domingo, 25 de julio de 2010

Wireless Network Security

Before we talk about wireless network security, we must first understand how a wireless network operates.

For most home and small business users,
a wireless network is basically a set of devices that enable all of the personal computers in your location to use a broadband internet connection simultaneously.

Wireless networks don't use cables for connections, but instead use radio waves, like cordless phones. Also known as Wi-Fi, or Wireless Fidelity, wireless networks allow you to use your networked computers or laptops anywhere in an office or home.


Wireless networking is also available in public "hotspots,"
like coffee shops, hotel rooms and lobbies, and airports.

You may have heard the term "Internet Cafe". This refers to a place of business (most often, a coffee shop) which offers wireless network access for anyone who wants to bring in a laptop equipped with a wireless network card. The wireless network card picks up the wireless network signal and the two communicate over that signal. Here's a web page which talks about the wireless network security risks of using Internet Cafes, if you are interested.


But, just as with a cell phone, a wireless network (and any computer you have connected to it) can be hacked, especially if it isn't secured.


CAVEAT and Disclaimer:
Wireless networks are inherently unsafe and cannot be completely secured, as there are hackers who will always be one step ahead of the commercial security vendors.

So I, Ellen Davis, do not guarantee that your wireless network security will be impenetrable after completing the steps offered on this site.


However, in my opinion, the majority of hackers are going after bigger fish, and don't have much interest in your wireless home network, except maybe to use it for free internet access.


So unless you are storing hundreds of credit card numbers on your computers for some reason, or you have some kind of important information that can be sold on the black market, or you make some hacker mad, applying the steps below will help ensure your wireless network security is at least better than it would be if you did nothing.


Let's take a closer look at setting up a wireless network and the best practices for building in wireless network security.


First, here's a list of components needed to build a basic home or small office wireless network:


   1. Windows based personal computers, and/or personal laptops with Windows XP SP2 installed. (Windows XP SP2 is compatible with WPA2 Personal encryption, which is what I recommend using).

   2. WPA2 enabled wired or wireless network adapters, which should be (or may already be) installed in each of your computers.

      If you aren't sure whether Windows XP and the network cards installed on your computer are enabled for WPA2, here's an excellent page that walks you through how to upgrade Windows XP, routers and network cards to WPA2.

   3. Ethernet cables, also known as CAT 5 cables. They come in 3, 6, 10, 25, and 50 foot lengths. Desktop and laptop computers won't need a cable if a wireless network card in installed.

   4. A wireless router that supports WPA and WPA2 encryption. There are many different brands, but I use Linksys wireless routers because they are reliable and easy to set up. They cost around $60 in the big office supply or computer stores.

   5. A broadband internet connection.

   6. The wireless network security steps below.

Second, you need steps on how to secure a wireless network. I've included the details on how to implement reliable wireless network security below: (I'm assuming that we are in your home or small business office, and that you have a desktop PC wired into your broadband box and that you will be using a new Linksys router):


   1. First, you must have either a regular or wireless network card in all of the computers in your house. For most wireless networks, a desktop computer nearest to the broadband jack will be connected via a wired network card and cable. Laptops or any other computer not close to the router will be connected via wireless card (or long CAT 5 cable).

      IMPORTANT Note:
If you have older network cards, they may not be compatible with the new WPA2 security protocol. Upgrade the drivers or the cards if you have to, because relying on any other security protocol like WEP is just not as good when it comes to wireless security.

      You may also need to upgrade Windows XP SP2 to be compatible with WPA2 security. Here's the Microsoft page to do this.

   2. If you haven't done so already, place an order for a broadband (aka high speed) internet service installation with your local internet service provider. (This can be a cable company, the telephone company or a wireless tower provider – shop around for the best deal).

   3. Purchase a wireless router and install it.
NOTE: Be careful about buying used routers; the previous owner could install malicious software on them that could hurt your computer. New is better if you don't know how to clean them up.

   4. Following the instructions that come with the router, set it up next to the computer that is plugged into the broadband connection box.

   5. IMPORTANT!! SECURE your wireless router. Follow each of these steps to make sure your wireless network security is reliable and your network is safe from outside intrusion:

          * Change the default wireless network name or SSID to something unique but not personal (no social security numbers or house addresses). The name you choose can be up to 32 characters long and you need to be able to remember it. Linksys sets the default name to Linksys on their routers and every hacker in the world knows that, so don't leave it unchanged.

          * Change the default password.
Linksys sets a default password of admin, and every hacker knows that too. Change it to a password that includes both letters and numbers. Avoid using words that can be found in a dictionary. Also, make sure you either remember it or note it somewhere secure. You will need if you want to access your router later to make changes.

          * Enable Encryption. Linksys routers offer several kinds of security protocols – WPA, WPA2 and WEP are the major types.

            The newest and most secure kind of encryption is WPA2. Both WEP and WPA have already been cracked by hackers. WPA2 is the most secure, so I would implement it over the other choices.

            When the router setup asks you to choose a wireless security encryption method, choose security mode "WPA2 Personal". Then choose algorithms "TKIP+AES". Choose a strong password for your encryption key, such as a combination of letters and numbers. It can be from 8 to 63 characters, I would use at least 14 characters. Leave the key renewal interval as it is, and save the setting. Make sure you can remember the key. I hate to tell you to write it down, but if you must, you must.

            Later, when you try to connect your wireless clients to your network, the card utility should automatically ask you for the preshared key. Enter it twice and you should get connected. If not, please check that the wireless card in the computer is actually compatible with WPA/WPA2.

            Note: If you have an older router that supports WEP only, and you don't want to upgrade it, please remember that WEP is very easy to crack, so your wireless network won't be as secure. You'll be at least safer if you use 128-bit WEP keys, but I would recommend that you check the router manufacturer's website for a firmware upgrade that will add WPA support.

          * DON'T turn off SSID Broadcasting. A wireless router can broadcast its SSID name by sending out a continuous radio ping. This is convenient for people trying to connect to it, because they don't have to remember the name of the network. It seems like it would be good to turn that off, but on Windows XP, it isn't a good idea.

            Windows XP, by default, always tries to connect to the first broadcasted wireless network. If you turn off SSID broadcasting, Windows XP won't connect to your network first if it finds a broadcasting network in close enough range. That's not good wireless network security, for sure. So it's best to continue broadcasting while implementing WPA2 encryption instead.

            Plus you won't have to choose to connect to "nonbroadcasting networks" on your computers, and then type in the name of the network to connect to it.

          * You have now successfully implemented wireless network security on your router that should keep your data relatively safe (see caveat above for more info).

      Let's keep going to finish setting up our network, and connecting to the internet.

   6. Change the network card settings
in each of your PCs to match the router settings. Pay particular attention to the SSID, the type of encryption, and the key you used when you set up the router.

      You'll need to know this info when are ready to connect any wireless PCs or laptops. Wired computers will get the information they need automatically, as long as the network card is set up to use DHCP, which basically means the network card goes out and gets what it needs from the network automatically.

   7. If you have a laptop with a wireless card, check to make sure the wifi capabilities are on. NOTE: On some laptops, there is a switch or button on the laptop that turns the wireless network card on or off. If you are having trouble "seeing" the wireless network, you may have to "turn on" your wireless network card.

   8. Once your computer network cards have the network information that matches the router,
they will connect and you'll be able to connect to the internet, with confidence that your wireless network security is set up correctly.

   9. Note: Look for the wireless signal strength in the system tray located in the bottom right hand corner of your Windows desktop. It will look a bunch of colored bars.

      Green means the signal is strong, yellow is weaker, and red means no signal at all.

      Walk around your house with your laptop and see how good the signal is in each room.

      Being able to work anywhere in your house depends on how big your house is, and where your wireless router is located. As you walk around, you'll see the signal strength icon in the Windows system tray changed.

      Very quickly, you'll find out the best places to be for full network speed. It's makes working on your computer kind of fun, and now you have the peace of mind that your wireless network security is keeping your computers safe.

      All done! You now know the best steps for setting up a wireless network and configuring strong wireless network security. I hope this information helps you keep your computers and your data safe.

      One more note:
If setting up wireless network security seems a little overwhelming, and you live in Cheyenne, Wyoming, I can help. Send me a note via my contact form, and I'd be happy to come out and set it up for you. My rates are reasonable.

Hernández Caballero Indiana
Asignatura: CRF
Fuente:http://www.sensible-computer-help.com/wireless-network-security.html

No hay comentarios:

Publicar un comentario