Before we talk about wireless network security, we must first understand how a wireless network operates.
For most home and small business users, a wireless network is basically a set of devices that enable all of the personal computers in your location to use a broadband internet connection simultaneously.
Wireless networks don't use cables for connections, but instead use radio waves, like cordless phones. Also known as Wi-Fi, or Wireless Fidelity, wireless networks allow you to use your networked computers or laptops anywhere in an office or home.
Wireless networking is also available in public "hotspots," like coffee shops, hotel rooms and lobbies, and airports.
You may have heard the term "Internet Cafe". This refers to a place of business (most often, a coffee shop) which offers wireless network access for anyone who wants to bring in a laptop equipped with a wireless network card. The wireless network card picks up the wireless network signal and the two communicate over that signal. Here's a web page which talks about the wireless network security risks of using Internet Cafes, if you are interested.
But, just as with a cell phone, a wireless network (and any computer you have connected to it) can be hacked, especially if it isn't secured.
CAVEAT and Disclaimer: Wireless networks are inherently unsafe and cannot be completely secured, as there are hackers who will always be one step ahead of the commercial security vendors.
So I, Ellen Davis, do not guarantee that your wireless network security will be impenetrable after completing the steps offered on this site.
However, in my opinion, the majority of hackers are going after bigger fish, and don't have much interest in your wireless home network, except maybe to use it for free internet access.
So unless you are storing hundreds of credit card numbers on your computers for some reason, or you have some kind of important information that can be sold on the black market, or you make some hacker mad, applying the steps below will help ensure your wireless network security is at least better than it would be if you did nothing.
Let's take a closer look at setting up a wireless network and the best practices for building in wireless network security.
First, here’s a list of components needed to build a basic home or small office wireless network:
1. Windows based personal computers, and/or personal laptops with Windows XP SP2 installed. (Windows XP SP2 is compatible with WPA2 Personal encryption, which is what I recommend using).
2. WPA2 enabled wired or wireless network adapters, which should be (or may already be) installed in each of your computers.
If you aren't sure whether Windows XP and the network cards installed on your computer are enabled for WPA2, here's an excellent page that walks you through how to upgrade Windows XP, routers and network cards to WPA2.
3. Ethernet cables, also known as CAT5 cables. They come in 3, 6, 10, 25, and 50 foot lengths. Desktop and laptop computers won’t need a cable if a wireless network card in installed.
4. A wireless router that supports WPA and WPA2 encryption. There are many different brands, but I use Linksys wireless routers because they are reliable and easy to set up. They cost around $60 in the big office supply or computer stores.
5. A broadband internet connection.
6. The wireless network security steps below.
Second, you need steps on how to secure a wireless network. I've included the details on how to implement reliable wireless network security below: (I'm assuming that we are in your home or small business office, and that you have a desktop PC wired into your broadband box and that you will be using a new Linksys router):
1. First, you must have either a regular or wireless network card in all of the computers in your house. For most wireless networks, a desktop computer nearest to the broadband jack will be connected via a wired network card and cable. Laptops or any other computer not close to the router will be connected via wireless card (or long CAT 5 cable).
IMPORTANT Note: If you have older network cards, they may not be compatible with the new WPA2 security protocol. Upgrade the drivers or the cards if you have to, because relying on any other security protocol like WEP is just not as good when it comes to wireless security.
You may also need to upgrade Windows XP SP2 to be compatible with WPA2 security. Here's the Microsoft page to do this.
2. If you haven’t done so already, place an order for a broadband (aka high speed) internet service installation with your local internet service provider. (This can be a cable company, the telephone company or a wireless tower provider – shop around for the best deal).
3. Purchase a wireless router and install it. NOTE: Be careful about buying used routers; the previous owner could install malicious software on them that could hurt your computer. New is better if you don’t know how to clean them up.
4. Following the instructions that come with the router, set it up next to the computer that is plugged into the broadband connection box.
5. IMPORTANT!! SECURE your wireless router. Follow each of these steps to make sure your wireless network security is reliable and your network is safe from outside intrusion:
* Change the default wireless network name or SSID to something unique but not personal (no social security numbers or house addresses). The name you choose can be up to 32 characters long and you need to be able to remember it. Linksys sets the default name to Linksys on their routers and every hacker in the world knows that, so don’t leave it unchanged.
* Change the default password. Linksys sets a default password of admin, and every hacker knows that too. Change it to a password that includes both letters and numbers. Avoid using words that can be found in a dictionary. Also, make sure you either remember it or note it somewhere secure. You will need if you want to access your router later to make changes.
* Enable Encryption. Linksys routers offer several kinds of security protocols – WPA, WPA2 and WEP are the major types.
The newest and most secure kind of encryption is WPA2. Both WEP and WPA have already been cracked by hackers. WPA2 is the most secure, so I would implement it over the other choices.
When the router setup asks you to choose a wireless security encryption method, choose security mode "WPA2 Personal". Then choose algorithms "TKIP+AES". Choose a strong password for your encryption key, such as a combination of letters and numbers. It can be from 8 to 63 characters, I would use at least 14 characters. Leave the key renewal interval as it is, and save the setting. Make sure you can remember the key. I hate to tell you to write it down, but if you must, you must.
Later, when you try to connect your wireless clients to your network, the card utility should automatically ask you for the preshared key. Enter it twice and you should get connected. If not, please check that the wireless card in the computer is actually compatible with WPA/WPA2.
Note: If you have an older router that supports WEP only, and you don't want to upgrade it, please remember that WEP is very easy to crack, so your wireless network won't be as secure. You'll be at least safer if you use 128-bit WEP keys, but I would recommend that you check the router manufacturer's website for a firmware upgrade that will add WPA support.
* DON'T turn off SSID Broadcasting. A wireless router can broadcast its SSID name by sending out a continuous radio ping. This is convenient for people trying to connect to it, because they don’t have to remember the name of the network. It seems like it would be good to turn that off, but on Windows XP, it isn't a good idea.
Windows XP, by default, always tries to connect to the first broadcasted wireless network. If you turn off SSID broadcasting, Windows XP won't connect to your network first if it finds a broadcasting network in close enough range. That's not good wireless network security, for sure. So it's best to continue broadcasting while implementing WPA2 encryption instead.
Plus you won't have to choose to connect to "nonbroadcasting networks" on your computers, and then type in the name of the network to connect to it.
* You have now successfully implemented wireless network security on your router that should keep your data relatively safe (see caveat above for more info).
Let's keep going to finish setting up our network, and connecting to the internet.
6. Change the network card settings in each of your PCs to match the router settings. Pay particular attention to the SSID, the type of encryption, and the key you used when you set up the router.
You’ll need to know this info when are ready to connect any wireless PCs or laptops. Wired computers will get the information they need automatically, as long as the network card is set up to use DHCP, which basically means the network card goes out and gets what it needs from the network automatically.
7. If you have a laptop with a wireless card, check to make sure the wifi capabilities are on. NOTE: On some laptops, there is a switch or button on the laptop that turns the wireless network card on or off. If you are having trouble "seeing" the wireless network, you may have to "turn on" your wireless network card.
8. Once your computer network cards have the network information that matches the router, they will connect and you’ll be able to connect to the internet, with confidence that your wireless network security is set up correctly.
9. Note: Look for the wireless signal strength in the system tray located in the bottom right hand corner of your Windows desktop. It will look a bunch of colored bars.
Green means the signal is strong, yellow is weaker, and red means no signal at all.
Walk around your house with your laptop and see how good the signal is in each room.
Being able to work anywhere in your house depends on how big your house is, and where your wireless router is located. As you walk around, you’ll see the signal strength icon in the Windows system tray changed.
Very quickly, you’ll find out the best places to be for full network speed. It's makes working on your computer kind of fun, and now you have the peace of mind that your wireless network security is keeping your computers safe.
All done! You now know the best steps for setting up a wireless network and configuring strong wireless network security. I hope this information helps you keep your computers and your data safe.
One more note: If setting up wireless network security seems a little overwhelming, and you live in Cheyenne, Wyoming, I can help. Send me a note via my contact form, and I’d be happy to come out and set it up for you. My rates are reasonable.
http://www.sensible-computer-help.com
Home » Archive for December 2008
Nework Hardware
What is Networking Hardware?
Networking hardware includes all computers, peripherals, interface cards and other equipment needed to perform data-processing and communications within the network. CLICK on the terms below to learn more about those pieces of networking hardware.
This section provides information on the following components:
* File Servers
* Workstations
* Network Interface Cards
* Switches
* Repeaters
* Bridges
* Routers
File Servers
A file server stands at the heart of most networks. It is a very fast computer with a large amount of RAM and storage space, along with a fast network interface card. The network operating system software resides on this computer, along with any software applications and data files that need to be shared.
The file server controls the communication of information between the nodes on a network. For example, it may be asked to send a word processor program to one workstation, receive a database file from another workstation, and store an e-mail message during the same time period. This requires a computer that can store a lot of information and share it very quickly. File servers should have at least the following characteristics:
* 800 megahertz or faster microprocessor (Pentium 3 or 4, G4 or G5)
* A fast hard drive with at least 120 gigabytes of storage
* A RAID (Redundant Array of Inexpensive Disks) to preserve data after a disk casualty
* A tape back-up unit (i.e. DAT, JAZ, Zip, or CD-RW drive)
* Numerous expansion slots
* Fast network interface card
* At least of 512 MB of RAM
Workstations
All of the user computers connected to a network are called workstations. A typical workstation is a computer that is configured with a network interface card, networking software, and the appropriate cables. Workstations do not necessarily need floppy disk drives because files can be saved on the file server. Almost any computer can serve as a network workstation.
Network Interface Cards
The network interface card (NIC) provides the physical connection between the network and the computer workstation. Most NICs are internal, with the card fitting into an expansion slot inside the computer. Some computers, such as Mac Classics, use external boxes which are attached to a serial port or a SCSI port. Laptop computers can now be purchased with a network interface card built-in or with network cards that slip into a PCMCIA slot.
Network interface cards are a major factor in determining the speed and performance of a network. It is a good idea to use the fastest network card available for the type of workstation you are using.
The three most common network interface connections are Ethernet cards, LocalTalk connectors, and Token Ring cards. According to a International Data Corporation study, Ethernet is the most popular, followed by Token Ring and LocalTalk (Sant'Angelo, R. (1995). NetWare Unleashed, Indianapolis, IN: Sams Publishing).
Ethernet Cards
Ethernet cards are usually purchased separately from a computer, although many computers (such as the Macintosh) now include an option for a pre-installed Ethernet card. Ethernet cards contain connections for either coaxial or twisted pair cables (or both) (See fig. 1). If it is designed for coaxial cable, the connection will be BNC. If it is designed for twisted pair, it will have a RJ-45 connection. Some Ethernet cards also contain an AUI connector. This can be used to attach coaxial, twisted pair, or fiber optics cable to an Ethernet card. When this method is used there is always an external transceiver attached to the workstation. (See the Cabling section for more information on connectors.)
Fig. 1. Ethernet card.
From top to bottom:
RJ-45, AUI, and BNC connectors
LocalTalk Connectors
LocalTalk is Apple's built-in solution for networking Macintosh computers. It utilizes a special adapter box and a cable that plugs into the printer port of a Macintosh (See fig. 2). A major disadvantage of LocalTalk is that it is slow in comparison to Ethernet. Most Ethernet connections operate at 10 Mbps (Megabits per second). In contrast, LocalTalk operates at only 230 Kbps (or .23 Mbps).
Fig.2. LocalTalk connectors
Ethernet Cards vs. LocalTalk Connections
Ethernet LocalTalk
Fast data transfer (10 to 100 Mbps) Slow data transfer (.23 Mbps)
Expensive - purchased separately Built into Macintosh computers
Requires computer slot No computer slot necessary
Available for most computers Works only on Macintosh computers
Token Ring Cards
Token Ring network cards look similar to Ethernet cards. One visible difference is the type of connector on the back end of the card. Token Ring cards generally have a nine pin DIN type connector to attach the card to the network cable.
Switch
A concentrator is a device that provides a central connection point for cables from workstations, servers, and peripherals. In a star topology, twisted-pair wire is run from each workstation to a central switch/hub. Most switches are active, that is they electrically amplify the signal as it moves from one device to another. Switches no longer broadcast network packets as hubs did in the past, they memorize addressing of computers and send the information to the correct location directly. Switches are:
* Usually configured with 8, 12, or 24 RJ-45 ports
* Often used in a star or star-wired ring topology
* Sold with specialized software for port management
* Also called hubs
* Usually installed in a standardized metal rack that also may store netmodems, bridges, or routers
Repeaters
Since a signal loses strength as it passes along a cable, it is often necessary to boost the signal with a device called a repeater. The repeater electrically amplifies the signal it receives and rebroadcasts it. Repeaters can be separate devices or they can be incorporated into a concentrator. They are used when the total length of your network cable exceeds the standards set for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a star topology with unshielded twisted-pair cabling. The length limit for unshielded twisted-pair cable is 100 meters. The most common configuration is for each workstation to be connected by twisted-pair cable to a multi-port active concentrator. The concentrator amplifies all the signals that pass through it allowing for the total length of cable on the network to exceed the 100 meter limit.
Bridges
A bridge is a device that allows you to segment a large network into two smaller, more efficient networks. If you are adding to an older wiring scheme and want the new network to be up-to-date, a bridge can connect the two.
A bridge monitors the information traffic on both sides of the network so that it can pass packets of information to the correct location. Most bridges can "listen" to the network and automatically figure out the address of each computer on both sides of the bridge. The bridge can inspect each message and, if necessary, broadcast it on the other side of the network.
The bridge manages the traffic to maintain optimum performance on both sides of the network. You might say that the bridge is like a traffic cop at a busy intersection during rush hour. It keeps information flowing on both sides of the network, but it does not allow unnecessary traffic through. Bridges can be used to connect different types of cabling, or physical topologies. They must, however, be used between networks with the same protocol.
Routers
A router translates information from one network to another; it is similar to a superintelligent bridge. Routers select the best path to route a message, based on the destination address and origin. The router can direct traffic to prevent head-on collisions, and is smart enough to know when to direct traffic along back roads and shortcuts.
While bridges know the addresses of all computers on each side of the network, routers know the addresses of computers, bridges, and other routers on the network. Routers can even "listen" to the entire network to determine which sections are busiest -- they can then redirect data around those sections until they clear up.
If you have a school LAN that you want to connect to the Internet, you will need to purchase a router. In this case, the router serves as the translator between the information on your LAN and the Internet. It also determines the best route to send the data over the Internet. Routers can:
* Direct signal traffic efficiently
* Route messages between any two protocols
* Route messages between linear bus, star, and star-wired ring topologies
* Route messages across fiber optic, coaxial, and twisted-pair cabling
Type rest of the post here
Networking hardware includes all computers, peripherals, interface cards and other equipment needed to perform data-processing and communications within the network. CLICK on the terms below to learn more about those pieces of networking hardware.
This section provides information on the following components:
* File Servers
* Workstations
* Network Interface Cards
* Switches
* Repeaters
* Bridges
* Routers
File Servers
A file server stands at the heart of most networks. It is a very fast computer with a large amount of RAM and storage space, along with a fast network interface card. The network operating system software resides on this computer, along with any software applications and data files that need to be shared.
The file server controls the communication of information between the nodes on a network. For example, it may be asked to send a word processor program to one workstation, receive a database file from another workstation, and store an e-mail message during the same time period. This requires a computer that can store a lot of information and share it very quickly. File servers should have at least the following characteristics:
* 800 megahertz or faster microprocessor (Pentium 3 or 4, G4 or G5)
* A fast hard drive with at least 120 gigabytes of storage
* A RAID (Redundant Array of Inexpensive Disks) to preserve data after a disk casualty
* A tape back-up unit (i.e. DAT, JAZ, Zip, or CD-RW drive)
* Numerous expansion slots
* Fast network interface card
* At least of 512 MB of RAM
Workstations
All of the user computers connected to a network are called workstations. A typical workstation is a computer that is configured with a network interface card, networking software, and the appropriate cables. Workstations do not necessarily need floppy disk drives because files can be saved on the file server. Almost any computer can serve as a network workstation.
Network Interface Cards
The network interface card (NIC) provides the physical connection between the network and the computer workstation. Most NICs are internal, with the card fitting into an expansion slot inside the computer. Some computers, such as Mac Classics, use external boxes which are attached to a serial port or a SCSI port. Laptop computers can now be purchased with a network interface card built-in or with network cards that slip into a PCMCIA slot.
Network interface cards are a major factor in determining the speed and performance of a network. It is a good idea to use the fastest network card available for the type of workstation you are using.
The three most common network interface connections are Ethernet cards, LocalTalk connectors, and Token Ring cards. According to a International Data Corporation study, Ethernet is the most popular, followed by Token Ring and LocalTalk (Sant'Angelo, R. (1995). NetWare Unleashed, Indianapolis, IN: Sams Publishing).
Ethernet Cards
Ethernet cards are usually purchased separately from a computer, although many computers (such as the Macintosh) now include an option for a pre-installed Ethernet card. Ethernet cards contain connections for either coaxial or twisted pair cables (or both) (See fig. 1). If it is designed for coaxial cable, the connection will be BNC. If it is designed for twisted pair, it will have a RJ-45 connection. Some Ethernet cards also contain an AUI connector. This can be used to attach coaxial, twisted pair, or fiber optics cable to an Ethernet card. When this method is used there is always an external transceiver attached to the workstation. (See the Cabling section for more information on connectors.)
Fig. 1. Ethernet card.
From top to bottom:
RJ-45, AUI, and BNC connectors
LocalTalk Connectors
LocalTalk is Apple's built-in solution for networking Macintosh computers. It utilizes a special adapter box and a cable that plugs into the printer port of a Macintosh (See fig. 2). A major disadvantage of LocalTalk is that it is slow in comparison to Ethernet. Most Ethernet connections operate at 10 Mbps (Megabits per second). In contrast, LocalTalk operates at only 230 Kbps (or .23 Mbps).
Fig.2. LocalTalk connectors
Ethernet Cards vs. LocalTalk Connections
Ethernet LocalTalk
Fast data transfer (10 to 100 Mbps) Slow data transfer (.23 Mbps)
Expensive - purchased separately Built into Macintosh computers
Requires computer slot No computer slot necessary
Available for most computers Works only on Macintosh computers
Token Ring Cards
Token Ring network cards look similar to Ethernet cards. One visible difference is the type of connector on the back end of the card. Token Ring cards generally have a nine pin DIN type connector to attach the card to the network cable.
Switch
A concentrator is a device that provides a central connection point for cables from workstations, servers, and peripherals. In a star topology, twisted-pair wire is run from each workstation to a central switch/hub. Most switches are active, that is they electrically amplify the signal as it moves from one device to another. Switches no longer broadcast network packets as hubs did in the past, they memorize addressing of computers and send the information to the correct location directly. Switches are:
* Usually configured with 8, 12, or 24 RJ-45 ports
* Often used in a star or star-wired ring topology
* Sold with specialized software for port management
* Also called hubs
* Usually installed in a standardized metal rack that also may store netmodems, bridges, or routers
Repeaters
Since a signal loses strength as it passes along a cable, it is often necessary to boost the signal with a device called a repeater. The repeater electrically amplifies the signal it receives and rebroadcasts it. Repeaters can be separate devices or they can be incorporated into a concentrator. They are used when the total length of your network cable exceeds the standards set for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a star topology with unshielded twisted-pair cabling. The length limit for unshielded twisted-pair cable is 100 meters. The most common configuration is for each workstation to be connected by twisted-pair cable to a multi-port active concentrator. The concentrator amplifies all the signals that pass through it allowing for the total length of cable on the network to exceed the 100 meter limit.
Bridges
A bridge is a device that allows you to segment a large network into two smaller, more efficient networks. If you are adding to an older wiring scheme and want the new network to be up-to-date, a bridge can connect the two.
A bridge monitors the information traffic on both sides of the network so that it can pass packets of information to the correct location. Most bridges can "listen" to the network and automatically figure out the address of each computer on both sides of the bridge. The bridge can inspect each message and, if necessary, broadcast it on the other side of the network.
The bridge manages the traffic to maintain optimum performance on both sides of the network. You might say that the bridge is like a traffic cop at a busy intersection during rush hour. It keeps information flowing on both sides of the network, but it does not allow unnecessary traffic through. Bridges can be used to connect different types of cabling, or physical topologies. They must, however, be used between networks with the same protocol.
Routers
A router translates information from one network to another; it is similar to a superintelligent bridge. Routers select the best path to route a message, based on the destination address and origin. The router can direct traffic to prevent head-on collisions, and is smart enough to know when to direct traffic along back roads and shortcuts.
While bridges know the addresses of all computers on each side of the network, routers know the addresses of computers, bridges, and other routers on the network. Routers can even "listen" to the entire network to determine which sections are busiest -- they can then redirect data around those sections until they clear up.
If you have a school LAN that you want to connect to the Internet, you will need to purchase a router. In this case, the router serves as the translator between the information on your LAN and the Internet. It also determines the best route to send the data over the Internet. Routers can:
* Direct signal traffic efficiently
* Route messages between any two protocols
* Route messages between linear bus, star, and star-wired ring topologies
* Route messages across fiber optic, coaxial, and twisted-pair cabling
Type rest of the post here
Posted
at Monday, December 01, 2008,
2 Comments
Read more
Subscribe to:
Posts (Atom)