Keeping your wireless Internet connection safe and secure

Attached is an article from my ISP that I thought might be useful to members interested in wireless security.

The only points I would add to it are:

1. Get a Software Firewall than allows you to "untrust" the Local Area Connection. This is the same setting users should use in airports with Laptops and there is no good reason IMHO to ever have any other setting for any LAN anywhere.
   
2. On the PSW's for the router find out the maximum size and syntax for the users name and the PSW and use a PSW generator to create them both randomly. Record these on a
   separate media (usb/dvd/cd?) from your PC since you will never be able to remember them nor do you need to very often.

NOTE: Please don't ask me about Mr Steer's quote as it is his not mine. I'm not a wireless expert myself having long since dropped it in favour of hard wired. This post is FYI only and you should do your own work with your own ISP and router providers to secure your LAN. Thank you.

Source: http://www.hispeed.rogers.com/yahoo/spotlight/tech_mate.jsp?id=2008/02/20080229

 

If your router allows you to change the address range, change it from the usual 192.168.0.0/24 or 192.168.1.0/24 to some oddball address range like 192.168.76.0/24. Then you can set up your trusted local network address range and have very little chance of ever encountering a public hot spot with the same address range.

 

Just set allowed MAC addresses (this will reject all others), disable all remote access to router (wireless or HTTP remote) and use WPA2 AES encription for wireless. This should be far enough for anyone.

 

Hi,

Sorry if this is a bit out topic, but is Windows Firewall safe enough to connect using your laptop on Public hotspots (such as airports, university wifi, etc) ?

 

You have to remember to turn off file sharing at both the firewall exception level and as a service on the network adapter. If you forget the Windows XP firewall treats any network as trusted. The Vista firewall is better as it asks you if the new network is to be treated as public of private. Of course, you might not be able to stand Vista.

 

Mike:

I'm not sure your post is OT since we are in a FW forum.

But to answer your question I will imagine myself in a "hot spot" with a real need to turn on the laptop and do something important. (BTW this is IMO true only 1% of the time)

The short answers are:

1. NO for windows xp.
2. and maybe if you have vista.
3. and it depends on your security needs and profile

I say maybe for Vista because you have to turn on the 2 way feature and be able to tune that FW as Diver has told us. There would be way more settings I would work in the vista but enough for now.

I suggest you do some study/research on the forum starting with:

https://www.wilderssecurity.com/showthread.php?t=142036

Then come back with a new thread under FW's and ask more detailed questions.

But of course all that work is up to you.

Good luck and have your data backed up.

 

Thank you for your answers !
I'm using both Vista/XP on my laptop (dual boot setup).

I use wifi hostpost at university everyday, I know about the vulnerabilities and treats regarding XP's filesharing system, however I'm still wondering if I need anything 'better' than XP/Vista built in firewall. I don't need outbound filtering, and I disabled file sharing on network adapter already. Am I still at risk connecting to the hotspots networks ? I'm not sure that windows fw would protect me from all types of inbound attacks, and for that, I need your knowledge

At home I'm using a router with NAT, I guess it's enough already ?

 

Escalader,

Why do you give a flat no to the XP firewall? Are you concerned about outbound?

 

Hi Diver:

Yes, I am concerned for the OP's idea that win xp might be good enough. Plus my classic concern about outbounds in the airport lounges is even greater!

In my technical manual on tweaking win xp there are pages of information that nobody I know ever talks currently about. But users can create exceptions for programs or services.

The Netsh FW command allows users to configure xp's FW. But I've never bothered since I use 3rd party 2 way FW's and as you said win fw is incoming protection only.

 

Hi Stapp:

You are more correct here than I was!

There may be some who do.

Some day I may have to set up a vista 2 way fw to be optimal within it's design parameters but until that day actually comes I'll set the idea aside.

 

Using Windows firewall and disabling file sharing should be adequate. It is possible to secure even further by encrypting sensitive data:

Vista: Business, Enterprise, Ultimate file/folder encryption

XP Pro file/folder encryption

 

Yep, my choice also, plus changing default settings as mentioned in earlier post is also a nice extra threshold.

 

Thank you, Escalader. This thread is very useful for me, and probably for many others as well.

 

Check out this thread here: https://www.wilderssecurity.com/showthread.php?t=176193 in particular the posts from Alphalutra1 (aka "The myth breaker )

 

what i noticed with Wireless Router is very confuised.
I have 30/30 Mbit/s but when i use cable from my Wireless Router to my both 2 PC´s then my speed is 30/30 but when i don´t use cable but only Wireless router then i have something like: 13/20 Mbit/s, what can be the problem do you guys think?

 

very usefull information and from what I understand there are a lot folks out there that do not no most routers are not secure out of the box by default and are broadcasting to the general public.I recently set up a wireless router a couple of weeks ago and reading threads like this that gave me the knowledge of what to check and secure.

 

I wonder what any of you have to say about sharing my wireless key with a neighbor that I don't know very well. What are the risks?

Thanks.

 

1. 
   
   
   This question goes to Escalader : (a little bit off-topic, so my apologies to all)
   
   Does Online Armor FREE, version 2.1.0.131 have this characteristic ?
   I mean, if I am at a public hotspot at the airport and I want to connect my laptop via wireless to that hotspot, Will OA prompt me to select where do I want to place that new connection (Untrusted Zone or Trusted Zone ) .
   
   In ZAP 8.0 I think these settings are called Internet Zone (Not Trusted) and Trusted Zone.
   
   Regards,
   
   Carlos

 

Yes and No.
Giving your neighbor your wireless keys (I am assuming WPA2 keys) is like providing a wire from your router to his house.

So Risk is that, the Neighbor can probably compromise your wireless network. But if you have well configured router (changed SSID,defualt password,default IP, Create WAN partition) the risk is very less.

 

In Windows, when you connect to a wireless hotspot for the first, time it will ask you if type is Home/Private or Public.
For existing connections, you can edit the same from network connections. If you choose public, the network usage will be limited and be untrusted.
Screen shot below:

 

Thank you, vijayind for your response but I was referring to Online Armor firewall 2.1.0.131 ( the FREE version) not the Windows Vista firewall (or the Win XP one for that matter) .

I've never used that firewall (OA free)and I was wondering if it provides protection for wireless connections when you connect to an unsecure wireless network (non WEP, or WPA).

I know SOME firewalls (like ZoneAlarm PRO) promt you to where you want to place a new detected wireless network upon detection, while your laptop wireless card is in the process of acquire an IP Address form that network.

Regards,

Carlos

 

Sorry Carlos, I should have been more specific.

I am referring to Window OS ( not firewall).
In Vista the flow is (for existing connections) :
Start > Control Panel > Networking and Sharing Center > Customize Network

While some firewall allow you to do this also. You can do this in Windows OS and use OA as needed. No firewall that I know of can security in a unsecured wireless network. Since basically you are sending your packets to everyone in clear visibility, what can the firewall do ?

 

Yes, I get your point and I could not agree with you more.

No firewall protects you from sending your data packets in an open wireless network. That is why you need a VPN to take care of that job, although a software firewall may stop instrusions of people who might want to break in to your computer on an open wireless network.


P.S. : I'm still waiting the Escalader's response regarding OA 2.1.0.131 free detecting a protected wireless network and an unprotected one.


Carlos

 

I don't think that my setup technically confirms to WPA2.

To what extent is WPA2 different from WPA-PSK (AES encryption) ?

I believe PSK means that the key is changed every ... amount of time.