Download - Wireless Networks
Configuring your Home Configuring your Home Wireless NetworkWireless Network
Adapted from Presentation at APCUGBy Jay Ferron
ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM
Presented by Lou KochMarch 14, 2006
QuestionsQuestionsHow many of you have more than one computer How many of you have more than one computer at home?at home?How many of you connect to the Internet using How many of you connect to the Internet using broadband (Cable or DSL)broadband (Cable or DSL)How many already have a home router? How many already have a home router? Already have a wireless router?Already have a wireless router?
For those who have not already done so, we For those who have not already done so, we will show you how to install a WLAN tonight.will show you how to install a WLAN tonight.
More critically we will discuss ways to secure More critically we will discuss ways to secure your wireless networkyour wireless network
AgendaAgenda
Connecting things togetherConnecting things together
Home network - terminologyHome network - terminology
Security – Firewalls, Filtering, etcSecurity – Firewalls, Filtering, etc
Setting up a home routerSetting up a home router
Setting up Print and File SharingSetting up Print and File Sharing
QuestionsQuestions
Home NetworkHome Network
Internet – ISP Internet – ISP Wire to homeWire to home
ModemModem Translates electronic dataTranslates electronic data
RouterRouter Disperses electronic dataDisperses electronic data
Network AdaptorNetwork Adaptor Required for each ComputerRequired for each Computer Wired Wired
NIC (network interface card) NIC (network interface card) or ethernet cardor ethernet card
WirelessWirelessWireless AdaptorWireless Adaptor
NetworkNetwork One or more devices connected togetherOne or more devices connected together
To the Internet with a routerTo the Internet with a router
To each other in order to share Resources: To each other in order to share Resources: Internet ConnectionsInternet Connections
Sharing FilesSharing Files
Sharing PrintersSharing Printers
WAN, LAN, WLAN, PANWAN, LAN, WLAN, PANWAN – WAN – WWide ide AArea rea NNetwork … many computers, locationsetwork … many computers, locations
LAN – LAN – LLocal ocal AArea rea NNetwork … few computers, 1 locationetwork … few computers, 1 location
PAN – PAN – PPersonal ersonal AArea rea NNetwork … home networketwork … home network
WLAN – WLAN – WWireless ireless LLocal ocal AArea rea NNetworketwork
WirelessWireless
Wireless Networking StandardsWireless Networking Standards 802.11 a, b, and g 802.11 a, b, and g
configuration specifications to insure compatibility configuration specifications to insure compatibility Different speed/range capabilitiesDifferent speed/range capabilities
Equipment conforming to “g” is most popular/availableEquipment conforming to “g” is most popular/availableGood for 100-400 feet … in a houseGood for 100-400 feet … in a house
General rule – don’t mix equipment made to different General rule – don’t mix equipment made to different standardsstandards
BluetoothBluetooth Standard which is often used for peripheral devicesStandard which is often used for peripheral devices
Printers, scanners, cell phones, etcPrinters, scanners, cell phones, etcShort range (10 ft), high speedShort range (10 ft), high speed
What is a Cable/DSL ModemWhat is a Cable/DSL Modem
Modem (modulator/demodulator) Modem (modulator/demodulator) encodes/decodes information transmitted to the encodes/decodes information transmitted to the
internetinternet
Usually provided and controlled by your ISPUsually provided and controlled by your ISP
Connects your home to the Internet.Connects your home to the Internet.
This is the device that gets your public IP This is the device that gets your public IP (internet protocol) address(internet protocol) address
Normally has no firewall protectionNormally has no firewall protection
What is a RouterWhat is a Router
Connects one network to another … Sometimes Connects one network to another … Sometimes called a “Gateway”called a “Gateway”
Connects your computer to the internet (cable Connects your computer to the internet (cable modem or DSL Line) – keeps LAN traffic localmodem or DSL Line) – keeps LAN traffic local
Routers keep track of IP addresses and physical Routers keep track of IP addresses and physical (MAC) addresses of hosts(MAC) addresses of hosts IP (Internet Protocol) address … your computers IP (Internet Protocol) address … your computers
internet addressinternet address MAC (Media Access ControlMAC (Media Access Control) ) … id for each physical … id for each physical
communication devicecommunication device
What is an Access PointWhat is an Access Point
A point where computers access a networkA point where computers access a network Device which links wireless users to networkDevice which links wireless users to network Transmits and receives data (Transceiver)Transmits and receives data (Transceiver) Bridge between wireless and wired networksBridge between wireless and wired networks
Can be linked together to cover broad areaCan be linked together to cover broad area
No security or firewall implementedNo security or firewall implemented
What is a FirewallWhat is a Firewall
A device that filters packets of data or trafficA device that filters packets of data or traffic
Its job is to be a traffic copIts job is to be a traffic cop
You configure the firewall:You configure the firewall: What will allow to passWhat will allow to pass What will it blockWhat will it block
Hides your home network from the outside worldHides your home network from the outside world
Can be either in hardware or softwareCan be either in hardware or software
Most popular routers for home have built in Most popular routers for home have built in firewall protectionfirewall protection
What Does a Firewall do?What Does a Firewall do?
They:They:Protect your home computer from the bad guysProtect your home computer from the bad guysKeep your information privateKeep your information privateMake you less of a targetMake you less of a target
By:By:Stopping virusesStopping virusesHiding your computer from the worldHiding your computer from the worldMaking the bad guys work harder to get your Making the bad guys work harder to get your infoinfo
Firewall ProtectionFirewall Protection
1.1. Checks incoming traffic from the network before it gets to your home network …. default Checks incoming traffic from the network before it gets to your home network …. default – Blocks all Incoming connections– Blocks all Incoming connections
2.2. Traffic leaving your home network … default - Allow all outbound connectionsTraffic leaving your home network … default - Allow all outbound connections
3.3. Hardware firewalls protect you home network by stop all traffic before it get to your Hardware firewalls protect you home network by stop all traffic before it get to your computers computers
4.4. Personal software firewall on your computer blocks incoming and outgoing (lets you know Personal software firewall on your computer blocks incoming and outgoing (lets you know what is leaving your computer)what is leaving your computer)
FirewallHome
NetworkHome
Network
InternetInternet
HardwareHardwareFirewall RoutersFirewall Routers
The idea is layers of protectionThe idea is layers of protection
Examples of home combo units includeExamples of home combo units include BelkinBelkin (we will demo tonight) DlinkDlink LinksysLinksys NetgearNetgear
Software FirewallsSoftware Firewalls
Adding a second level of protectionAdding a second level of protection
Controlling what leaves your computerControlling what leaves your computer
By being aware of application level attacksBy being aware of application level attacks
By allow you to scheduleBy allow you to schedule Usage of the internet by time (control access at night)Usage of the internet by time (control access at night) By location (block content for young children)By location (block content for young children)
Software Firewalls for Home UseSoftware Firewalls for Home Use
ExamplesExamples Zone Alarm (Free)Zone Alarm (Free) McAfee FirewallMcAfee Firewall Symantec’s Norton Personal FirewallSymantec’s Norton Personal Firewall Computer Associates with Firewall (free) Computer Associates with Firewall (free) Windows Firewall in XP Service Pack 2 (free) Windows Firewall in XP Service Pack 2 (free)
Configure Wireless Firewall/router Configure Wireless Firewall/router OverviewOverview
1.1. Basic SettingsBasic Settings … name, ip address, etc … name, ip address, etcCheck for firmware updatesCheck for firmware updates
2.2. Set Account nameSet Account name and password and password Change name and password … don’t used default Change name and password … don’t used default
3.3. Wireless SettingsWireless Settings SSID broadcast … SSID broadcast …
make sure that remote computers are set to automatically connectmake sure that remote computers are set to automatically connectDo Do not not enable DMZ enable DMZ Do enable ping blockingDo enable ping blocking
4.4. SecuritySecurity - Blocking and Filtering - Blocking and FilteringWireless Security encryptionWireless Security encryptionMAC filteringMAC filtering
5.5. Back up settingsBack up settings
Basic Settings and InfoBasic Settings and Info
Run Install CD that comes with routerRun Install CD that comes with router Basic info will be automatically entered or requestedBasic info will be automatically entered or requested
To change info:To change info: For Belkin the default IP address is 192.168.2.1For Belkin the default IP address is 192.168.2.1
Other manufacturers use different ip addresses (later slide)Other manufacturers use different ip addresses (later slide) Enter this into address barEnter this into address bar Setup page will be displayedSetup page will be displayed
Firmware - Firmware - software that is embedded in a hardware devicesoftware that is embedded in a hardware device Updated occasionally by manufacturesUpdated occasionally by manufactures Check whenever you access routerCheck whenever you access router
Account NameAccount Name
Change name Change name Default name is set by manufacturer … eg, Belkin54Default name is set by manufacturer … eg, Belkin54 Bad guys know defaults and default administrative Bad guys know defaults and default administrative
passwordspasswords
Create Administrative PasswordCreate Administrative Password Use Strong PasswordUse Strong Password
Record your password where you can find it so Record your password where you can find it so you can make changesyou can make changes
Default InfoDefault Info
Router default info is easily available on internet for Router default info is easily available on internet for consumers … and the bad guysconsumers … and the bad guys
eg eg http://www.otosoftware.com/wwhelp/http://www.otosoftware.com/wwhelp/Default_Router_Usernames_and_Passwords.htmDefault_Router_Usernames_and_Passwords.htmhttp://forum.pcmech.com/showthread.php?t=64258http://forum.pcmech.com/showthread.php?t=64258
So Change Name and PasswordSo Change Name and Password
Mfg Default IP User Name Password
Belkin 192.168.2.1 admin blank
D-link 192.168.0.1 admin blank
Linksys 192.168.1.1 blank admin
Netgear 192.168.0.1 admin password
PasswordsPasswords
Your computer password is the foundation of Your computer password is the foundation of your computer securityyour computer security
No Password = No Security No Password = No Security
Old Passwords & Same Password = Reduced SecurityOld Passwords & Same Password = Reduced Security
Set and change the “administrator” password on router (and your Set and change the “administrator” password on router (and your computer logon)computer logon)
STRONG PASSWORD … 6-8 digit passwords STRONG PASSWORD … 6-8 digit passwords use upper, lower case, numbers and symbolsuse upper, lower case, numbers and symbols
Wireless SettingsWireless Settings
SSID - service set identifierSSID - service set identifier name given to your wireless networkname given to your wireless network Broadcasting this ID makes network visible to PCs in areaBroadcasting this ID makes network visible to PCs in area
can be turned off so it will not be detected by other PCs in areacan be turned off so it will not be detected by other PCs in areaBe sure to set up your own pc to automatically detect and logon to Be sure to set up your own pc to automatically detect and logon to your WLANyour WLAN
DMZ – DMZ – allows you to select a PC to access WLAN outside the firewall allows you to select a PC to access WLAN outside the firewall do not enable unless firewall interferes with some activitydo not enable unless firewall interferes with some activity
Ping Blocking –troubleshooting tool Ping Blocking –troubleshooting tool Signal sent and echo received indicates valid ip address Signal sent and echo received indicates valid ip address Used by hackers to find active computersUsed by hackers to find active computers Enable ping blocking … won’t send echo backEnable ping blocking … won’t send echo back
SecuritySecurity Blocking and FilteringBlocking and Filtering
EncryptionEncryption – coding transmissions – coding transmissions Multiple variations. 2 most common:Multiple variations. 2 most common:
WPA-PSK … WPA-PSK … Wireless Protected Access (Pre-shared key)Wireless Protected Access (Pre-shared key) Use same password for all computersUse same password for all computers Preferred ChoicePreferred Choice
WEP … WEP … Wired equivalent privacyWired equivalent privacy 64 or 128 bit encryption … doesn’t matter64 or 128 bit encryption … doesn’t matter Enter Password … converts to hex code Enter Password … converts to hex code
Must enter hex codeMust enter hex code 22ndnd Choice (if WPA not supported) Choice (if WPA not supported)
MAC FilteringMAC Filtering
MAC addressMAC address … … Media Access Control addressMedia Access Control address Unique ID permanently attached to each Unique ID permanently attached to each
communication device by manufacturer – hardware idcommunication device by manufacturer – hardware id Can find MAC address: run Can find MAC address: run cmd cmd ipconfig/all ipconfig/all
Enter MAC addresses of acceptable network Enter MAC addresses of acceptable network clientsclients If address is not on filter list, access to network will be If address is not on filter list, access to network will be
denieddenied
Very effective security methodVery effective security method
RECAPRECAPSteps to protect your wireless networkSteps to protect your wireless network
1. Change the default password on your router2. Enable WPA(PSK) or WEP on router and wireless
workstation3. Use MAC address filtering4. SSID broadcast off5. Prohibit Peer-to-peer (Ad Hoc) networking5. Keep current on hardware bios upgrades
Print and File SharingPrint and File SharingOverviewOverview
Print and File Sharing:Print and File Sharing: Useful, but Risky if all computers are not secureUseful, but Risky if all computers are not secure
Setting up Network for Printer and File sharingSetting up Network for Printer and File sharing1.1. Interface cardInterface card
Set Interface card to allow Set Interface card to allow
2.2. Each computer in networkEach computer in network Make sure each computer is part of networkMake sure each computer is part of network
3.3. PrinterPrinter Make sure that Print sharing is allowed for printerMake sure that Print sharing is allowed for printer Load appropriate print drivers on each computerLoad appropriate print drivers on each computer
4.4. Firewall SettingsFirewall Settings Reset network IP range to trusted zone Reset network IP range to trusted zone
5.5. Place files to share in “Shared Documents” folderPlace files to share in “Shared Documents” folder
Print and File SharingPrint and File SharingDetails (1)Details (1)
Be sure WLAN is working and secureBe sure WLAN is working and secure
Interface cardInterface card Start Start connect to connect to NIC or WLAN card NIC or WLAN card
propertiespropertiesCheck “File and Printer sharing on Microsoft Networks”Check “File and Printer sharing on Microsoft Networks”
Repeat for all PCs on NetworkRepeat for all PCs on Network
PrinterPrinter Start Start Printers and Faxes Printers and Faxes shared printer shared printer
Select properties Select properties sharing sharing check “share this Printer) check “share this Printer)
Print and File SharingPrint and File SharingDetails (2)Details (2)
FirewallFirewall Be sure WLAN IPs are allowed in Firewall for all Be sure WLAN IPs are allowed in Firewall for all
PCsPCs Zone AlarmZone Alarm
Firewall Firewall zones zones add add IP range IP range <enter <enter appropriate range>appropriate range>
Network ID for each computerNetwork ID for each computer Under Under My Computer My Computer Properties Properties Computer Computer
namename ClickClick Change Change and add WLAN name as Workgroupand add WLAN name as Workgroup
Shared Documents Folder for each computerShared Documents Folder for each computer Any files in the Shared Documents folder will be Any files in the Shared Documents folder will be
accessible from all computersaccessible from all computers
QuestionsQuestions