Wireless Networks

Configuring your Home Configuring your Home Wireless NetworkWireless Network

Adapted from Presentation at APCUGBy Jay Ferron

ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM

Presented by Lou KochMarch 14, 2006

QuestionsQuestionsHow many of you have more than one computer How many of you have more than one computer at home?at home?How many of you connect to the Internet using How many of you connect to the Internet using broadband (Cable or DSL)broadband (Cable or DSL)How many already have a home router? How many already have a home router? Already have a wireless router?Already have a wireless router?

For those who have not already done so, we For those who have not already done so, we will show you how to install a WLAN tonight.will show you how to install a WLAN tonight.

More critically we will discuss ways to secure More critically we will discuss ways to secure your wireless networkyour wireless network

AgendaAgenda

Connecting things togetherConnecting things together

Home network - terminologyHome network - terminology

Security – Firewalls, Filtering, etcSecurity – Firewalls, Filtering, etc

Setting up a home routerSetting up a home router

Setting up Print and File SharingSetting up Print and File Sharing

QuestionsQuestions

Home NetworkHome Network

Internet – ISP Internet – ISP Wire to homeWire to home

ModemModem Translates electronic dataTranslates electronic data

RouterRouter Disperses electronic dataDisperses electronic data

Network AdaptorNetwork Adaptor Required for each ComputerRequired for each Computer Wired Wired

NIC (network interface card) NIC (network interface card) or ethernet cardor ethernet card

WirelessWirelessWireless AdaptorWireless Adaptor

NetworkNetwork One or more devices connected togetherOne or more devices connected together

To the Internet with a routerTo the Internet with a router

To each other in order to share Resources: To each other in order to share Resources: Internet ConnectionsInternet Connections

Sharing FilesSharing Files

Sharing PrintersSharing Printers

WAN, LAN, WLAN, PANWAN, LAN, WLAN, PANWAN – WAN – WWide ide AArea rea NNetwork … many computers, locationsetwork … many computers, locations

LAN – LAN – LLocal ocal AArea rea NNetwork … few computers, 1 locationetwork … few computers, 1 location

PAN – PAN – PPersonal ersonal AArea rea NNetwork … home networketwork … home network

WLAN – WLAN – WWireless ireless LLocal ocal AArea rea NNetworketwork

WirelessWireless

Wireless Networking StandardsWireless Networking Standards 802.11 a, b, and g 802.11 a, b, and g

configuration specifications to insure compatibility configuration specifications to insure compatibility Different speed/range capabilitiesDifferent speed/range capabilities

Equipment conforming to “g” is most popular/availableEquipment conforming to “g” is most popular/availableGood for 100-400 feet … in a houseGood for 100-400 feet … in a house

General rule – don’t mix equipment made to different General rule – don’t mix equipment made to different standardsstandards

BluetoothBluetooth Standard which is often used for peripheral devicesStandard which is often used for peripheral devices

Printers, scanners, cell phones, etcPrinters, scanners, cell phones, etcShort range (10 ft), high speedShort range (10 ft), high speed

What is a Cable/DSL ModemWhat is a Cable/DSL Modem

Modem (modulator/demodulator) Modem (modulator/demodulator) encodes/decodes information transmitted to the encodes/decodes information transmitted to the

internetinternet

Usually provided and controlled by your ISPUsually provided and controlled by your ISP

Connects your home to the Internet.Connects your home to the Internet.

This is the device that gets your public IP This is the device that gets your public IP (internet protocol) address(internet protocol) address

Normally has no firewall protectionNormally has no firewall protection

What is a RouterWhat is a Router

Connects one network to another … Sometimes Connects one network to another … Sometimes called a “Gateway”called a “Gateway”

Connects your computer to the internet (cable Connects your computer to the internet (cable modem or DSL Line) – keeps LAN traffic localmodem or DSL Line) – keeps LAN traffic local

Routers keep track of IP addresses and physical Routers keep track of IP addresses and physical (MAC) addresses of hosts(MAC) addresses of hosts IP (Internet Protocol) address … your computers IP (Internet Protocol) address … your computers

internet addressinternet address MAC (Media Access ControlMAC (Media Access Control) ) … id for each physical … id for each physical

communication devicecommunication device

What is an Access PointWhat is an Access Point

A point where computers access a networkA point where computers access a network Device which links wireless users to networkDevice which links wireless users to network Transmits and receives data (Transceiver)Transmits and receives data (Transceiver) Bridge between wireless and wired networksBridge between wireless and wired networks

Can be linked together to cover broad areaCan be linked together to cover broad area

No security or firewall implementedNo security or firewall implemented

What is a FirewallWhat is a Firewall

A device that filters packets of data or trafficA device that filters packets of data or traffic

Its job is to be a traffic copIts job is to be a traffic cop

You configure the firewall:You configure the firewall: What will allow to passWhat will allow to pass What will it blockWhat will it block

Hides your home network from the outside worldHides your home network from the outside world

Can be either in hardware or softwareCan be either in hardware or software

Most popular routers for home have built in Most popular routers for home have built in firewall protectionfirewall protection

What Does a Firewall do?What Does a Firewall do?

They:They:Protect your home computer from the bad guysProtect your home computer from the bad guysKeep your information privateKeep your information privateMake you less of a targetMake you less of a target

By:By:Stopping virusesStopping virusesHiding your computer from the worldHiding your computer from the worldMaking the bad guys work harder to get your Making the bad guys work harder to get your infoinfo

Firewall ProtectionFirewall Protection

1.1. Checks incoming traffic from the network before it gets to your home network …. default Checks incoming traffic from the network before it gets to your home network …. default – Blocks all Incoming connections– Blocks all Incoming connections

2.2. Traffic leaving your home network … default - Allow all outbound connectionsTraffic leaving your home network … default - Allow all outbound connections

3.3. Hardware firewalls protect you home network by stop all traffic before it get to your Hardware firewalls protect you home network by stop all traffic before it get to your computers computers

4.4. Personal software firewall on your computer blocks incoming and outgoing (lets you know Personal software firewall on your computer blocks incoming and outgoing (lets you know what is leaving your computer)what is leaving your computer)

FirewallHome

NetworkHome

Network

InternetInternet

HardwareHardwareFirewall RoutersFirewall Routers

The idea is layers of protectionThe idea is layers of protection

Examples of home combo units includeExamples of home combo units include BelkinBelkin (we will demo tonight) DlinkDlink LinksysLinksys NetgearNetgear

Software FirewallsSoftware Firewalls

Adding a second level of protectionAdding a second level of protection

Controlling what leaves your computerControlling what leaves your computer

By being aware of application level attacksBy being aware of application level attacks

By allow you to scheduleBy allow you to schedule Usage of the internet by time (control access at night)Usage of the internet by time (control access at night) By location (block content for young children)By location (block content for young children)

Software Firewalls for Home UseSoftware Firewalls for Home Use

ExamplesExamples Zone Alarm (Free)Zone Alarm (Free) McAfee FirewallMcAfee Firewall Symantec’s Norton Personal FirewallSymantec’s Norton Personal Firewall Computer Associates with Firewall (free) Computer Associates with Firewall (free) Windows Firewall in XP Service Pack 2 (free) Windows Firewall in XP Service Pack 2 (free)

Configure Wireless Firewall/router Configure Wireless Firewall/router OverviewOverview

1.1. Basic SettingsBasic Settings … name, ip address, etc … name, ip address, etcCheck for firmware updatesCheck for firmware updates

2.2. Set Account nameSet Account name and password and password Change name and password … don’t used default Change name and password … don’t used default

3.3. Wireless SettingsWireless Settings SSID broadcast … SSID broadcast …

make sure that remote computers are set to automatically connectmake sure that remote computers are set to automatically connectDo Do not not enable DMZ enable DMZ Do enable ping blockingDo enable ping blocking

4.4. SecuritySecurity - Blocking and Filtering - Blocking and FilteringWireless Security encryptionWireless Security encryptionMAC filteringMAC filtering

5.5. Back up settingsBack up settings

Basic Settings and InfoBasic Settings and Info

Run Install CD that comes with routerRun Install CD that comes with router Basic info will be automatically entered or requestedBasic info will be automatically entered or requested

To change info:To change info: For Belkin the default IP address is 192.168.2.1For Belkin the default IP address is 192.168.2.1

Other manufacturers use different ip addresses (later slide)Other manufacturers use different ip addresses (later slide) Enter this into address barEnter this into address bar Setup page will be displayedSetup page will be displayed

Firmware - Firmware - software that is embedded in a hardware devicesoftware that is embedded in a hardware device Updated occasionally by manufacturesUpdated occasionally by manufactures Check whenever you access routerCheck whenever you access router

Account NameAccount Name

Change name Change name Default name is set by manufacturer … eg, Belkin54Default name is set by manufacturer … eg, Belkin54 Bad guys know defaults and default administrative Bad guys know defaults and default administrative

passwordspasswords

Create Administrative PasswordCreate Administrative Password Use Strong PasswordUse Strong Password

Record your password where you can find it so Record your password where you can find it so you can make changesyou can make changes

Default InfoDefault Info

Router default info is easily available on internet for Router default info is easily available on internet for consumers … and the bad guysconsumers … and the bad guys

eg eg http://www.otosoftware.com/wwhelp/http://www.otosoftware.com/wwhelp/Default_Router_Usernames_and_Passwords.htmDefault_Router_Usernames_and_Passwords.htmhttp://forum.pcmech.com/showthread.php?t=64258http://forum.pcmech.com/showthread.php?t=64258

So Change Name and PasswordSo Change Name and Password

Mfg Default IP User Name Password

Belkin 192.168.2.1 admin blank

D-link 192.168.0.1 admin blank

Linksys 192.168.1.1 blank admin

Netgear 192.168.0.1 admin password

PasswordsPasswords

Your computer password is the foundation of Your computer password is the foundation of your computer securityyour computer security

No Password = No Security No Password = No Security

Old Passwords & Same Password = Reduced SecurityOld Passwords & Same Password = Reduced Security

Set and change the “administrator” password on router (and your Set and change the “administrator” password on router (and your computer logon)computer logon)

STRONG PASSWORD … 6-8 digit passwords STRONG PASSWORD … 6-8 digit passwords use upper, lower case, numbers and symbolsuse upper, lower case, numbers and symbols

Wireless SettingsWireless Settings

SSID - service set identifierSSID - service set identifier name given to your wireless networkname given to your wireless network Broadcasting this ID makes network visible to PCs in areaBroadcasting this ID makes network visible to PCs in area

can be turned off so it will not be detected by other PCs in areacan be turned off so it will not be detected by other PCs in areaBe sure to set up your own pc to automatically detect and logon to Be sure to set up your own pc to automatically detect and logon to your WLANyour WLAN

DMZ – DMZ – allows you to select a PC to access WLAN outside the firewall allows you to select a PC to access WLAN outside the firewall do not enable unless firewall interferes with some activitydo not enable unless firewall interferes with some activity

Ping Blocking –troubleshooting tool Ping Blocking –troubleshooting tool Signal sent and echo received indicates valid ip address Signal sent and echo received indicates valid ip address Used by hackers to find active computersUsed by hackers to find active computers Enable ping blocking … won’t send echo backEnable ping blocking … won’t send echo back

SecuritySecurity Blocking and FilteringBlocking and Filtering

EncryptionEncryption – coding transmissions – coding transmissions Multiple variations. 2 most common:Multiple variations. 2 most common:

WPA-PSK … WPA-PSK … Wireless Protected Access (Pre-shared key)Wireless Protected Access (Pre-shared key) Use same password for all computersUse same password for all computers Preferred ChoicePreferred Choice

WEP … WEP … Wired equivalent privacyWired equivalent privacy 64 or 128 bit encryption … doesn’t matter64 or 128 bit encryption … doesn’t matter Enter Password … converts to hex code Enter Password … converts to hex code

Must enter hex codeMust enter hex code 22ndnd Choice (if WPA not supported) Choice (if WPA not supported)

MAC FilteringMAC Filtering

MAC addressMAC address … … Media Access Control addressMedia Access Control address Unique ID permanently attached to each Unique ID permanently attached to each

communication device by manufacturer – hardware idcommunication device by manufacturer – hardware id Can find MAC address: run Can find MAC address: run cmd cmd ipconfig/all ipconfig/all

Enter MAC addresses of acceptable network Enter MAC addresses of acceptable network clientsclients If address is not on filter list, access to network will be If address is not on filter list, access to network will be

denieddenied

Very effective security methodVery effective security method

RECAPRECAPSteps to protect your wireless networkSteps to protect your wireless network

1. Change the default password on your router2. Enable WPA(PSK) or WEP on router and wireless

workstation3. Use MAC address filtering4. SSID broadcast off5. Prohibit Peer-to-peer (Ad Hoc) networking5. Keep current on hardware bios upgrades

Print and File SharingPrint and File SharingOverviewOverview

Print and File Sharing:Print and File Sharing: Useful, but Risky if all computers are not secureUseful, but Risky if all computers are not secure

Setting up Network for Printer and File sharingSetting up Network for Printer and File sharing1.1. Interface cardInterface card

Set Interface card to allow Set Interface card to allow

2.2. Each computer in networkEach computer in network Make sure each computer is part of networkMake sure each computer is part of network

3.3. PrinterPrinter Make sure that Print sharing is allowed for printerMake sure that Print sharing is allowed for printer Load appropriate print drivers on each computerLoad appropriate print drivers on each computer

4.4. Firewall SettingsFirewall Settings Reset network IP range to trusted zone Reset network IP range to trusted zone

5.5. Place files to share in “Shared Documents” folderPlace files to share in “Shared Documents” folder

Print and File SharingPrint and File SharingDetails (1)Details (1)

Be sure WLAN is working and secureBe sure WLAN is working and secure

Interface cardInterface card Start Start connect to connect to NIC or WLAN card NIC or WLAN card

propertiespropertiesCheck “File and Printer sharing on Microsoft Networks”Check “File and Printer sharing on Microsoft Networks”

Repeat for all PCs on NetworkRepeat for all PCs on Network

PrinterPrinter Start Start Printers and Faxes Printers and Faxes shared printer shared printer

Select properties Select properties sharing sharing check “share this Printer) check “share this Printer)

Print and File SharingPrint and File SharingDetails (2)Details (2)

FirewallFirewall Be sure WLAN IPs are allowed in Firewall for all Be sure WLAN IPs are allowed in Firewall for all

PCsPCs Zone AlarmZone Alarm

Firewall Firewall zones zones add add IP range IP range <enter <enter appropriate range>appropriate range>

Network ID for each computerNetwork ID for each computer Under Under My Computer My Computer Properties Properties Computer Computer

namename ClickClick Change Change and add WLAN name as Workgroupand add WLAN name as Workgroup

Shared Documents Folder for each computerShared Documents Folder for each computer Any files in the Shared Documents folder will be Any files in the Shared Documents folder will be

accessible from all computersaccessible from all computers

QuestionsQuestions