Taikon said:
I need some advice or pointers with setting up a decent
level of security on my wireless network with 1 wired
connection. I am using a linksys cable router 4 port
ethernet and a wireless accesspoint that is also linksys.
It seems that every time I set up some security I miss
some minute detail and get either locked out or lose
massive amounts of data. I espescially need to secure the
wireless part because I would like to setup a server that
would serve installation cds and things like cfg, recovery
disks and a few other things. Can anyone offer some
pointers for a novice when it comes to wireless security?
As for security:
1. Use your wired PC to control the router, so that you can
easily recover if you break your wireless segment.
2. Set up your network, wired and wireless, without any
security. Then add security bits, one at a time, to a
network that you know is stable.
3. If your router and all wireless clients support WPA, use
that; if not but if they all support 104/128-bit WEP, use
that; if not but if they all support 40/64-bit WEP, use
that; if they don't support WEP, trade them in. (In fact, if
your data is really sensitive, you may want to trade up to
equipment that supports WPA.) Remember to change the WPA/WEP
key; monthly for light home use or weekly for heavy home use.
4. If the set of wireless clients is stable, use MAC filtering
to block unknown clients from accessing your wireless segment.
On the BEFW11S4, under the Wireless tab, Enable the Station
MAC Filter, then Edit the MAC Filter table: enter the MAC
address of each wireless client, but *DO NOT* check the Filter
box, as checking that box disables that MAC address and you want
to enable those (and only those) MAC addresses. To find the
MAC address on a XP PC, Run CMD, then type IPCONFIG/ALL in the
CMD window.
5. Change the password on the router, and change it again from
time to time. The PW is case-sensitive, and should not be
easily guessed by somebody who knows you (not your dog's name,
not your phone number, etc.). Every PW should contain a mix
of upper and lower case, numbers, and punctuation.
6. Not a security issue, but for ease of use, enable DHCP server on
the router and set each client, wired and wireless, to be a
DHCP client. If the number of clients is stable, you can limit
the number of IPAs issued by the DHCP server. Alternatively,
you can set static IPAs for each client, but make sure they are
all in the same IP subnet (e.g., IPA=a.b.c.d, where a.b.c are
the same for all and the d's are unique).
7. On each wired and wireless client, install a software firewall:
ZoneLabs offers a couple of good ones (including one freebie).
Disable ICF on all XP PCs, since ICF will inhibit file and
printer sharing. Also, on each client, install an AntiVirus
app; I use and like eTrust, I also use Norton, and I have used
a couple of others; whatever you get, use it regularly and update
its def's often. Depending on how you use the 'net, you may want
an app to sweep for Spyware: I use both AdAware and SpyBot.
8. On each OS, use the tools provided to protect your data from
unauthorized access. XP PRO has good tools (ACLs) that are
rather complicated for a novice; XP HE and W9x have rather
simple tools. If your data is sensitive and you use anything
but XP PRO or W2K/W2K+3 server), you may want to look for
some third-party data encryption apps. The primary security tool
for PCs in an open environment is the password; think about a
PW policy that matches your security concerns.
If you have data that matters, then you should backup that data.
XP includes a backup app that is rather limited; IIRC, it is
installed by default on XP PRO but not on XP HE; it is on the XP CD
iff you have a real (OEM or retail) XP CD, but it is not on most of
the "Recovery" CDs that hardware vendors tend to include with PCs.
Regardless of which backup app you choose, give serious thought to
what files you want to backup (XP is not well-structured for this),
then write down procedures for backup and restore, and *test* those
procedures on a different HD.
If you plan to use a wireless segment to transfer large files,
do not expect to achieve transfer rates anywhere near the peak
bandwidth of the wireless equipment. 802.11b has a peak rate of
11 MMb/s, (MarketingMegabits/second), but the STR (Sustained
Transfer Rate) for file copies is way slower. Transferring
folders full of small files is even slower, and transferring
files from one wireless client to another is slower than copies
between a wireless and a 100bTX wired client on the same router.
My apologies for rambling on; this did get rather long.
