Things you should be looking at.

Saturday, September 23, 2006

Ask David: Wireless Connection Sharing and Security

My friend Steve writes:

My daughter Nicole, down in Brooklyn, has a laptop with wireless capability. Her neighbors downstairs just installed wireless service and Nicole would like to use it. What are the security features she should know initiate in order to protect her computer. I know she should create an administrator password and one for her user name. But what else? And how. Firewall? Encryption? It's running XP.

First, we'll presume that Nicole's neighbors have given their explicit permission for Nicole to use their connection. We actually shared a connection with our (awesome) downstairs neighbors when we lived in Saint Paul. We split the monthly cost, and that worked out okay- mostly because our neighbors were incredibly lovely people. But using someone's connection without their consent isn't nice, even though the legality of the activity is still being decided in many jurisdictions. There is a whole culture that has grown around the activity, though. For more information see this wikipedia entry about Wardriving.

Next, be aware of the courtesy required by sharing a connection. I learned that some online activities suck up a lot of bandwidth and can make things quite slow for others on the same connection. So if you're doing something that's very bandwidth-intensive (like file sharing), schedule it to run in the wee hours of night and morning when the connection isn't going to be used by others.

If the neighbors own the account with the service and own the router that broadcasts the wireless signal, there are things that they need to do to protect themselves and Nicole.

  • First, they need to set a password for access to their router. Most seem to come out of the box set for open access, or have a really lame default password like "password" or "administrator." A user must set a proper password in order to prevent anyone who can detect the wireless signal from changing the router's settings. The instructions for how to do this should have come with the router's packaging or digitally with the install CD that came with their router. If they have misplaced these instructions, instructions can usually be found online with a search engine, or go to the web site of the router's manufacturer, go to their Support section, and look for documentation on the router's make and model.
  • Second, they need to turn on whatever wireless security settings their router supports- this will likely be WEP, WPA, or WPA2. WPA2 and WPA are more secure and preferable to WEP, but if neither of those is available, WEP is better than nothing. 128 bit is better than 64 bit. Using this security will mean that they will need to give Nicole a very long sort of password that she should only have to enter into her laptop once.
  • Third, they need to turn off the broadcasting of their wireless router's SSID. SSID is "Service Set IDentifier." Broadcasting this makes the network easier to find for legitimate users AND for illegitimate users. If the broadcasting of this SSID is turned off, it is a little bit harder for ne'er-do-wells to find the signal. The skilled wardriver with the right tools can still sniff it out, but making it invisible to the more casual hacker is still a good idea. It also doesn't hurt to change the SSID from its default value to something unique that couldn't be guessed.
  • Fourth, they should disable remote administration on the wireless router so that only the computer that is directly hooked up to adminster the router can get in and make changes to it. This is often disabled by default on new routers right out of the box, but they should check and make sure.

Nicole only needs to do a couple of things.

  • First, she must turn off file sharing on her computer. Windows XP has file sharing turned on by default, and she doesn't want anyone (even her friendly downstairs neighbors accessing any information on her computer. To do this:
    • Click the START button
    • Right-click on My Network Places, choose Properties
    • Find the network card (probably will say "Local Area Connection"). Right-click on this, select Properties.
    • In the General tab, uncheck "File and Printer Sharing for Microsoft Networks."
  • Second, she needs to enter the WPA or WEP authentication info into her laptop. She should also write it down somewhere secure. If her computer crashes and she has to reinstall XP, she can just re-enter the key instead of having to bug her neighbors for it again.

That's about as much as I know. If you need to know more, these links have pretty good information:

Tom's Networking: Wireless Security FAQ
Pain in the Tech: 5-Minute Wireless Network Security for your Home

By the way- this entry was written and posted using the Windows Live Writer (Beta). I really hope it looks good on the blog, because this is a much nicer editor than the web-based one in blogger/blogspot. Unfortunately, I still have to come to blogger to do the Word Verification. :p

No comments: