Change the default admin password
    > 5) Decrease the scope of the DHCP server to only the necessary number
    > of host addresses
    >
    > And, if you aren't going to have variable clients;
    >
    > 5) Employ MAC filtering
    >
    > A home user that wants to be really nitty-gritty and is running XP Pro
    > can also disable simple file sharing to require authentication for
    > shared
    > resources as well. I liken (for novice users) the above steps to
    > "hiding the door to your house", "changing your address", "using a
    > lock", "changing
    > the keys", and "making sure there aren't too many keys available".
    > Not perfect, but it gets the point across.
    >
    > Anyone with any WiFi experience knows that none of this makes you
    > perfectly secure, but it certainly does make it a lot harder to attack
    > your network.
    >
    > In my experience, and I've deployed/installed numerous home wireless
    > networks, most users couldn't care less what security their network
    > has.
    > They just want it to work. Frequently, I have to enable the security
    > and,
    > if they realize I've done it, explain why it's necessary. If I ask up
    > front
    > whether they want it or not, I usually get "don't bother". IMHO, not
    > employing even minimal security is foolish.


    You've never been disagreeable to *me*, DJ ;-) and 1) I never mind being
    corrected because I like to learn; and 2) we don't have to agree on
    everything. It's just that from what I've read by networking experts I
    respect, enabling SSID is something you really want to do. I think
    Windows wireless works better with it enabled, and so do the MS guys
    who've posted about it. But as I said, we can disagree and still be
    friends. I say a home user should change the SSID from the default,
    leave it enabled, use as strong encryption as his/her hardware permits,
    and do MAC filtering if you want.

    Malke
    --
    MS MVP - Windows Shell/User
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    Malke, Mar 4, 2005
    #6
  7. Mark Hall

    Jack \(MVP\) Guest

    Hi
    Windows Zero Configuration (WZC) needs the SSID broadcast to be On in order
    to work correctly (some Wireless Clients need the Broadcast On even with
    their own utilities).
    Broadcast means that while resting (i.e. the Wireless connection is not use)
    the Wireless Source transmits burst of signal with its SSID. However,
    switching the Broadcast Off is Not a Big security feature. When the Wireless
    is actually used it Broadcasts the SSID regardless of the status at Rest.
    In other word While you are using your Wireless your SSID will popup on any
    neighbor computer whether the Broadcast is On or Off. In addition there are
    simple Utilities that can wake the Wireless even if the Broadcast is Off and
    you are not using it at the moment.
    MAC filter is a good thing to use because it does not have any impact on the
    Wireless besides restricting the Wireless client to the few with a specific
    MAC address.
    However, MAC filtering is a Good feature to leave out innocent neighbors
    that might log onto your system and might not be aware that they are doing
    so. However with MAC protection only it is very easy for real Hacker to get
    in if he wants to.
    Encrypting the Wireless traffic is currently the preferred method of
    securing the Wireless Network.
    Older system use to have WEP only protection, which evolved into WPA, which
    is evolved now into WPA-PSK-TIK.
    Log to this page if you would like to understand more about the Basic of
    these methods.
    Wireless Encryption - WEP, WPA, and the Future (802.11i) -
    http://www.ezlan.net/wpa_wep.html
    You can use only One of these Methods. If you have WPA-PSK-TIK, use it if
    not use WPA, if Not use WEP.
    Additional mean of securing a Network can be achieved by restricting the
    log-in of the Wireless computers to pre assigned Clients. This is done by
    using a RADIUS server. This method is used by many corporations to control
    who can use their Wireless.
    If you Do Not have a system with RADIUS Server make sure that your WZC
    801.11x RADIUS Server setting is Off otherwise your Wireless would Not work.
    Jack (MVP-Networking).




    "Malke" <> wrote in message
    news:#...
    > DJ Borell wrote:
    >
    > > "Mr. Smith" <> wrote in message
    > > news:...
    > >> Yes, but note this. If you disable SSID on your access points etc,
    > >> how do
    > >> your wireless clients know where to connect? You will have to
    > >> instruct your WiFi users as to what to use as an SSID to connect to
    > >> your Wireless network. It would be the same as if you also used WEP,
    > >> you would still need to give that info to your users.

    > >
    > >
    > > Yes, you would have to configure the SSID per machine. But if you're
    > > already manaully configuring your clients, you already have to
    > > configure the WEP/WPA key, so the "extra" step of defining the SSID is
    > > already necessary. And if you aren't using encryption, disabling the
    > > broadcast is really moot anyway.
    > >
    > > But this is the inherent problem with security; access becomes more
    > > difficult. Access/convenience are traded off for security. If you
    > > want complete convenience, resign yourself to no security.
    > >
    > >
    > >> I say run the network openly and perhaps issues certs to the users to
    > >> use
    > >> to secure by MAC Address. You could use some "I think it's called
    > >> NAS, someone correct me please if I am wrong" radius type logins so
    > >> that users would have to enter in user id and passwords.

    > >
    > >
    > > Correct, you could require authentication via a RADIUS server. But
    > > we're
    > > talking about a home wireless network here. I sincerely doubt the OP,
    > > or any other home user, wants to deploy a server scenario of this
    > > fashion or
    > > purchase the hardware necessary to employ this authentication. In an
    > > enterprise network utilizing WiFi, broadcast once again becomes moot
    > > if you are using WiFi best practices; ie, secure logon, AD, blah,
    > > blah, blah. Again, though, we're (or at least I am) not talking about
    > > an enterprise WiFi deployment.
    > >
    > > The best way to secure a Home Wireless Network is:
    > >
    > > 1) Disable the Broadcast ID
    > > 2) Change the default SSID
    > > 3) Enable WEP/WPA encryption with a strong key
    > > 4) Change the default admin password
    > > 5) Decrease the scope of the DHCP server to only the necessary number
    > > of host addresses
    > >
    > > And, if you aren't going to have variable clients;
    > >
    > > 5) Employ MAC filtering
    > >
    > > A home user that wants to be really nitty-gritty and is running XP Pro
    > > can also disable simple file sharing to require authentication for
    > > shared
    > > resources as well. I liken (for novice users) the above steps to
    > > "hiding the door to your house", "changing your address", "using a
    > > lock", "changing
    > > the keys", and "making sure there aren't too many keys available".
    > > Not perfect, but it gets the point across.
    > >
    > > Anyone with any WiFi experience knows that none of this makes you
    > > perfectly secure, but it certainly does make it a lot harder to attack
    > > your network.
    > >
    > > In my experience, and I've deployed/installed numerous home wireless
    > > networks, most users couldn't care less what security their network
    > > has.
    > > They just want it to work. Frequently, I have to enable the security
    > > and,
    > > if they realize I've done it, explain why it's necessary. If I ask up
    > > front
    > > whether they want it or not, I usually get "don't bother". IMHO, not
    > > employing even minimal security is foolish.

    >
    > You've never been disagreeable to *me*, DJ ;-) and 1) I never mind being
    > corrected because I like to learn; and 2) we don't have to agree on
    > everything. It's just that from what I've read by networking experts I
    > respect, enabling SSID is something you really want to do. I think
    > Windows wireless works better with it enabled, and so do the MS guys
    > who've posted about it. But as I said, we can disagree and still be
    > friends. I say a home user should change the SSID from the default,
    > leave it enabled, use as strong encryption as his/her hardware permits,
    > and do MAC filtering if you want.
    >
    > Malke
    > --
    > MS MVP - Windows Shell/User
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic!"
    Jack \(MVP\), Mar 4, 2005
    #7
  8. Mark Hall

    DJ Borell Guest

    "Jack (MVP)" <Jack(MVP)@discussions.microsoft.com.> wrote in message
    news:%...
    > Hi
    > Windows Zero Configuration (WZC) needs the SSID broadcast to be On in
    > order
    > to work correctly (some Wireless Clients need the Broadcast On even with
    > their own utilities).
    > Broadcast means that while resting (i.e. the Wireless connection is not
    > use)
    > the Wireless Source transmits burst of signal with its SSID. However,
    > switching the Broadcast Off is Not a Big security feature. When the
    > Wireless
    > is actually used it Broadcasts the SSID regardless of the status at Rest.
    > In other word While you are using your Wireless your SSID will popup on
    > any
    > neighbor computer whether the Broadcast is On or Off. In addition there
    > are
    > simple Utilities that can wake the Wireless even if the Broadcast is Off
    > and
    > you are not using it at the moment.


    As I don't seen any need to engage in a technical debate on wireless frame
    traffic composition, I'll agree to disagree on the usefullnes / necessity of
    the Broadcast SSID feature.

    The bottom line, regardless of the broadcast configuration, (and I think we
    agree here) is that there are more important / secure steps that should be
    taken anyway. Encryption chief among them.
    DJ Borell, Mar 4, 2005
    #8
  9. Mark Hall

    DLink Guru Guest

    You would not want the hassle of setting up radius servers on a small home
    network. Come on, obviously the OP is not that knowledgable or else he
    really would not be asking this qustion, and your suggesting this stuff???
    Come on....


    "Mr. Smith" <> wrote in message
    news:...
    > Yes, but note this. If you disable SSID on your access points etc, how do
    > your wireless clients know where to connect? You will have to instruct
    > your WiFi users as to what to use as an SSID to connect to your Wireless
    > network. It would be the same as if you also used WEP, you would still
    > need to give that info to your users.
    >
    >
    >
    > I say run the network openly and perhaps issues certs to the users to use
    > to secure by MAC Address. You could use some "I think it's called NAS,
    > someone correct me please if I am wrong" radius type logins so that users
    > would have to enter in user id and passwords.
    >
    >
    DLink Guru, Mar 4, 2005
    #9
  10. Mark Hall

    Jack \(MVP\) Guest

    Hi.
    I am not trying to advocate this as a solution for Home/SOHO users, however
    for the record.
    NAS is Network Attached Storage.
    You meant IAS: Internet Authentication Service
    IAS can be used a form of RADIUS Server to authenticate Wireless Connection.
    http://www.microsoft.com/technet/community/chats/trans/network/net1216.mspx
    Jack (MVP-Networking).



    "Mr. Smith" <> wrote in message
    news:...
    > Yes, but note this. If you disable SSID on your access points etc, how do
    > your wireless clients know where to connect? You will have to instruct

    your
    > WiFi users as to what to use as an SSID to connect to your Wireless

    network.
    > It would be the same as if you also used WEP, you would still need to give
    > that info to your users.
    >
    >
    >
    > I say run the network openly and perhaps issues certs to the users to use

    to
    > secure by MAC Address. You could use some "I think it's called NAS,

    someone
    > correct me please if I am wrong" radius type logins so that users would

    have
    > to enter in user id and passwords.
    >
    >
    Jack \(MVP\), Mar 5, 2005
    #10
  11. The short answer is no.

    The longer answer - If your wireless network is in use, every packet sent to
    your access point has a destination that can be read by any client that is
    configured to listen(your neighbor). There are many utilities that do this
    and they are very simple to use.

    Some mention has also been made of disabling broadcast SSIDs. This provides
    no additional security and degrades the client experience. Your network
    name is out in the air with or without this flag.

    Jack has offered some links and information on securing your wireless
    connection and it is good advice.

    --
    Please do not send e-mail directly to this alias. This alias is for
    newsgroup purposes only.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    "Mark Hall" <> wrote in message
    news:...
    >i am running a wireless network and some1 accross the road can see our
    > network. is it possible to block them.
    >
    > thanks in advance
    Jim Seifert [MSFT], Mar 28, 2005
    #11
  12. Mark Hall

    M.L. Guest


    >> i am running a wireless network and some1 accross the road can see our
    >> network. is it possible to block them.


    >There is no way you can prevent someone just seeing your wireless
    >network; that is how wireless works. You can turn off SSID
    >broadcasting, but this is not advantageous for your own network and
    >really provides no security. You should make sure you have enabled
    >encryption on your network, and you may also choose to do MAC address
    >filtering on your router, only allowing your own computers to access
    >the network. Then, although your network will be visible to outsiders,
    >they will not be able to connect. Here is a link regarding basic
    >wireless security:
    >
    >Wireless - Basic Security - http://www.ezlan.net/Wireless_Security.html


    Any hacker who can get through encryption and MAC filtering will have
    no problem finding an SSID. And some network configurations will not
    work unless the SSID is turned on.
    M.L., Apr 5, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig Hummel

    Unwanted Network Connection

    Craig Hummel, Dec 11, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    2,193
  2. =?Utf-8?B?TGFycnk=?=

    Removing unwanted network place

    =?Utf-8?B?TGFycnk=?=, May 30, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    650
    =?Utf-8?B?TGFycnk=?=
    May 30, 2006
  3. 46erjoe

    Unwanted network sites

    46erjoe, Oct 17, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    337
    Jack \(MVP-Networking\).
    Oct 18, 2006
  4. Mike Hyndman

    Connecting to unwanted network

    Mike Hyndman, Jan 16, 2007, in forum: Wireless Networking
    Replies:
    2
    Views:
    469
    Mike Hyndman
    Jan 16, 2007
  5. Luke
    Replies:
    4
    Views:
    390
Loading...

Share This Page