WLAN security concerns

Hi group,

I just set up a home wireless network (first time) and in the process
some security questions came up.

I am using a 2wire gateway provided by AT&T. It has a firewall internal,
and all 3 of my machines have windows firewall functional. In order to
make the wireless connection, I was required to enter the Passkey number
from the gateway, but I was given the choice to connect to 2 other
networks which I assume belonged to neighbors. The signals were weak,
but I tried one and was able to piggyback to the 'net with no problem.
My question is, how do I know that the neighbors are not able to connect
to my network? Should I care? Would they be able to hack into my
machines, and if so what should I do about it?

Dave T.

Dave T. wrote:

> Hi group,
>
> I just set up a home wireless network (first time) and in the process
> some security questions came up.
>
> I am using a 2wire gateway provided by AT&T. It has a firewall internal,
> and all 3 of my machines have windows firewall functional. In order to
> make the wireless connection, I was required to enter the Passkey number
> from the gateway, but I was given the choice to connect to 2 other
> networks which I assume belonged to neighbors. The signals were weak,
> but I tried one and was able to piggyback to the 'net with no problem.
> My question is, how do I know that the neighbors are not able to connect
> to my network? Should I care? Would they be able to hack into my
> machines, and if so what should I do about it?

Good question, Dave T. Wireless is in the air and if you don't properly
secure your wireless network, then someone sitting outside your house (or in
your neighbor's house) can use your network and its bandwidth and get into
your computers.

Here is general information about setting up a wireless network securely:

Have a computer connected to the router with an ethernet cable. Examples
given are for a Linksys router. Refer to your router manual or the router
mftr.'s website for default settings if you don't have a Linksys. Open a
browser such as Internet Explorer or Firefox and in the addressbar type:

http://192.168.1.1 [enter] (this is the router's default IP address, which
varies from router to router so check your manual)

This will bring you to router's login screen. The default username is left
blank and the Linksys default password is "admin" without the quotes. Enter
that information. You are now in the router's configuration utility. Your
configuration utility may differ slightly from mine. The first thing to do is
change the default password because *everyone* knows the default passwords
for various routers.

Click on the Administration link at the top of the page. Enter your new
password. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT. Re-enter the
password to confirm it and click the Save Settings button at the bottom of
the page. The router will restart and present you with the login box again.
Leave the username blank and put in your new password to get back into the
configuration utility.

Now click on the Wireless link at the top of the page. Change the Wireless
Network Name (SSID) from the default to something you will recognize. I
suggest that my clients not use their family name as the SSID. For example,
you might wish to name your wireless network "CastleAnthrax" or the like.
;-)

Click the Save Settings and when you get the prompt that your changes were
successful, click on the Wireless Security link which is right next to the
Basic Wireless Settings link (where you changed your SSID). Most computers
purchased within the last 4 years have wireless hardware that will support
WPA2-Personal (also called WPA2-PSK). This is the encryption level you want.
If your wireless hardware is older, use WPA. Do not use WEP as that is
easily cracked within minutes. So go ahead and set the Security Mode to
WPA2-Personal. Do that and enter a passphrase. For example, you might use
the passphrase, "Here be dragons, beware you scurvy dogs!". The passphrase
is what you will enter on any computers that are allowed to connect to the
wireless network. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT.

At this point, your router is configured and if the computer you were using
to configure the router is normally going to connect wirelessly, disconnect
the ethernet cable and the computer's wireless feature should see your new
network. Enter the passphrase you created (exactly as you wrote it with all
capitalization and punctuation) to join the network and start surfing.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Malke wrote:
> Dave T. wrote:
>
>> Hi group,
>>
>> I just set up a home wireless network (first time) and in the process
>> some security questions came up.
>>
>> I am using a 2wire gateway provided by AT&T. It has a firewall internal,
>> and all 3 of my machines have windows firewall functional. In order to
>> make the wireless connection, I was required to enter the Passkey number
>> from the gateway, but I was given the choice to connect to 2 other
>> networks which I assume belonged to neighbors. The signals were weak,
>> but I tried one and was able to piggyback to the 'net with no problem.
>> My question is, how do I know that the neighbors are not able to connect
>> to my network? Should I care? Would they be able to hack into my
>> machines, and if so what should I do about it?
>
> Good question, Dave T. Wireless is in the air and if you don't properly
> secure your wireless network, then someone sitting outside your house (or in
> your neighbor's house) can use your network and its bandwidth and get into
> your computers.
>
> Here is general information about setting up a wireless network securely:
>
> Have a computer connected to the router with an ethernet cable. Examples
> given are for a Linksys router. Refer to your router manual or the router
> mftr.'s website for default settings if you don't have a Linksys. Open a
> browser such as Internet Explorer or Firefox and in the addressbar type:
>
> http://192.168.1.1 [enter] (this is the router's default IP address, which
> varies from router to router so check your manual)
>
> This will bring you to router's login screen. The default username is left
> blank and the Linksys default password is "admin" without the quotes. Enter
> that information. You are now in the router's configuration utility. Your
> configuration utility may differ slightly from mine. The first thing to do is
> change the default password because *everyone* knows the default passwords
> for various routers.
>
> Click on the Administration link at the top of the page. Enter your new
> password. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT. Re-enter the
> password to confirm it and click the Save Settings button at the bottom of
> the page. The router will restart and present you with the login box again.
> Leave the username blank and put in your new password to get back into the
> configuration utility.
>
> Now click on the Wireless link at the top of the page. Change the Wireless
> Network Name (SSID) from the default to something you will recognize. I
> suggest that my clients not use their family name as the SSID. For example,
> you might wish to name your wireless network "CastleAnthrax" or the like.
> ;-)
>
> Click the Save Settings and when you get the prompt that your changes were
> successful, click on the Wireless Security link which is right next to the
> Basic Wireless Settings link (where you changed your SSID). Most computers
> purchased within the last 4 years have wireless hardware that will support
> WPA2-Personal (also called WPA2-PSK). This is the encryption level you want.
> If your wireless hardware is older, use WPA. Do not use WEP as that is
> easily cracked within minutes. So go ahead and set the Security Mode to
> WPA2-Personal. Do that and enter a passphrase. For example, you might use
> the passphrase, "Here be dragons, beware you scurvy dogs!". The passphrase
> is what you will enter on any computers that are allowed to connect to the
> wireless network. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT.
>
> At this point, your router is configured and if the computer you were using
> to configure the router is normally going to connect wirelessly, disconnect
> the ethernet cable and the computer's wireless feature should see your new
> network. Enter the passphrase you created (exactly as you wrote it with all
> capitalization and punctuation) to join the network and start surfing.
>
> Malke

Malke,

thanks for this. My router is not a linksys, its a 2wire but
configuration is similar enough that it was pretty easy to go through
it. It is pre-installed with a fairly hi bit strength password and the
config is such that I'm more confident now than I was. I tested it by
deleting the connection I had with my laptop, and tried to make a new
connection without the passkey and couldn't find a way to do it. I was,
of course, still able to see the 'net through my neighbors router. I
guess I will have to make the rounds to see who it is and let them know
that I don't need to pay my ISP anymore! 8>)
Thanks again,

Dave T.

Dave T. wrote:

> thanks for this. My router is not a linksys, its a 2wire but
> configuration is similar enough that it was pretty easy to go through
> it. It is pre-installed with a fairly hi bit strength password and the
> config is such that I'm more confident now than I was. I tested it by
> deleting the connection I had with my laptop, and tried to make a new
> connection without the passkey and couldn't find a way to do it. I was,
> of course, still able to see the 'net through my neighbors router. I
> guess I will have to make the rounds to see who it is and let them know
> that I don't need to pay my ISP anymore! 8>)
> Thanks again,

I'm glad that helped. And it would be a mitzvah (good deed) for you to pass
it on to your neighbors.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Hi
You can email them this too.
From the weakest to the strongest, Wireless security capacity is.
No Security
Switching Off SSID (same has No Security. SSID can be easily sniffed even if
it is Off)
MAC Filtering______(Band Aid if nothing else is available, MAC number can be
easily Spoofed).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
-------------------
The three above are Not considered safe.
Safe Starts here at WPA.
-------------------
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP bellow SP3 and did not updated it, you would have
to download the WPA2 patch from Microsoft.
<http://support.microsoft.com/kb/893357>
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).

"Dave T." <> wrote in message
news:h7uuq9$85d$...
> Malke wrote:
>> Dave T. wrote:
>>
>>> Hi group,
>>>
>>> I just set up a home wireless network (first time) and in the process
>>> some security questions came up.
>>>
>>> I am using a 2wire gateway provided by AT&T. It has a firewall internal,
>>> and all 3 of my machines have windows firewall functional. In order to
>>> make the wireless connection, I was required to enter the Passkey number
>>> from the gateway, but I was given the choice to connect to 2 other
>>> networks which I assume belonged to neighbors. The signals were weak,
>>> but I tried one and was able to piggyback to the 'net with no problem.
>>> My question is, how do I know that the neighbors are not able to connect
>>> to my network? Should I care? Would they be able to hack into my
>>> machines, and if so what should I do about it?
>>
>> Good question, Dave T. Wireless is in the air and if you don't properly
>> secure your wireless network, then someone sitting outside your house (or
>> in your neighbor's house) can use your network and its bandwidth and get
>> into your computers.
>>
>> Here is general information about setting up a wireless network securely:
>>
>> Have a computer connected to the router with an ethernet cable. Examples
>> given are for a Linksys router. Refer to your router manual or the router
>> mftr.'s website for default settings if you don't have a Linksys. Open a
>> browser such as Internet Explorer or Firefox and in the addressbar type:
>>
>> http://192.168.1.1 [enter] (this is the router's default IP address,
>> which varies from router to router so check your manual)
>>
>> This will bring you to router's login screen. The default username is
>> left blank and the Linksys default password is "admin" without the
>> quotes. Enter that information. You are now in the router's configuration
>> utility. Your configuration utility may differ slightly from mine. The
>> first thing to do is change the default password because *everyone* knows
>> the default passwords for various routers.
>>
>> Click on the Administration link at the top of the page. Enter your new
>> password. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT. Re-enter the
>> password to confirm it and click the Save Settings button at the bottom
>> of the page. The router will restart and present you with the login box
>> again. Leave the username blank and put in your new password to get back
>> into the configuration utility.
>>
>> Now click on the Wireless link at the top of the page. Change the
>> Wireless Network Name (SSID) from the default to something you will
>> recognize. I suggest that my clients not use their family name as the
>> SSID. For example, you might wish to name your wireless network
>> "CastleAnthrax" or the like. ;-)
>>
>> Click the Save Settings and when you get the prompt that your changes
>> were successful, click on the Wireless Security link which is right next
>> to the Basic Wireless Settings link (where you changed your SSID). Most
>> computers purchased within the last 4 years have wireless hardware that
>> will support WPA2-Personal (also called WPA2-PSK). This is the encryption
>> level you want. If your wireless hardware is older, use WPA. Do not use
>> WEP as that is easily cracked within minutes. So go ahead and set the
>> Security Mode to WPA2-Personal. Do that and enter a passphrase. For
>> example, you might use the passphrase, "Here be dragons, beware you
>> scurvy dogs!". The passphrase is what you will enter on any computers
>> that are allowed to connect to the wireless network. WRITE IT DOWN
>> SOMEWHERE YOU WILL NOT LOSE IT.
>>
>> At this point, your router is configured and if the computer you were
>> using to configure the router is normally going to connect wirelessly,
>> disconnect the ethernet cable and the computer's wireless feature should
>> see your new network. Enter the passphrase you created (exactly as you
>> wrote it with all capitalization and punctuation) to join the network and
>> start surfing.
>>
>> Malke
>
> Malke,
>
> thanks for this. My router is not a linksys, its a 2wire but configuration
> is similar enough that it was pretty easy to go through it. It is
> pre-installed with a fairly hi bit strength password and the config is
> such that I'm more confident now than I was. I tested it by deleting the
> connection I had with my laptop, and tried to make a new connection
> without the passkey and couldn't find a way to do it. I was, of course,
> still able to see the 'net through my neighbors router. I guess I will
> have to make the rounds to see who it is and let them know that I don't
> need to pay my ISP anymore! 8>)
> Thanks again,
>
> Dave T.