Ramblings of an old Doc
"Let's be safe out there!"
Published on January 9, 2011 By DrJBHL In Personal Computing

 

 

How secure is your wireless network?

Are your neighbors eavesdropping on your Internet connection (are you sure)?

Have you ever used your laptop or netbook to connect to an unknown network in order to get on
the Internet?

If you've answered "Yes" to any of these questions, you are putting
yourself at a huge security risk. So, what steps can you take to
better protect yourself, your personal information, and your PC?

Here's a list of 10 things you need to know about Wireless Internet
and Security when it comes to using your Windows PC:

1. Never, ever connect to an unencrypted, or unsecured network.

When viewing the list of available networks in MS Windows, encrypted
and secure networks have padlocks as their icon or will specifically
state "Secure" or "Unsecured". By connecting to an unsecured network,
it's possible for just about anyone (hackers included) to connect
directly to your computer and take your files, financial information,
sniff passwords, install a Trojan, or worse. The ability to do any of
the previously mentioned tasks depends on a number of factors: some of
which will be explained below.

2. Always use a software Firewall when connecting to any network
(wireless or wired).

In short, firewalls block non-legitimate outside traffic from getting
into your PC. Windows XP Service Pack 2, Windows Vista, and Windows 7
come pre-configured to use the Windows Firewall which is accessible
though the Control Panel and may or may not be turned on by default.
If you don't have a firewall, you can download one for free (for
personal use): Comodo firewall.

3. Turn off or disable your WiFi when you're not using it.

Disabling your WiFi may be as easy as flicking on / off a "WiFi"
switch on your laptop or netbook. If you can't find that switch, you
can disable wireless networks through the Windows Control Panel. To
find out how, search Google for "disable wireless network" plus
"Windows XP" or whatever version of Windows you're using, for example.

4. Verify the the Network Name (SSID) you're connecting to.

Hackers can and will set up wireless hotspots alongside legitimate
WiFi networks to fool you into clicking on their rogue wireless
network. If you don't pay attention to which network you're connecting
to, you're essentially giving the malicious network (and anyone
connected to the malicious network) access to anything you transmit to
and from your PC.

5. Disable Windows Print and File Sharing.

If your PC is set up to share files and you connect to an unsecured
network, anyone can get straight into your computer and obtain your
files. For more information, refer to this Microsoft Security
bulletin: http://support.microsoft.com/kb/199346

6. Keep your operating system (MS Windows) up to date.

If you don't keep your operating system up to date, your computer essentially has
gaping security holes that can allow anyone from the outside in and
with (most of the time) 100% administration rights to do what they
please. Also remember, the hackers will find holes faster than they can be patched.

In short, Vulnerabilities and exploits are used by hackers and
malicious websites, which can supersede the protection of a firewall
or antivirus / anti-malware protection. To avoid these pitfalls, you must install updates regularly on your PC.

Also, look into Mamutu from Emisoft. A preventive, no “signature” requiring anti-everything.

7. Install Windows XP SP3 if you haven't already.

Microsoft recommends that all Windows XP users should have at least
Windows Service Pack 3 installed when connecting to a WiFi network.
This is because older versions of the Windows XP operating system (OS)
will initialize an ad-hoc network with the same title as the last one
to which it made a successful connection. In this case, if the network
you tried to connect to was malicious, the name not only stays in the
list of available networks, but spreads every time a new person
connects to your PC.

8. Secure your own WiFi Network: using encryption.

If you're not using encryption on your own home connection, you're
allowing anyone and everyone in your area free access to your network
(and possibly files), plus your Internet access. For more information
on how to encrypt your wireless network, contact your Internet
provider.

9. Secure your own WiFi Network: using a strong password.

With respect to #8 above, use a strong security password when your
encrypting your network. If your network password is easy to guess,
almost anyone can get in. Read more about password strength HERE.

10. Secure your own WiFi Network: by not broadcasting your SSID.

SSID stands for "Service Set Identifier," and is the name of your home
network (used by your router) which supplies the WiFi signal. If
outside people can't see your SSID, it lessens (but does not
completely limit) the chance that they can connect to your network.

Hope this was helpful. Let me know your thoughts!


Comments
on Jan 09, 2011

Great post Doc!  Don't forget to configure the hardware firewall to your liking in your wireless router too.  Most routers are equipped with one.

on Jan 09, 2011

Great. Just did it. Living room's a cinder. Now what?  JK

Thanks for the feedback!

 

on Jan 09, 2011

Good post, Doc.

You can go one step further and use MAC filtering on the router to restrict access to your home WiFi to only those computers and devices you explicitly permit.  From what I understand, this is not foolproof, either (is anything?), but it adds one more layer of protection that the hackers have to get around and anything that adds to the burden of break-in lowers your risk - they tend to go for the lower hanging fruit.  Encryption, a strong password, MAC filtering and turning off SSID broadcast is about as much as you can do.

None of that stops Google, of course. 

on Jan 09, 2011

I believe Tom was referring to that in his reply, but thanks!

None of that stops Google, of course.

Check out that black van just outside your house, Daiwa.

on Jan 09, 2011

Can't risk peeking around the blackout curtains during the day.  Tonight - with my night vision goggles, after I crawl up the chimney to the observation post.

on Jan 09, 2011

You can also stay off the internet............oh wait, sort of defeats the purpose of having a computer pretty much doesn't it. 

on Jan 09, 2011

Well, that and you can run as a restricted user.  But that would be no fun.

Cops & Robbers.  Been playing since I was 3 or 4.

on Jan 09, 2011

 

It should be noted that WiFi (due to the nature of broadcasting info) cannot truly be secured.  For instance, the "not broadcasting of your SSID" will only prevent your joe-neighbor old lady from connecting as any 15yr old kid with Aircrack/Airsnort or other programs like them will have your hidden SSID revealed in literally 10 seconds.

It is also worth noting that any security LESS than WPA2 is *almost* entirely worthless as well.  I've seen programs make short work of the "encryption" used on any WEP (WEP is usually cracked in a matter of seconds) and even the first iteration of WPA within minutes sometimes (WPA can take several hours if not days to crack depending on the complexity of the passphrase).

The reason these networks get cracked so easily is because your encrypted passphrase is constantly (at the beacon interval) being transmitted between router and PC and WEP and first-generation WPA are antiquated encryption already.  So your neighborhood 15yr old just needs to "sniff" your traffic for a day or two to capture a million packets or so and then.....voila......cracked network.  As I said, WEP is entirely useless protection, WPA is somewhat less useless.....and really only WPA2 is of any benefit at all these days.

MAC address-based access protection/prevention is also useless against anyone with a basic knowledge of networking because once they've captured a few of your data packets (ie. the next time you connect to your WiFi network) they know what the MAC address of your PC is and can then "spoof" same essentially impersonating your PC on your own network.

Of course, these are all things that could happen to your WiFi setup.  But being the "doom-sayer" around here I'm just saying, that I personally don't believe secure-WiFi exists.

I like cables......my wife might hate them......I love them! 

on Jan 09, 2011

True enough - WPA2 minimum.  Cables and routine use of user-level credentials are even better security options.  But then, there's life.

on Jan 09, 2011

You can also stay off the internet............oh wait, sort of defeats the purpose of having a computer pretty much doesn't it.

What Philly said...

on Jan 09, 2011

I agree 100% with everything said, except for the part on windows updates.  I've had my hard drive get permanently corrupted beyond repair after installing one in February-March 2010.  After while (too late for some), it was known to be a "glitched" update that completely broke literally thousands of computers, many of which belonged to engineers and others who knew what they were doing.  Wasn't the first time this happened, and won't be the last.  Some claim it's best to avoid them all together.

 

Either way, always back-up your important files (especially before any windows updates), and carefully choose which updates to install; even when it seems best to install everything Microsoft suggests.  Even the vital security updates could have very unwanted consequences.

on Jan 10, 2011

the_Monk
 

It should be noted that WiFi (due to the nature of broadcasting info) cannot truly be secured.  For instance, the "not broadcasting of your SSID" will only prevent your joe-neighbor old lady from connecting as any 15yr old kid with Aircrack/Airsnort or other programs like them will have your hidden SSID revealed in literally 10 seconds.

Beat me to it!  I was actually going to say InSSIDer, but any of those sniffers work.

the_Monk
MAC address-based access protection/prevention is also useless against anyone with a basic knowledge of networking because once they've captured a few of your data packets (ie. the next time you connect to your WiFi network) they know what the MAC address of your PC is and can then "spoof" same essentially impersonating your PC on your own network.

Yep!  if they know enough to sniff, they know enough to get the MAC address as well.

the_Monk
Of course, these are all things that could happen to your WiFi setup.  But being the "doom-sayer" around here I'm just saying, that I personally don't believe secure-WiFi exists.

I like cables......my wife might hate them......I love them! 

Doom-sayers are needed!  That being said, I agree with you - except.....

All these damn devices now that you can connect only using WiFi!  Just do not use them for anything other than browsing.  I set up a new NookBook (WiFi only) and the CC that I used was hijacked within minutes! (this was on my home WiFi).  fortunately I used my most secure card and they notified me immediately and canceled the card.

I will still use the Nook for reading PDFs, but I sure as hell am not going to buy any books for it!