[Fineus]

Well, I'm moving into a house for University at the end of the month. We'll be using a wireless network to hub then to NTLs broadband system. It'll be my first time having my computer in any kind of network, especially a wireless one.

Not that I don't trust my friends, but I'd like to ensure my computer is secure both from prying eyes and from viruses and whatever other **** they accidentally downloaded because they don't know what they're doing.

I have AVG antivirus, Ad-Aware, CCleaner and HiJack This installed (though to be honest I don't really know how to use HiJack This).

As far as I'm concerned, that's a pretty good setup for a single computer, but I'm not so sure about wireless networks. Does anyone have any tips / suggested software to make sure my computer has as few holes in it as possible?

Cheers guys

[Fury]

You're missing software firewall there. Get one, such as Kerio Personal Firewall which is free for personal use. Your university's I staff should be knowleadgeable enough about WLAN security to set up their access points correctly, all you need to do is to follow their instructions to set up wireless connection.

[Fineus]

I do have Windows XPs packaged firewall, if that counts.

Also, I'm not sure my University will help me out with this - as I'm not trying to connect it to their network at all. I'm trying to connect it to the internet / the network that my friends computers will be on at home.

[Grey Wolf]

No, it doesn't. Sygate Personal Firewall and the free version of ZoneAlarm is decent.

As for the wireless access point, encrypt the signal and change the administrative password on the router.

[Martinus]

[color=66ff00]First decide if you want these guys to be able to access anything on your computer; mp3's videos, services like FTP... Apply sharing permissions as appropriate (ask if you need more details, I've had to do this a lot ).

In the unlikely case that the hub doesn't have a DHCP server built in, most do these days, assign your wireless connection an IP address.
Wireless is significantly similar to standard wired networking in setup from a windows perspective so you shouldn't have too many issues.

Always firewall your machine on a non trusted network. Zonealarm's 'zones' allows you to select which IP's can connect to your computer and what their level of access is.

It's quite possible to have a shared directory that the entire house can use without compromising the security of the rest of the files on your computer.
[/color]

[Martinus]

Originally posted by Grey Wolf
No, it doesn't. Sygate Personal Firewall and the free version of ZoneAlarm is decent.

As for the wireless access point, encrypt the signal and change the administrative password on the router.

[color=66ff00]Both good points, winxp firewall is pants.

When using encryption try to use WPA over WEP as WEP is quite crackable with the right hardware and tools.
[/color]

[Inquisitor]

Anything is crackable with the right hardware and tools.

Being on that network won't be any different than being on the internet.

Take the same precautions and turn off things like XP file sharing. Treat that connection as a nekkid connection to the internet.

[Stealth]

just don't share any files.

[Martinus]

[color=66ff00]You don't think that's overkill Stealth?
I know there are a number of ways to exploit windows shares but with 2k and xp's permissions you can fairly safely protect the contents of a folder without having to worry too much.

I am of course assuming that you want to share stuff Kalfireth.
[/color]

[Fineus]

I wouldn't mind...

...and in all honesty, I'll be in a residential area with my friends - only one of whom has as much experience with computers as I do. I don't anticipate any real problems coming my way, but I'd like to be defended against the basics.

Thanks for all the advice thus far

[Martinus]

[color=66ff00]I only suggested WPA over WEP as WEP is quite easily crackable by someone only slightly more knowlegable than your average script kiddie with the right hardware and some easily obtainable tools. WPA is much more secure.

With even a reasonable level of security you can safely share stuff.
[/color]

[aipz]

if you have a free version of ad-aware you don't have a resident anti-spyware shield in that program...
In other words you can only scan for what's already in your system...
I've switched to Spybot which is free and has a resident shield...

[WMCoolmon]

There's no need to even have Windows' file sharing installed at all to share files. Simply install an FTP server and only turn it on when you want to share files. That way there's no chance of anyone cracking your comp with Windows file sharing...there are also some hidden shares that are enabled by default that you might want to turn off.

[mikhael]

First off, Zone Alarm is ****e. Absolute garbage, for a variety of reasons, not least that it alerts for everything including voltage changes on the ethernet cable. I'd trust Windows Firewall further, but only because its slightly less annoying. Not because its any good.

Second FTP is one of the worst ideas I've ever heard, as its a completely cleartext system. Its as bad as using telnet. There are other, better alternatives out there. Even Windows File Sharing (for internal stuff) is better, provided you A) use NTFS, B) grok share security, C) grok NTFS file permissions and D) have secured your Windows box properly to begin with. And if you' haven't done (D), leave the damn thing off the network until you do. SMB shares can be conveniently turned on and off with one check box in the network configuration (or, under XP, one command through netsh). If you choose not to use SMB shares and decide to go the FTP route, make sure to use an FTP service that maintains its own user/password table (IE, not the Windows FTP server) and make sure that the usernames aand passwords used there don't match any usernames and passwords on your Windows box. FTP is trivial to sniff, and if you're using Wireless, regardless of encryption strength/method, its a bad idea to let your real credentials go floating around.

WEP--even 256 bit (only available on some hardware)--is crackable by anyone, even a retarded script kiddy, given the existence of AirSnort. WPA is by far and away the best option you're going to get short of expensive hardware the uni isn't going to have.

Microsoft has a great guide for securing a server that's going to be attached to the Internet. Its in the Knowledge Base. Go get it. Apply it to your machine. There's a lot of extra crap in there that you don't need that is just screaming for some smeghead to come in and own your box. Ditch the compatibility cruft, the convenience cruft and for Bosch' sake, don't activate IIS unless you've got some professional experience. That's REALLY asking for trouble.

[WMCoolmon]

With FTP I was thinking of it as a quick transfer mechanism; you only start it up when a friend or someone wants to access a file, so the total uptime is only a few minutes, and access would only be granted to nonvital files.

Plus I'm sure there are very similar alternatives with encryption out there (SFTP comes to mind).

[mikhael]

As soon as you start dealing with encrypted versions, you might as well use Windows File Sharing. Under XP the session setup and authentication is already pretty reasonably encrypted, and with the judicious application of two or three security policies, it becomes rather reliably encrypted. The whole session, however is not, but that doesn't matter nearly so much.