Wireless network security

Discussion in 'Computer Support' started by zxcvbob, Aug 6, 2009.

  1. zxcvbob

    zxcvbob Guest

    I've been volunteered to set up a wireless network for DD and her
    college roommates. I have no idea what kind of computers the other
    girls have, and I won't find out in time (I'll be 1200 miles away by the
    time half of them get back to campus) DD has a 2-year-old Mac, and I
    have a Linux netbook and several PC's running WinXP and Win2K. I can
    use those to test it here before I go install it. I don't know if they
    are going to have DSL or Cable or what. That's not my problem. DD says
    they'll rent a modem.

    Here's what I've done, (plan to do, with a couple of the steps) do y'all
    see any problems?

    I bought a $50 Belkin 'N' wireless router. It also has 4 wired LAN
    ports on the back. I assume everyone will have 'G' or maybe 'B'
    wireless adapters, but if someone does have 'N' they'll be able to take
    advantage of it. I set everything up manually instead of using the
    configuration CD.

    1) I gave it the SSID that they wanted, and I'm having it broadcast to
    make it easier for them to set up their connections.

    2) I set the encryption to WPA-2, and gave it a nasty, long, and totally
    random key. Something just like (but different):
    'o^;IpW4a[-HWD]]o'"aQ&rl9O.t.geg<TEec=4;IHhBm:]C@Lndw*Fu+bo5WH,
    ....and had DD email the key to everybody, also to store it on her
    computer in a text file in case somebody loses it.

    3) I've left the administrator password blank. Not sure if that's a
    good idea. The other thing I could do is set a password and then write
    it on a label attached to the router. I don't want to get calls at
    3:00AM asking me what the password is.

    4) I turned off remote configuration, so the settings can't be changed
    over the WAN port. I'm going to see if I can turn off configuration via
    wireless, so someone would have to use an Ethernet cable on a LAN port
    to change anything. (physical security)

    I know if I lock things down too tight, they'll just reset it back to
    factory defaults and probably run with it unsecured. WEP vs. WPA was
    the toughest choice, because I don't know how old the computers are that
    will be connected and what OS's they will have.

    Have I overlooked anything (or screwed up somewhere)?

    Thanks,
    Bob
     
    zxcvbob, Aug 6, 2009
    #1
    1. Advertising

  2. zxcvbob

    NormanM Guest

    On Thu, 06 Aug 2009 09:52:35 -0500, zxcvbob wrote:

    > I've been volunteered to set up a wireless network for DD and her
    > college roommates. I have no idea what kind of computers the other
    > girls have, and I won't find out in time (I'll be 1200 miles away by the
    > time half of them get back to campus) DD has a 2-year-old Mac, and I
    > have a Linux netbook and several PC's running WinXP and Win2K. I can
    > use those to test it here before I go install it. I don't know if they
    > are going to have DSL or Cable or what. That's not my problem. DD says
    > they'll rent a modem.
    >
    > Here's what I've done, (plan to do, with a couple of the steps) do y'all
    > see any problems?
    >
    > I bought a $50 Belkin 'N' wireless router. It also has 4 wired LAN
    > ports on the back. I assume everyone will have 'G' or maybe 'B'
    > wireless adapters, but if someone does have 'N' they'll be able to take
    > advantage of it. I set everything up manually instead of using the
    > configuration CD.
    >
    > 1) I gave it the SSID that they wanted, and I'm having it broadcast to
    > make it easier for them to set up their connections.


    Good.

    > 2) I set the encryption to WPA-2, and gave it a nasty, long, and totally
    > random key. Something just like (but different):
    > 'o^;IpW4a[-HWD]]o'"aQ&rl9O.t.geg<TEec=4;IHhBm:]C@Lndw*Fu+bo5WH,
    > ...and had DD email the key to everybody, also to store it on her
    > computer in a text file in case somebody loses it.


    Good.

    > 3) I've left the administrator password blank. Not sure if that's a
    > good idea. The other thing I could do is set a password and then write
    > it on a label attached to the router. I don't want to get calls at
    > 3:00AM asking me what the password is.


    Not good. You gave them a "nasty long" WPA2 key; what would be so hard about
    a 10 character to 12 character admin password?

    > 4) I turned off remote configuration, so the settings can't be changed
    > over the WAN port. I'm going to see if I can turn off configuration via
    > wireless, so someone would have to use an Ethernet cable on a LAN port
    > to change anything. (physical security)


    Good.

    > I know if I lock things down too tight, they'll just reset it back to
    > factory defaults and probably run with it unsecured. WEP vs. WPA was
    > the toughest choice, because I don't know how old the computers are that
    > will be connected and what OS's they will have.
    >
    > Have I overlooked anything (or screwed up somewhere)?


    If any one of them has a device which is only capable of WEP, they likely
    will loosen up the security. When it comes to computers, even when a user
    has been hit with a hostile takeover of their computer, they usually still
    prefer convenience over security.

    --
    Norman
    ~Oh Lord, why have you come
    ~To Konnyu, with the Lion and the Drum
     
    NormanM, Aug 6, 2009
    #2
    1. Advertising

  3. zxcvbob

    zxcvbob Guest

    NormanM wrote:
    > On Thu, 06 Aug 2009 09:52:35 -0500, zxcvbob wrote:
    >
    >> 3) I've left the administrator password blank. Not sure if that's a
    >> good idea. The other thing I could do is set a password and then write
    >> it on a label attached to the router. I don't want to get calls at
    >> 3:00AM asking me what the password is.

    >
    > Not good. You gave them a "nasty long" WPA2 key; what would be so hard about
    > a 10 character to 12 character admin password?



    Yeah, I know; it's not hard at all. I was wondering if this one should
    be a strong password or a weak one? (even a weak password is a lot
    better than nothing) But remember, I'm planning to lock out all
    administrative functions except thru the wired LAN ports -- I was
    thinking that would take the place of an admin password. If they forget
    the password, they *will* do a hardware reset -- they are kids, that's
    what they do :)

    Thanks again,
    Bob
     
    zxcvbob, Aug 6, 2009
    #3
  4. zxcvbob

    Mara Guest

    On Thu, 06 Aug 2009 10:38:59 -0500, zxcvbob <> wrote:

    >NormanM wrote:
    >> On Thu, 06 Aug 2009 09:52:35 -0500, zxcvbob wrote:
    >>
    >>> 3) I've left the administrator password blank. Not sure if that's a
    >>> good idea. The other thing I could do is set a password and then write
    >>> it on a label attached to the router. I don't want to get calls at
    >>> 3:00AM asking me what the password is.

    >>
    >> Not good. You gave them a "nasty long" WPA2 key; what would be so hard about
    >> a 10 character to 12 character admin password?

    >
    >
    >Yeah, I know; it's not hard at all. I was wondering if this one should
    >be a strong password or a weak one? (even a weak password is a lot
    >better than nothing) But remember, I'm planning to lock out all
    >administrative functions except thru the wired LAN ports -- I was
    >thinking that would take the place of an admin password. If they forget
    >the password, they *will* do a hardware reset -- they are kids, that's
    >what they do :)
    >
    >Thanks again,
    >Bob


    Set the password. If you leave it blank, you're a wide-open target. Once
    crackers have access to your router through either a blank or the default
    password (there are lists of those online) it's going to be the router owner
    that pays the price, not the cracker.

    --
    Why can't people set their clocks, reply to the correct poster, test in
    a test group, write a coherent question, or keep a question to one thread?
    Some people are so far from hitting the nail, it doesn't matter if they
    have a hammer or a banana. --trout, 24hshd, c.2002
     
    Mara, Aug 6, 2009
    #4
  5. zxcvbob

    M.L. Guest


    >>>> 3) I've left the administrator password blank. Not sure if that's a
    >>>> good idea. The other thing I could do is set a password and then write
    >>>> it on a label attached to the router. I don't want to get calls at
    >>>> 3:00AM asking me what the password is.
    >>>
    >>> Not good. You gave them a "nasty long" WPA2 key; what would be so hard about
    >>> a 10 character to 12 character admin password?


    >>Yeah, I know; it's not hard at all. I was wondering if this one should
    >>be a strong password or a weak one? (even a weak password is a lot
    >>better than nothing) But remember, I'm planning to lock out all
    >>administrative functions except thru the wired LAN ports -- I was
    >>thinking that would take the place of an admin password. If they forget
    >>the password, they *will* do a hardware reset -- they are kids, that's
    >>what they do :)


    >Set the password. If you leave it blank, you're a wide-open target. Once
    >crackers have access to your router through either a blank or the default
    >password (there are lists of those online) it's going to be the router owner
    >that pays the price, not the cracker.


    The WPA2 key will keep most crackers away from the router. The router
    password will keep those who have physical access to the computers
    from changing router settings unless authenticated.
     
    M.L., Aug 7, 2009
    #5
  6. zxcvbob

    PeeCee Guest

    "zxcvbob" <> wrote in message
    news:...
    > I've been volunteered to set up a wireless network for DD and her college
    > roommates. I have no idea what kind of computers the other girls have,
    > and I won't find out in time (I'll be 1200 miles away by the time half of
    > them get back to campus) DD has a 2-year-old Mac, and I have a Linux
    > netbook and several PC's running WinXP and Win2K. I can use those to test
    > it here before I go install it. I don't know if they are going to have
    > DSL or Cable or what. That's not my problem. DD says they'll rent a
    > modem.
    >
    > Here's what I've done, (plan to do, with a couple of the steps) do y'all
    > see any problems?
    >
    > I bought a $50 Belkin 'N' wireless router. It also has 4 wired LAN ports
    > on the back. I assume everyone will have 'G' or maybe 'B' wireless
    > adapters, but if someone does have 'N' they'll be able to take advantage
    > of it. I set everything up manually instead of using the configuration
    > CD.
    >
    > 1) I gave it the SSID that they wanted, and I'm having it broadcast to
    > make it easier for them to set up their connections.
    >
    > 2) I set the encryption to WPA-2, and gave it a nasty, long, and totally
    > random key. Something just like (but different):
    > 'o^;IpW4a[-HWD]]o'"aQ&rl9O.t.geg<TEec=4;IHhBm:]C@Lndw*Fu+bo5WH,
    > ...and had DD email the key to everybody, also to store it on her computer
    > in a text file in case somebody loses it.
    >
    > 3) I've left the administrator password blank. Not sure if that's a good
    > idea. The other thing I could do is set a password and then write it on a
    > label attached to the router. I don't want to get calls at 3:00AM asking
    > me what the password is.
    >
    > 4) I turned off remote configuration, so the settings can't be changed
    > over the WAN port. I'm going to see if I can turn off configuration via
    > wireless, so someone would have to use an Ethernet cable on a LAN port to
    > change anything. (physical security)
    >
    > I know if I lock things down too tight, they'll just reset it back to
    > factory defaults and probably run with it unsecured. WEP vs. WPA was the
    > toughest choice, because I don't know how old the computers are that will
    > be connected and what OS's they will have.
    >
    > Have I overlooked anything (or screwed up somewhere)?
    >
    > Thanks,
    > Bob




    Bob

    Do set the admin password, I have personal knowledge of a hacked wireless
    router when the owner initially left wifi security off.
    Even after putting WPA on with a good long password the router continued to
    provide upload services for the cracker until the router was fully reset.
    To be doubly sure change the admin name from 'admin' to something else.

    I've generally found WPA - PSK more accessable than WPA2.
    I personally would be quite resolute about WEP 'not' being used.
    WEP was cracked a long time ago and in your DD environment there is bound to
    be a few cretins willing to show their 'prowess' by cracking your DD's WiFi.
    Laptop's with WEP are be pretty old now and I would guess most, if not all
    will have a Laptop less than a couple of years old.

    BTW the most common problem I've found when a new Laptop is trying to
    connect is the Firewall's in the likes of McAfee or Norton.

    As for avoiding 3am calls try putting a sticker with the local IT shop on
    the top.
    The one thing that makes teenagers 'learn' is when it costs them $$$ to
    ignore parental advice/standards.

    Best
    Paul.
     
    PeeCee, Aug 7, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmFtZXM=?=

    Deleting a "Wireless network" created with the wireless network wi

    =?Utf-8?B?SmFtZXM=?=, Dec 13, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    4,267
    =?Utf-8?B?S2V2aW5S?=
    Feb 3, 2006
  2. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    616
    COMSOLIT Messmer
    Sep 5, 2003
  3. Jordan
    Replies:
    1
    Views:
    870
    Pavel A.
    Nov 3, 2007
  4. PL
    Replies:
    1
    Views:
    611
    Todd H.
    Nov 15, 2007
  5. Rupert
    Replies:
    1
    Views:
    915
    Rupert
    May 9, 2004
Loading...

Share This Page