安装家庭无线网络并与邻居共享
There are many informational sites on the Internet that give you all sorts of information about wireless networks and securing them. Unfortunately, for the most part these sites are written by technical people from a technical point of view. In this article you will most definitely find technical information. Our objective however is to provide you with information in terms that everyone can understand and put into practical use.Wireless Network Protection
There are many reasons why you may want to install a wireless network at your home or office. Some people just like the freedom that wireless networking provides. If you use a laptop, being able to move from the office, to the family room, to the deck is a unshackling experience. Others turn to wireless networking to overcome obstacles like structural challenges. In many older homes and offices the walls are not so easy to run network cables in. Even if you are able to run network cables in your home or small office there is the cost of doing so. Usually many times more expensive than installing a wireless network. Then there are those, like many of us (like me), who absolutely must have the latest and greatest gadgets on the market.
Most home wireless network devices work the same way and provide similar functionality. Because of the shear size of the home computer user market the manufacturers of these devices understand that their products must be easy to install. Otherwise many people would never purchase them. The result, easy to install home wireless systems that work as advertised (for the most part) but can leave you and your computers at risk! It's not that these devices can't be setup securely or secure enough to protect you from a majority of the risks. The problem is the moment you try to configure these security settings problems can occur (and do occur in many cases).
One thing I want to point out is that securing you computer network (wireless or not) is more about creating deterrence than trying to obtain 100% protection (which you most likely will never achieve). It's really about making yourself as little target as possible. For instance, many people will pull up to a gas station and leave their car doors unlocked while they run into the mini-mart. But how many people do you know that actually leave the car running with the keys in the ignition while they run into the store! Which car is the most likely target of opportunity for a car thief. Same thing applies with wireless networks. Take as many steps as possible to reduce the risks.
Wireless Router Firmware / Software Upgrades
There are several key configuration components that you need to keep in mind when you are installing your wireless network devices. A few of these you rarely here people discuss.
By the time you and I purchase our wireless device it could have been manufactured weeks or months before. During this time the manufacturers may release what is called "Firmware" or "Operating System" upgrades which typically contain feature enhancements and in many cases fix security problems. It is very important that your device run the most recent available Firmware. Most wireless network devices are accessed and setup by using your web browser on your computer. Once you connect to your device using the browser you can locate the Firmware version the devices is currently running, then go to the manufactures website and look to see if a newer version is available. The process of performing this upgrade is pretty straight forward. It typically involves downloading the Firmware package and installing it to the device using a menu driven process via the web browser attached to you wireless device. This is one of the easier steps of making sure your wireless network is secure.
Passwords For a Wireless Device
Another step that is rather easy to do but critically important is changing the default password of your wireless network device. Most manufactures use a default login ID such as "admin" and a password like "1234" or "admin" or may be blank. Some of the devices don't actually use a user ID and only have a password. But again, these default passwords are well known to anyone who can download the manual from the manufacturers website. Passwords are a pet peeve of mine and are one of the most important pieces of setting up a secure network. The steps to change the passwords on these devices are typically straight forward and performed through the browser connection to the wireless device. Make sure the password you assign is complex, containing both letters and numbers such as "s3c41t3" and is kept secret.
Restrict Access to Your Wireless Device
All network cards, wired and wireless, have a unique identifier called a MAC (or Physical) address. For wireless cards that you insert into PCMCIA slots in laptops or are external such as wireless cards connected to your computer with a USB cable, this identifier number is usually printed on it and looks like this "00:02:2F:82:0B:9F". Sometimes they do not have the ":" between the characters or there may be "-" instead of ":". A portion of this number is actually used to identify the manufacturer of the wireless card. Another portion is intended to be completely unique for every card.
Most wireless Access Points allow you to filter for these addresses. This gives you the ability to only allow wireless cards with specific MAC addresses to connect to your wireless network. You record the MAC address for each computer you want to allow to connect to your wireless network and enter them in a special area in your wireless Access Point. This prevents (or makes it very difficult) for any computer with a MAC address that is not listed on your Access Point from connecting to your network. If you are not able to locate the printed MAC address on your wireless card because it is internal we will show you how to find it later in this article by typing just a few commands.
Reduce IP Addresses
Without an IP address, a unique communication address similar to "192.168.0.55", your computer would not be able to communicate on the Internet. If you are running certain Microsoft Operating Systems, like Windows XP, the Operating System can automatically assign you an IP address if there is not what is called a Dynamic Host Control Protocol (DHCP) server available. Most Cable/DSL routers or Wireless routers have DHCP servers built in and enabled by default. When you connect your computer or computers to your home network they will search for a DHCP server and once located the DHCP server will assign a unique IP address to your computer. Now, if all is configured well, you will be able to communicate with your other computers and the Internet. The actual process of communicating with the Internet is a little more complex than this but that is for another article.
So, now that your computer or computers have received their IP addresses and all is going well, how many IP address do you need? Do you have one computer, three computers, or maybe you have wireless or network printers too? Let's assume that you have two computers and a wireless printer that you share. That means the computers on your wireless or wired network need a total of three IP addresses. The wireless or wired Cable/DSL router also needs an IP address on your network so that brings the total addresses needed to four.
Now to the wireless network security part. By default, how many IP addresses is your Access Points DHCP server configured to hand out? In many cases this could be 32, 50, or 100 IP addresses. Why would you need that many addresses given the fact that you have only four systems that need IP addresses? Well, in reality, you don't and from a security perspective you should not. If you know that for the most part you will only need four addresses you can change this setting in your Wireless or Cable/DSL router.
What is the benefit of changing this setting. Well, if you only have four systems that need IP addresses and configure you Wireless router to only give out three or four addresses it makes it very difficult for someone outside your network or home to receive an DHCP assigned IP address because you are using them all. Down the road, if you have another wireless computer, say you purchase another laptop for one of your kids, you can go back into the Wireless router and bump the number up by one.
So, configuring your Wireless routers password, MAC address filtering, and lowering the total number of IP addresses available has you on the right track for wireless security.
Broadcasting Your Wireless Network
If you look at the graphic on the left side of the top of this page you will see the names of three wireless networks - testnet, linksys, and FLT1. All wireless networks need to have a name in order to differentiate themselves from another. The technical name for this is the "Service Set Identifier" or (SSID). Although this is a necessity there are a couple of problems with this.
Many Wireless Access Points from the same manufacturer come preconfigured with the same SSID name. For instance, you, and your two next door neighbors could have the same SSID like "linksys". If none of these wireless networks are configured for security and are in a wide open state it is possible that you or your neighbors are using each others wireless network. Sounds weird, but I have seen it happen many of times. So one of the first things you want to do is change the SSID of your wireless network. Make it something unique for your network. This in itself is not going to secure your SSID as your next door neighbors can browse for wireless networks and may in fact see your new name.
The fact that your SSID is broadcast posses a bit of a security problem. One of the reasons for the open broadcast of the SSID is so you can locate your wireless network easily. If it were not broadcast you would never be able to see it in order to join the wireless network (in most cases). However, if after your initial configuration using the default SSID, such as linksys, you change the name and turn off the broadcast of the SSID, you obtain another level of security. Once you turn this off, you must remember the name of the SSID, or your wireless network name, in order to join the network. The majority of Wireless Access Points give you the opportunity to change the name and disable the broadcast of your SSID. Once you have done this you configure you wireless network client on your computer to manually join the network using the SSID you came up with and changed on the Wireless Access Point. This procedure can be a bit challenging the first time through.
Encrypt Your Wireless Communication
Ok, at this point you have done the following:
Updated the Firmware / Operating System of your Wireless Access Point (If necessary)
Changed the password on your Wireless Access Point to something unique
Configured MAC address filtering on your Wireless Access Point
Reduced the number of IP addresses available through DHCP
Changed the name and turned off broadcast of your Wireless Access Points SSID (Network Name)
So what else can you do?
Well, have you ever been on one of your cordless phones at home and all of a sudden heard the voice or conversation of someone else (Maybe a neighbor). This use to happen quite often years ago when cordless phones were relatively new. It does still happen even though the technology of cordless phones has improved.
Your wireless network communicates in much the same manner. If your Wireless network is configured with little to no security it is possible for someone to listen in on or see pretty much everything you are doing. This can include but is not limited too:
What websites you visit
The documents you are working on
What user-id's and passwords you use
pretty much anything that you are doing over your wireless network. What's worse is many of the programs used to do this are available for free on the Internet. Not only available but rather easy to install, configure, and use.
To decrease the likelihood that your wireless communications and the information that travels across it are secure you need to configure encryption. Out of all of the steps you can take to secure your wireless network this is by far the most difficult and complex.
Before we go on I must let you know that this is not a full-proof procedure as there are tools available to crack the encrypted data. Remember, part of what we are trying to do is create a deterrence and make you a less appealing target. A wireless network with many of the steps above configured and configured with encryption is not an easy target. Especially when your neighbors or others in the area have wide open wireless networks.
In a nutshell, performing some of all of the steps above will give you different levels of security when it comes to your Wireless network. Our objective in this article was to try and give you basic information about securing you Wireless network.
[url]http://www.defendingthenet.com/WirelessNetworkSecurity.htm[/url]
About Darren Miller
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for [url]www.defendingthenet.com[/url] and several other e-zines. If you would like to contact Darren you can e-mail him at [email]Darren.Miller@ParaLogic.Net[/email] or [email]DefendTheNet@ParaLogic.Net[/email]. If you would like to know more about computer security please visit us at [url]http://www.defendingthenet.com.[/url]
页:
[1]