Author Topic: Wireless Network Security?  (Read 1099 times)

0 Members and 1 Guest are viewing this topic.

Offline Fineus

  • ...But you *have* heard of me.
  • Administrator
  • 212
    • Hard Light Productions
Wireless Network Security?
Well, I'm moving into a house for University at the end of the month. We'll be using a wireless network to hub then to NTLs broadband system. It'll be my first time having my computer in any kind of network, especially a wireless one.

Not that I don't trust my friends, but I'd like to ensure my computer is secure both from prying eyes and from viruses and whatever other **** they accidentally downloaded because they don't know what they're doing.

I have AVG antivirus, Ad-Aware, CCleaner and HiJack This installed (though to be honest I don't really know how to use HiJack This).

As far as I'm concerned, that's a pretty good setup for a single computer, but I'm not so sure about wireless networks. Does anyone have any tips / suggested software to make sure my computer has as few holes in it as possible?

Cheers guys :)

 

Offline Fury

  • The Curmudgeon
  • 213
You're missing software firewall there. Get one, such as Kerio Personal Firewall which is free for personal use. Your university's I staff should be knowleadgeable enough about WLAN security to set up their access points correctly, all you need to do is to follow their instructions to set up wireless connection.

 

Offline Fineus

  • ...But you *have* heard of me.
  • Administrator
  • 212
    • Hard Light Productions
I do have Windows XPs packaged firewall, if that counts.

Also, I'm not sure my University will help me out with this - as I'm not trying to connect it to their network at all. I'm trying to connect it to the internet / the network that my friends computers will be on at home.

 

Offline Grey Wolf

No, it doesn't. Sygate Personal Firewall and the free version of ZoneAlarm is decent.

As for the wireless access point, encrypt the signal and change the administrative password on the router.
You see things; and you say "Why?" But I dream things that never were; and I say "Why not?" -George Bernard Shaw

 

Offline Martinus

  • Aka Maeglamor
  • 210
    • Hard Light Productions
[color=66ff00]First decide if you want these guys to be able to access anything on your computer; mp3's videos, services like FTP... Apply sharing permissions as appropriate (ask if you need more details, I've had to do this a lot :) ).

In the unlikely case that the hub doesn't have a DHCP server built in, most do these days, assign your wireless connection an IP address.
Wireless is significantly similar to standard wired networking in setup from a windows perspective so you shouldn't have too many issues.

Always firewall your machine on a non trusted network. Zonealarm's 'zones' allows you to select which IP's can connect to your computer and what their level of access is.

It's quite possible to have a shared directory that the entire house can use without compromising the security of the rest of the files on your computer. :nod:
[/color]

 

Offline Martinus

  • Aka Maeglamor
  • 210
    • Hard Light Productions
Quote
Originally posted by Grey Wolf
No, it doesn't. Sygate Personal Firewall and the free version of ZoneAlarm is decent.

As for the wireless access point, encrypt the signal and change the administrative password on the router.

[color=66ff00]Both good points, winxp firewall is pants.

When using encryption try to use WPA over WEP as WEP is quite crackable with the right hardware and tools.
[/color]

 

Offline Inquisitor

Anything is crackable with the right hardware and tools.

Being on that network won't be any different than being on the internet.

Take the same precautions and turn off things like XP file sharing. Treat that connection as a nekkid connection to the internet.
No signature.

 

Offline Stealth

  • Braiiins...
  • 211
just don't share any files.

 

Offline Martinus

  • Aka Maeglamor
  • 210
    • Hard Light Productions
[color=66ff00]You don't think that's overkill Stealth?
I know there are a number of ways to exploit windows shares but with 2k and xp's permissions you can fairly safely protect the contents of a folder without having to worry too much.

I am of course assuming that you want to share stuff Kalfireth.
[/color]

 

Offline Fineus

  • ...But you *have* heard of me.
  • Administrator
  • 212
    • Hard Light Productions
I wouldn't mind...

...and in all honesty, I'll be in a residential area with my friends - only one of whom has as much experience with computers as I do. I don't anticipate any real problems coming my way, but I'd like to be defended against the basics.

Thanks for all the advice thus far :)

 

Offline Martinus

  • Aka Maeglamor
  • 210
    • Hard Light Productions
[color=66ff00]I only suggested WPA over WEP as WEP is quite easily crackable by someone only slightly more knowlegable than your average script kiddie with the right hardware and some easily obtainable tools. WPA is much more secure. :nod:

With even a reasonable level of security you can safely share stuff.
[/color]

 

Offline aipz

  • 28
  • War,war never changes...
if you have a free version of ad-aware you don't have a resident anti-spyware shield in that program...
In other words you can only scan for what's already in your system...
I've switched to Spybot which is free and has a resident shield...
"Another fellow pilot"

 

Offline WMCoolmon

  • Purveyor of space crack
  • 213
There's no need to even have Windows' file sharing installed at all to share files. Simply install an FTP server and only turn it on when you want to share files. That way there's no chance of anyone cracking your comp with Windows file sharing...there are also some hidden shares that are enabled by default that you might want to turn off.
-C

 

Offline mikhael

  • Back to skool
  • 211
  • Fnord!
    • http://www.google.com/search?q=404error.com
First off, Zone Alarm is ****e. Absolute garbage, for a variety of reasons, not least that it alerts for everything including voltage changes on the ethernet cable. I'd trust Windows Firewall further, but only because its slightly less annoying. Not because its any good.

Second FTP is one of the worst ideas I've ever heard, as its a completely cleartext system. Its as bad as using telnet. There are other, better alternatives out there. Even Windows File Sharing (for internal stuff) is better, provided you A) use NTFS, B) grok share security, C) grok NTFS file permissions and D) have secured your Windows box properly to begin with. And if you' haven't done (D), leave the damn thing off the network until you do. SMB shares can be conveniently turned on and off with one check box in the network configuration (or, under XP, one command through netsh). If you choose not to use SMB shares and decide to go the FTP route, make sure to use an FTP service that maintains its own user/password table (IE, not the Windows FTP server) and make sure that the usernames aand passwords used there don't match any usernames and passwords on your Windows box. FTP is trivial to sniff, and if you're using Wireless, regardless of encryption strength/method, its a bad idea to let your real credentials go floating around.

WEP--even 256 bit (only available on some hardware)--is crackable by anyone, even a retarded script kiddy, given the existence of AirSnort. WPA is by far and away the best option you're going to get short of expensive hardware the uni isn't going to have.

Microsoft has a great guide for securing a server that's going to be attached to the Internet. Its in the Knowledge Base. Go get it. Apply it to your machine. There's a lot of extra crap in there that you don't need that is just screaming for some smeghead to come in and own your box. Ditch the compatibility cruft, the convenience cruft and for Bosch' sake, don't activate IIS unless you've got some professional experience. That's REALLY asking for trouble.
[I am not really here. This post is entirely a figment of your imagination.]

 

Offline WMCoolmon

  • Purveyor of space crack
  • 213
With FTP I was thinking of it as a quick transfer mechanism; you only start it up when a friend or someone wants to access a file, so the total uptime is only a few minutes, and access would only be granted to nonvital files.

Plus I'm sure there are very similar alternatives with encryption out there (SFTP comes to mind).
-C

  

Offline mikhael

  • Back to skool
  • 211
  • Fnord!
    • http://www.google.com/search?q=404error.com
As soon as you start dealing with encrypted versions, you might as well use Windows File Sharing. Under XP the session setup and authentication is already pretty reasonably encrypted, and with the judicious application of two or three security policies, it becomes rather reliably encrypted. The whole session, however is not, but that doesn't matter nearly so much.
[I am not really here. This post is entirely a figment of your imagination.]