U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 02-16-2008, 08:27 PM
 
Location: Pocono Mts.
9,483 posts, read 11,066,766 times
Reputation: 11416

Advertisements

We just moved into a new office, and set up our com****rs. My husband has a laptop and we have wireless network. Yesterday, our neighbor in the office next door told us that he lost his one day, but was still able to access ours. Later the same day, a client who brought his own lap top to the office was also able to do this. How can I make our network a secure network?
Reply With Quote Quick reply to this message

 
Old 02-16-2008, 09:04 PM
 
3,469 posts, read 3,766,433 times
Reputation: 4409
Quote:
Originally Posted by poconoproud View Post
We just moved into a new office, and set up our com****rs. My husband has a laptop and we have wireless network. Yesterday, our neighbor in the office next door told us that he lost his one day, but was still able to access ours. Later the same day, a client who brought his own lap top to the office was also able to do this. How can I make our network a secure network?
I was going to type out an answer, but decided to link to this article instead. (http://www.dummies.com/WileyCDA/DummiesArticle/id-2638,subcat-NETWORKING.html?print=true - broken link)

It will help you hide your network from everyone but your own machines.

* It's on the "...for Dummies" site, but I am in no way implying your a dummy. It's the first hit I got on google, that's all.
Reply With Quote Quick reply to this message
 
Old 02-16-2008, 11:33 PM
 
Location: Hillsborough, NJ
514 posts, read 1,513,025 times
Reputation: 392
If your router and wireless card have WPA or WPA2 security settings I would suggest using them over WEP. Also use MAC Addressing , it will only permit connections from computers that have addresses listed.
Reply With Quote Quick reply to this message
 
Old 02-17-2008, 08:21 AM
 
783 posts, read 2,376,101 times
Reputation: 336
I believe the best is MAC address filtration. WEP & WPA/2 would not work with everything such as some smart phones and pdas.

Who wants to remember all those characters per key.
Reply With Quote Quick reply to this message
 
Old 02-17-2008, 09:31 AM
 
Location: HoCo, MD
4,715 posts, read 8,288,482 times
Reputation: 5315
Ideally, you want to apply security in layers. This includes good "practice"....

When you say office... you talking about your home office? Or a business? Your security posture can be very different depending on what you're trying to protect.

That article is a good start, but its a bit outdated, you definitely want to use WPA2. WEP is pretty much useless today. There are a ton of resources on this subject - but the few things to lock down include:
Change the admin password for your wireless AP or router. Its amazing how many people do not do this.
Changing the SSID from the default, and prevent it from being broadcasted (albeit you are still visible form someone that is actively scanning networks). And I would also make the SSID something non-descriptive. As I said, if I'm using a scanner, I'll still see your network (it'll just say its a closed network). But if you advertise your company or your name... it will give me more info. So avoid "poconoprouds_wireless".

Encrypt your transmission by configuring WEP2 using PSK/AES if a home network. Use a non-dictionary alphanumeric text string with special characters. You also want to change it periodically - yea, it sounds like a pain, but how many laptops are we talking about? 3? 5?. You can make it easier by creating the key on your computer on a text file, and copy it onto a thumbdrive. Than just take it around to your laptops and change the key every 90 days or so by copying and paste. It'll take 1 minute per laptop... I think that's okay compared to the risk of having someone hijacking your link. Trust me, WEP2 is strong... but it can still be broken.. especially if the passphrase is weak.

Enable MAC filtering. This will only allow those systems with the MAC address listed to access your wireless network.

You can also do a gazillion more things... ACLs, segmentation, enterprise authentication etc... but the ones above are pretty much what most do for home or small group based wireless networks.

Wi-fi planet is a good resource for research. Google is also great place to start. And I'm sure you'll get many more suggestions on here.

EDIT: Oops, forgot to mention, "good practice"... this is the non-technical stuff you ought to do. i.e. continue to be careful with where you surf, the part about changing passwords, using anti-virus etc.... It irks me how some folks don't follow common sense when using computers. And most of the time, the non-technical stuff is what gets folks in trouble.

Last edited by macroy; 02-17-2008 at 09:39 AM..
Reply With Quote Quick reply to this message
 
Old 02-17-2008, 11:50 AM
 
Location: Pocono Mts.
9,483 posts, read 11,066,766 times
Reputation: 11416
Quote:
Originally Posted by macroy View Post
Ideally, you want to apply security in layers. This includes good "practice"....

When you say office... you talking about your home office? Or a business? Your security posture can be very different depending on what you're trying to protect.


That article is a good start, but its a bit outdated, you definitely want to use WPA2. WEP is pretty much useless today. There are a ton of resources on this subject - but the few things to lock down include:
Change the admin password for your wireless AP or router. Its amazing how many people do not do this.
Changing the SSID from the default, and prevent it from being broadcasted (albeit you are still visible form someone that is actively scanning networks). And I would also make the SSID something non-descriptive. As I said, if I'm using a scanner, I'll still see your network (it'll just say its a closed network). But if you advertise your company or your name... it will give me more info. So avoid "poconoprouds_wireless".
Encrypt your transmission by configuring WEP2 using PSK/AES if a home network. Use a non-dictionary alphanumeric text string with special characters. You also want to change it periodically - yea, it sounds like a pain, but how many laptops are we talking about? 3? 5?. You can make it easier by creating the key on your computer on a text file, and copy it onto a thumbdrive. Than just take it around to your laptops and change the key every 90 days or so by copying and paste. It'll take 1 minute per laptop... I think that's okay compared to the risk of having someone hijacking your link. Trust me, WEP2 is strong... but it can still be broken.. especially if the passphrase is weak.
Enable MAC filtering. This will only allow those systems with the MAC address listed to access your wireless network.
You can also do a gazillion more things... ACLs, segmentation, enterprise authentication etc... but the ones above are pretty much what most do for home or small group based wireless networks.

Wi-fi planet is a good resource for research. Google is also great place to start. And I'm sure you'll get many more suggestions on here.

EDIT: Oops, forgot to mention, "good practice"... this is the non-technical stuff you ought to do. i.e. continue to be careful with where you surf, the part about changing passwords, using anti-virus etc.... It irks me how some folks don't follow common sense when using computers. And most of the time, the non-technical stuff is what gets folks in trouble.
I appreciate the help! Can you come do all that for me?! I think I should hire someone, because most of that was Greek to me!
Reply With Quote Quick reply to this message
 
Old 02-17-2008, 11:51 AM
 
Location: Pocono Mts.
9,483 posts, read 11,066,766 times
Reputation: 11416
Thanks posters, It looks as though I need to be more web savvy!
Reply With Quote Quick reply to this message
 
Old 02-17-2008, 12:13 PM
 
Location: HoCo, MD
4,715 posts, read 8,288,482 times
Reputation: 5315
Quote:
Originally Posted by poconoproud View Post
I appreciate the help! Can you come do all that for me?! I think I should hire someone, because most of that was Greek to me!
hehe. Sorry. My point wasn't to confuse you. But I was trying to provide what needs to be done... not really "how" to do it (wow... my consulting past is reappearing).

Its really not that hard to be honest, but, I'd be happy to help if you like. Just PM me. Just don't expect real time customer service ;-). I'll try and create a list for you.
Reply With Quote Quick reply to this message
 
Old 02-20-2008, 12:07 AM
 
Location: Seattle, WA
1,368 posts, read 6,029,829 times
Reputation: 542
Quote:
Originally Posted by Machinist View Post
If your router and wireless card have WPA or WPA2 security settings I would suggest using them over WEP. Also use MAC Addressing , it will only permit connections from computers that have addresses listed.
WPA and WPA2 do NOT encrypt traffic. WEP does. Thus, you'll want to use WEP in a business setting, or any setting where economic data may be transferred.

Quote:
Originally Posted by macroy View Post
Ideally, you want to apply security in layers. This includes good "practice"....

When you say office... you talking about your home office? Or a business? Your security posture can be very different depending on what you're trying to protect.


That article is a good start, but its a bit outdated, you definitely want to use WPA2. WEP is pretty much useless today. There are a ton of resources on this subject - but the few things to lock down include:
Change the admin password for your wireless AP or router. Its amazing how many people do not do this.
Changing the SSID from the default, and prevent it from being broadcasted (albeit you are still visible form someone that is actively scanning networks). And I would also make the SSID something non-descriptive. As I said, if I'm using a scanner, I'll still see your network (it'll just say its a closed network). But if you advertise your company or your name... it will give me more info. So avoid "poconoprouds_wireless".
Encrypt your transmission by configuring WEP2 using PSK/AES if a home network. Use a non-dictionary alphanumeric text string with special characters. You also want to change it periodically - yea, it sounds like a pain, but how many laptops are we talking about? 3? 5?. You can make it easier by creating the key on your computer on a text file, and copy it onto a thumbdrive. Than just take it around to your laptops and change the key every 90 days or so by copying and paste. It'll take 1 minute per laptop... I think that's okay compared to the risk of having someone hijacking your link. Trust me, WEP2 is strong... but it can still be broken.. especially if the passphrase is weak.
Enable MAC filtering. This will only allow those systems with the MAC address listed to access your wireless network.
You can also do a gazillion more things... ACLs, segmentation, enterprise authentication etc... but the ones above are pretty much what most do for home or small group based wireless networks.

Wi-fi planet is a good resource for research. Google is also great place to start. And I'm sure you'll get many more suggestions on here.

EDIT: Oops, forgot to mention, "good practice"... this is the non-technical stuff you ought to do. i.e. continue to be careful with where you surf, the part about changing passwords, using anti-virus etc.... It irks me how some folks don't follow common sense when using computers. And most of the time, the non-technical stuff is what gets folks in trouble.
I bolded the items I believe are the most important.

YES WPA2 is harder to crack. But, doesn't encrypt data, and thats more important IMO. Since really, if someone wants to crack it, they will.

Most routers and cards allow passphrase WEP key creation. that can make the process of creating a 64character key a lot easier. And again, save in a text file, put on a thumbdrive and keep in a secure location.


Some things that are also important:
Make sure the admin password is set to something with 3 of the 4 following items:
-Special character !@#$%^&*()_+=-~`, etc.
-UPPER CASE
-LOWER CASE
-Number (0-9)

and is at LEAST 6 characters long, but preferably longer. To illustrate, how simple this can be... i had an HP XE783 pc at one point, which I changed to the password: x4l&%0

by keeping the X, not sure my cause on the 4. The l comes from an upper case L is like an upside down, backwards 7. And the & looks like an 8, and the % sign again baffles me now, and I added a 0 for good measure.


Take something simple to you, something you'll remember... and then modify it in such a way so that it can't be guessed. the more characters, and the longer the password and more complex, the less likely someone will be able to hack it.


Make sure your individual user passwords are also set to something also cryptic. You can write these down and store them, but put them in a locked location NOT at the PC. (sticky notes on the monitor=VERY BAD)
Reply With Quote Quick reply to this message
 
Old 02-20-2008, 10:55 AM
 
Location: Mableton, GA USA (NW Atlanta suburb, 4 miles OTP)
11,319 posts, read 22,817,129 times
Reputation: 3896
Quote:
Originally Posted by Radek View Post
WPA and WPA2 do NOT encrypt traffic. WEP does. Thus, you'll want to use WEP in a business setting, or any setting where economic data may be transferred.
That's certainly not my understanding. Both WPA and WPA2 provide strong encryption for all transmitted data according to most of the web sites (broken link) and other online sources that I can find.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Follow City-Data.com founder on our Forum or

All times are GMT -6.

© 2005-2020, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top