Configuring your Home Wireless Network Configuring your Home Wireless Network Adapted from Presentation at APCUG By Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM Presented by Lou Koch March 14, 2006

Questions How many of you have more than one computer at home? How many of you connect to the Internet using broadband (Cable or DSL) How many already have a home router? Already have a wireless router? For those who have not already done so, we will show you how to install a WLAN tonight. More critically we will discuss ways to secure your wireless network

Agenda Connecting things together Home network - terminology Security – Firewalls, Filtering, etc Setting up a home router Setting up Print and File Sharing Questions

Home Network Internet – ISP Wire to homeModem Translates electronic dataRouter Disperses electronic data Network Adaptor Required for each Computer Wired NIC (network interface card) or ethernet card Wireless Wireless Adaptor

Network One or more devices connected together To the Internet with a router To each other in order to share Resources: Internet Connections Sharing Files Sharing Printers WAN, LAN, WLAN, PAN WAN – Wide Area Network … many computers, locations LAN – Local Area Network … few computers, 1 location PAN – Personal Area Network … home network WLAN – Wireless Local Area Network

Wireless Wireless Networking Standards a, b, and g a, b, and g configuration specifications to insure compatibility Different speed/range capabilities Equipment conforming to “g” is most popular/available Equipment conforming to “g” is most popular/available Good for feet … in a house General rule – don’t mix equipment made to different standards General rule – don’t mix equipment made to different standardsBluetooth Standard which is often used for peripheral devices Standard which is often used for peripheral devices Printers, scanners, cell phones, etc Short range (10 ft), high speed

What is a Cable/DSL Modem Modem (modulator/demodulator) encodes/decodes information transmitted to the internet encodes/decodes information transmitted to the internet Usually provided and controlled by your ISP Connects your home to the Internet. This is the device that gets your public IP (internet protocol) address Normally has no firewall protection

What is a Router Connects one network to another … Sometimes called a “Gateway” Connects your computer to the internet (cable modem or DSL Line) – keeps LAN traffic local Routers keep track of IP addresses and physical (MAC) addresses of hosts IP (Internet Protocol) address … your computers internet address IP (Internet Protocol) address … your computers internet address MAC (Media Access Control ) … id for each physical communication device MAC (Media Access Control ) … id for each physical communication device

What is an Access Point A point where computers access a network Device which links wireless users to network Device which links wireless users to network Transmits and receives data (Transceiver) Transmits and receives data (Transceiver) Bridge between wireless and wired networks Bridge between wireless and wired networks Can be linked together to cover broad area No security or firewall implemented

What is a Firewall A device that filters packets of data or traffic Its job is to be a traffic cop You configure the firewall: What will allow to pass What will allow to pass What will it block What will it block Hides your home network from the outside world Can be either in hardware or software Most popular routers for home have built in firewall protection

What Does a Firewall do? They: Protect your home computer from the bad guys Keep your information private Make you less of a target By: Stopping viruses Hiding your computer from the world Making the bad guys work harder to get your info

Firewall Protection 1.Checks incoming traffic from the network before it gets to your home network …. default – Blocks all Incoming connections 2.Traffic leaving your home network … default - Allow all outbound connections 3.Hardware firewalls protect you home network by stop all traffic before it get to your computers 4.Personal software firewall on your computer blocks incoming and outgoing (lets you know what is leaving your computer) Firewall Home Network Internet

Hardware Firewall Routers The idea is layers of protection Examples of home combo units include Belkin Belkin (we will demo tonight) Dlink Dlink Dlink Linksys Linksys Linksys Netgear Netgear Netgear

Software Firewalls Adding a second level of protection Controlling what leaves your computer By being aware of application level attacks By allow you to schedule Usage of the internet by time (control access at night) Usage of the internet by time (control access at night) By location (block content for young children) By location (block content for young children)

Software Firewalls for Home Use Examples Zone Alarm (Free) Zone Alarm (Free) Zone Alarm Zone Alarm McAfee Firewall McAfee Firewall McAfee Firewall McAfee Firewall Symantec’s Norton Personal Firewall Symantec’s Norton Personal Firewall Symantec’s Norton Personal Firewall Symantec’s Norton Personal Firewall Computer Associates with Firewall (free) Computer Associates with Firewall (free) Computer Associates with Firewall (free) Computer Associates with Firewall (free) Windows Firewall in XP Service Pack 2 (free) Windows Firewall in XP Service Pack 2 (free)

Configure Wireless Firewall/router Overview 1.Basic Settings … name, ip address, etc Check for firmware updates 2.Set Account name and password Change name and password … don’t used default 3.Wireless Settings SSID broadcast … make sure that remote computers are set to automatically connect Do not enable DMZ Do enable ping blocking 4.Security - Blocking and Filtering Wireless Security encryption MAC filtering 5.Back up settings

Basic Settings and Info Run Install CD that comes with router Basic info will be automatically entered or requested Basic info will be automatically entered or requested To change info: For Belkin the default IP address is For Belkin the default IP address is Other manufacturers use different ip addresses (later slide) Enter this into address bar Enter this into address bar Setup page will be displayed Setup page will be displayed Firmware - software that is embedded in a hardware device softwareembeddedhardware softwareembeddedhardware Updated occasionally by manufactures Updated occasionally by manufactures Check whenever you access router Check whenever you access router

Account Name Change name Default name is set by manufacturer … eg, Belkin54 Default name is set by manufacturer … eg, Belkin54 Bad guys know defaults and default administrative passwords Bad guys know defaults and default administrative passwords Create Administrative Password Use Strong Password Use Strong Password Record your password where you can find it so you can make changes

Default Info Router default info is easily available on internet for consumers … and the bad guys eg eg nd_Passwords.htm nd_Passwords.htm So Change Name and Password MfgDefault IPUser NamePassword Belkin adminblank D-link adminblank Linksys blankadmin Netgear adminpassword

Passwords Your computer password is the foundation of your computer security No Password = No Security Old Passwords & Same Password = Reduced Security Set and change the “administrator” password on router (and your computer logon) STRONG PASSWORD … 6-8 digit passwords use upper, lower case, numbers and symbols use upper, lower case, numbers and symbols

Wireless Settings SSID - service set identifier name given to your wireless network name given to your wireless network Broadcasting this ID makes network visible to PCs in area Broadcasting this ID makes network visible to PCs in area can be turned off so it will not be detected by other PCs in area Be sure to set up your own pc to automatically detect and logon to your WLAN DMZ – allows you to select a PC to access WLAN outside the firewall allows you to select a PC to access WLAN outside the firewall do not enable unless firewall interferes with some activity do not enable unless firewall interferes with some activity Ping Blocking –troubleshooting tool Signal sent and echo received indicates valid ip address Signal sent and echo received indicates valid ip address Used by hackers to find active computers Used by hackers to find active computers Enable ping blocking … won’t send echo back Enable ping blocking … won’t send echo back

Security Blocking and Filtering Encryption – coding transmissions Multiple variations. 2 most common: Multiple variations. 2 most common: WPA-PSK … Wireless Protected Access (Pre-shared key) Use same password for all computers Use same password for all computers Preferred Choice Preferred Choice WEP … Wired equivalent privacy 64 or 128 bit encryption … doesn’t matter 64 or 128 bit encryption … doesn’t matter Enter Password … converts to hex code Enter Password … converts to hex code Must enter hex code 2 nd Choice (if WPA not supported) 2 nd Choice (if WPA not supported)

MAC Filtering MAC address … Media Access Control address Unique ID permanently attached to each communication device by manufacturer – hardware id Unique ID permanently attached to each communication device by manufacturer – hardware id Can find MAC address: run  cmd  ipconfig/all Can find MAC address: run  cmd  ipconfig/all Enter MAC addresses of acceptable network clients If address is not on filter list, access to network will be denied If address is not on filter list, access to network will be denied Very effective security method Very effective security method

RECAP Steps to protect your wireless network 1.Change the default password on your router 2. Enable WPA(PSK) or WEP on router and wireless workstation 3.Use MAC address filtering 4.SSID broadcast off 5.Prohibit Peer-to-peer (Ad Hoc) networking 5. Keep current on hardware bios upgrades

Print and File Sharing Overview Print and File Sharing: Useful, but Risky if all computers are not secure Useful, but Risky if all computers are not secure Setting up Network for Printer and File sharing 1. Interface card Set Interface card to allow Set Interface card to allow 2. Each computer in network Make sure each computer is part of network Make sure each computer is part of network 3. Printer Make sure that Print sharing is allowed for printer Make sure that Print sharing is allowed for printer Load appropriate print drivers on each computer Load appropriate print drivers on each computer 4. Firewall Settings Reset network IP range to trusted zone Reset network IP range to trusted zone 5. Place files to share in “Shared Documents” folder

Print and File Sharing Details (1) Be sure WLAN is working and secure Interface card Start  connect to  NIC or WLAN card  properties Start  connect to  NIC or WLAN card  properties Check “File and Printer sharing on Microsoft Networks” Repeat for all PCs on Network Printer Start  Printers and Faxes  shared printer Start  Printers and Faxes  shared printer Select properties  sharing  check “share this Printer)

Print and File Sharing Details (2) Firewall Be sure WLAN IPs are allowed in Firewall for all PCs Be sure WLAN IPs are allowed in Firewall for all PCs Zone Alarm Zone Alarm  Firewall  zones  add  IP range   Firewall  zones  add  IP range  Network ID for each computer Under My Computer  Properties  Computer name Under My Computer  Properties  Computer name Click Change and add WLAN name as Workgroup Shared Documents Folder for each computer Any files in the Shared Documents folder will be accessible from all computers Any files in the Shared Documents folder will be accessible from all computers

Questions