How to safely configure your home wireless network

  • View

  • Download

Embed Size (px)



Text of How to safely configure your home wireless network

  • 1. Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] WiFi for Dummies Smart People who arent sure how set it up securely DHS IT Fair March 12, 2009

2. Agenda

  • Why wireless?
  • Wireless basics
  • Top 10 tips
  • Wireless at DHS

3. Why Wireless? 4. Wireless Basics

  • You need:
  • Computer/Laptop
    • Built-in wireless (or WiFi)
    • a/b/g/n
    • Connects to Access Point
  • Wireless Access Point or Router
    • Receives/transmits signals between wireless computer and network

5. Wireless Basics 6. What, Me Worry?

  • If you can connect to your wireless network.
  • An outsider can:
    • Connect to your home network
    • listen to what you do: taxes, banking, personal communication
    • And will look like they are part of your home network, so if they do something bad

what stops anyone else? 7. Wireless Basics

  • WiFi
    • Not an acronym
    • Trademark
    • Play on words (Hi Fi)

8. Top 10 Tips

  • Netgear WGR614v6
  • Why?
    • Cheap
    • Available locally
  • Not an endorsement!
  • (also Belkin F5D7230-4)

9. Top 10 Tips

  • Log in to the wireless Access Point/Router

10. Top 10 Tips

  • Change the default SSID

Name (SSID) : Enter a value of up to 32 alphanumeric characters. The same Name (SSID) must be assigned to all wireless devices in your network. The default SSID is NETGEAR, but NETGEAR strongly recommends that you change your network's Name (SSID) to a different value. This value is also case-sensitive. For example, NETGEAR is not the same as NETGEAr. 11. Top 10 Tips

  • Change the default SSID

12. Top 10 Tips 13. Top 10 Tips

  • Disable SSID Broadcast
  • (but it was unclear how!)

Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect. 14. Top 10 Tips

  • Disable SSID Broadcast

15. Top 10 Tips

  • Use Encryption (WPA/WPA2)

16. Top 10 Tips

  • Key Sharing:

17. Top 10 Tips

  • But WEP and WPA-TKIP have been cracked
  • This Netgear only has WPA-TKIP (need newer model)
  • The Belkin has WPA2
  • still OK for suburbs but not for city, apts, or rural (maybe).

18. Top 10 Tips 19. Top 10 Tips

  • Change the default administrator password

Figure 3-2: Log in to the router When prompted, enteradminfor the router user name andpasswordfor the router password, both in lower case letters 20. Top 10 Tips

  • Change the default administrator password

21. Top 10 Tips

  • Change the default SSID
  • Disable SSID Broadcast
  • Use Encryption (WPA/WPA2)
  • Change the default administrator password

22. Defaults are Dangerous! Disabled WEP Open System Authentication Type NETGEAR SSID Enabled SSID broadcast All wireless stations allowed Wireless Access List (MAC Filtering) Enabled Wireless Access Point DEFAULT FACTORY SETTINGS FEATURE 23. Top 10 Tips

  • Use HTTPS (and enable inside only admin)

(Neither device has https) 24. Top 10 Tips

  • Enable Firewall (and any other security features)

25. Top 10 Tips

  • Turn it off when not in use.
    • The safest computer is one that is off!

26. Top 10 Tips

  • Access Point placement(and lower the power)
  • (Belkin.Netgear does not provide range.)
  • Typical indoor operating range for your wireless devices is between 100 and 200 feet.
  • Depends on interference - typically 50300 ft. indoors

27. Top 10 Tips 28. Top 10 Tips 29. Top 10 Tips

  • Patches/Updates
    • Not automatic
    • You need to check
    • Not frequent


  • Patches/Updates

Top 10 Tips

  • The routing software of the WGR614 v6 router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR Web site.
  • To upload new firmware:
  • Download and unzip the new software file from NETGEAR.
  • In the Router Upgrade menu, click the Browse button and browse to the location of the upgrade file
  • Click Upload.

31. Top 10 Tips

  • NAT/Static IP Addresses/Disable DHCP
  • (dont disable DHCP if you are connecting your DHS laptop to your home wireless)

32. (bonus!) Top 10 Tips

  • MAC address filtering

33. Top 10 Tips

  • Change the default SSID
  • Disable SSID Broadcast
  • Use Encryption (WPA2)
  • Change the default administrator password
  • Use HTTPS
  • Enable Firewall/Security Features
  • Turn it off when not in use.
  • Access Point placement
  • Patches/Updates
  • Static IP Addresses/Disable DHCP
  • MAC address filtering (bonus!)

34. Wireless at DHS

  • DHS wireless networks have been assessed by Information Security and use most of the controls weve listed here (and some others)
  • If youneedwireless access, request form is at: InfoLink>Forms>Technology>Remote Access/Wireless Request Form
  • (requires supervisor and director approval)

35. Wireless outside of DHS

  • Home wireless is OK if you are authorized for remote access and wireless; otherwise:
    • Businessneed
    • Use identified, named networks
    • And always:
    • Use a VPN to access DHS
    • (when you connect to an unknown network, start your VPN before doing anything else)

36. Wireless outside of DHS

  • For your own personally owned laptop:
  • Turn on the Windows firewall
  • Encrypt sensitive files
  • Dont type in credit card numbers, passwords, or similar info
  • Turn off wireless if youre not using it.

37. Discussion?