Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Wireless Home Networking for Dummies - Danny Briere, Walter R.Bruce, ....pdf
7.45 Mб

184 Part III: Installing a Wireless Network

No security at all!

The vast majority of wireless LAN gear (access

that up to 60 percent of all access points that

points, network cards, and so on) is shipped to

they encounter have no security methods in

customers with all the security features turned

place at all.

off. That’s right: zip, nada, zilch, no security at all.

Now, we should add that some people pur-

Just a wide-open access point, sitting there

posely leave their access point security off

waiting for anybody who passes by (with a Wi-

in order to provide free access to their neigh-

Fi–equipped computer, at least) to associate

borhoods. (We talk about this in Chapter 16.) But

with the access point and get on your network.

we find that many people don’t intend to do this


Now this isn’t a bad thing in and of itself; initially

but have done so unknowingly. We’re all for

configuring your network with security features

sharing, but keep in mind that it could get you in

turned off and then enabling the security features

trouble with your broadband provider (who

after things are up and running is easier than

might cancel your line if you’re sharing with

doing it the other way ’round. Unfortunately,

neighbors). If you don’t want other people on

many people never take that extra step and acti-

your network, take the few extra minutes that it

vate their security settings. So a huge number of

takes to set up your network security. You can

access points out there are completely open to

test your network — to make sure WEP is really

the public (when they are within range, at least).

enabled — by using a program like Network

Folks who’ve spent some time wardriving (which

Stumbler (which we discuss at length in

we describe in this chapter’s introduction) say

Chapter 16).



No network security system is absolutely secure and foolproof. And, as we discuss in this chapter, Wi-Fi networks have some inherent flaws in their security systems, which means that even if you fully implement the security system in Wi-Fi (WEP), a determined individual could still get into your network.

We’re not trying to scare you off here. In a typical residential setting, chances are good that your network won’t be subjected to some sort of determined attacker like this. So follow our tips, and you should be just fine.

Assessing the Risks

The biggest advantage of wireless networks — the fact that you can connect to the network just about anywhere within range of the base station (up to 300 feet) — is also the biggest potential liability. Because the signal is carried over the air via radio waves, anyone else within range can pick up your network’s signals, too. It’s sort of like putting an extra RJ-45 jack for a wired LAN out on the sidewalk in front of your house: You’re no longer in control of who can access it.

Chapter 10: Securing Your Wireless Home Network 185

General Internet security

Before we get into the security of your wireless LAN, we need to talk for a moment about Internet security in general. Regardless of what type of LAN you have — wireless, wired, a LAN using powerlines or phonelines, or even no LAN — when you connect a computer to the Internet, some security risks are involved. Malicious crackers (the bad guys of the hacker community) can use all sorts of tools and techniques to get into your computer(s) and wreak havoc.

For example, someone with malicious intent could get into your computer and steal personal files (such as your bank statements that you’ve downloaded using Quicken) or mess with your computer’s settings . . . or even erase your hard drive. Your computer can even be hijacked (without you knowing it) as a jumping off point for other people’s nefarious deeds; as a source of an attack on another computer (the bad guys can launch these attacks remotely using your computer, making them that much harder to track down); or even as source for spam e-mailing.

What we’re getting at here is the fact that you need to take a few steps to secure any computer attached to the Internet. If you have a broadband (digital subscriber line [DSL], satellite, or cable modem) connection, you really need to secure your computer(s). The high speed, always-on connections that these services offer make it easier for a cracker to get into your computer. We recommend that you take three steps to secure your computers from Internet-based security risks:

Use and maintain antivirus software. Many attacks on computers don’t come from someone sitting in a dark room, in front of a computer screen, actively cracking into your computer. They come from viruses (often scripts embedded in e-mails or other downloaded files) that take over parts of your computer’s operating system and do things that you don’t want your computer doing (like sending a copy of the virus to everyone in your e-mail address book and then deleting your hard drive). So pick out your favorite antivirus program and use it. Keep the virus definition files (the data files that tell your antivirus software what’s a virus and what’s not) up to date. And for heaven’s sake, use your antivirus program!

Install a personal firewall on each computer. Personal firewalls are programs that basically take a look at every Internet connection entering or leaving your computer and check it against a set of rules to see whether the connection should be allowed. After you’ve installed a personal firewall program, wait about a day and then look at the log. You’ll be shocked and amazed at the sheer number of attempted connections to your computer that have been blocked. Most of these attempts are relatively innocuous, but not all are. If you’ve got broadband, your firewall might block hundreds of these attempts every day.

We like ZoneAlarm — www.zonelabs.com — for Windows computers, and we use the built-in firewall on our Mac OS X computers.

186 Part III: Installing a Wireless Network

Turn on the firewall functionality in your router. Whether you use a separate router or one integrated into your wireless access point, it will have at least some level of firewall functionality built in. Turn this function on when you set up your router/access point. (It’ll be an obvious option in the configuration program and might well be on by default.) We like to have both the router firewall and the personal firewall software running on our PCs. It’s the belt-and-suspenders approach, but it makes our networks more secure.

In Chapter 12, we talk about some situations (particularly when you’re playing online games over your network) where you need to disable some of this firewall functionality. We suggest that you do this only when you must. Otherwise, turn on that firewall — and leave it on.

Some routers use a technology called stateful packet inspection firewalls, which examine each packet (or individual group) of data coming into the router to make sure that it was actually something requested by a computer on the network. If your router has this function, we recommend that you try using it because it’s a more thorough way of performing firewall functions. Others simply use Network Address Translation (NAT, which we introduce in Chapter 2 and further discuss in Chapter 16) to perform firewall functions. This isn’t quite as effective as stateful packet inspection, but it does work quite well.

There’s a lot more to Internet security — like securing your file sharing (if you’ve enabled that) — that we just don’t have the space to get into. Check out Chapter 11 for a quick overview on this subject. To get really detailed about these subjects, we recommend that you take a look at Home Networking For Dummies, by Kathy Ivens (Wiley Publishing, Inc.) for coverage of those issues in greater detail.

After you’ve set up your firewall, test it out. Check out this great site that has a ton of information about Internet security: www.grc.com. The guy behind this site, Steve Gibson, is a genius on the topic, and he’s built a great tool called ShieldsUP!! that lets you run through a series of tests to see how well your firewall(s) is working. Go to www.grc.com and test yourself.

Airlink security

The area that we really want to focus on in this chapter is the aspect of network security that’s unique to wireless networks: the airlink security. In other words, these are the security concerns that have to do with the radio frequencies being beamed around your wireless home network.

Traditionally, computer networks use wires that go from point to point in your home (or in an office). When you’ve got a wired network, you’ve got physical control over these wires. You install them, and you know where they go. The physical connections to a wired LAN are inside your house. You can

Chapter 10: Securing Your Wireless Home Network 187

lock the doors and windows and keep someone else from gaining access to the network. Of course, you’ve got to keep people from accessing the network over the Internet, as we mention in the previous section, but locally it would take an act of breaking and entering by a bad guy to get on your network. (Sort of like on Alias where they always seem to have to go deep into the enemy’s facility to tap into anything.)

Wireless LANs turn this premise on its head because you’ve got absolutely no way of physically securing your network. Now you can do things like go outside with a laptop computer and have someone move the access point around to reduce the amount of signal leaving the house. But that’s really not going to be 100 percent effective, and it can reduce your coverage within the house. Or you could join the tinfoil hat brigade (“The CIA is reading my mind!”) and surround your entire house with a Faraday cage. (Remember those from physics class? Us neither, but they have something to do with attenuating electromagnetic fields.)

Some access points have controls that let you limit the amount of power used to send radio waves over the air. This isn’t a perfect solution (and it can dramatically reduce your reception in distant parts of the house), but if you live in a small apartment and are worried about beaming your Wi-Fi signals to the apartment next door, you might try this.

Basically, what we’re saying here is that the radio waves sent by your wireless LAN gear are going to leave your house, and there’s not a darned thing that you can do about it. Nothing. What you can do, however, is make it difficult for other people to tune into those radio signals, thus (and more importantly) making it difficult for those who can tune into them to decode them and use them to get onto your network (without your authorization) or to scrutinize your e-mail, Web surfing habits, and so on.

You can take several steps to make your wireless network more secure and to provide some airlink security on your network. We talk about these in the following sections, and then we discuss some even better methods of securing wireless LANs that are coming down the pike.

Introducing Wired Equivalent

Privacy (WEP)

The primary line of defense in a Wi-Fi network is Wired Equivalent Privacy (WEP). WEP is an encryption system, which means that it scrambles — using the encryption key (or WEP key, in this case) — all the data packets (or individual chunks of data) that are sent over the airwaves in your wireless network. Unless someone on the far end has the same key to decrypt the data,