Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing Mobile Wireless Users

Status
Not open for further replies.
bfletch

bfletch

MIS
May 3, 2000
167
US
As a network administrator I am getting more and more inidated with questions regarding access to wireless high speed. I have disabled all internal wireless cards for the simple fact of the lack of security. Instead of being bothered by the questions, what steps are recommended in rolling out wireless connection using public wireless access (ie. starbucks, other office buildings, hotels, etc)? I am guessing a software firewall on the workstation side, but every one I have worked with is very vague on what you can allow or not allow to connect to the internet or your computer.

Any suggestions would be greatly appreciated.
 
Sort by date Sort by votes
I am with you Ken. I get a google search and it says didn't return with anything.

Thanks.
 
Upvote 0 Downvote
 
Upvote 0 Downvote
Thanks for the reading material. My main question is how would you keep your workstation secure. I am sure there are many people sitting in public hotspot waiting to hack into your computer. What precautions are there to protect yourself. In short, if the user of the wireless laptop is illiterate with a computer, what does that person need to be protected.

Thanks.
 
Upvote 0 Downvote
I'm certainly no expert in this as i only went wireless a couple of weeks ago, but here are a few do's and dont's that i have come across since then. If I get anything wrong then please feel free to correct me anyone.

Don't worry about not Broadcasting your SSID. You will see a number of posts recommending not broadcasting this but Microsoft themselves do not recommend this at all - quite the opposite. When you set up your system it will most likely have a default SSID (An ID for your system) such as linksys, belkin54g, default etc. It makes sense to change this to something else if for no other reason so that it's easy to distinguish from any other networks you may pick up. If you don't broadcast your SSID then your laptop may try and logon to other networks instead of yours and simply time out with a failed connection.

Do apply a password to the link that you will be given that gets you to your Base Station setup. For example, I have to go to Internet Explorer, type in 192.168.99.1 (Example) and up will pop a login screen where i put in a userid (supplied in your documentation) and then optionally a password. If you don't password protect it then somebody else can potentially access it and make changes and even lock *you* out.

Do use MAC filtering if you have it. MAC = Media Access Control and is like an ID for your kit. The gist of this is that you can tell your Base Station to only allow specific IDs to connect to it. It's usually an option you can find in the Base station configuration. This means that even if you didn't use any form of encryption then it is unlikely that someone else could log on because you have not allowed their MAC access. Now I only say unlikely because it is possible to detect one of your existing MACs and then spoof your network into thinking the rogue machine had an allowable MAC - Not something a casual drive by would do, but a good start at security.

Do use the strongest form of encryption you can without any problems. There are two real types, WEP and WPA

WEP stands for 'Wired Equivalent privacy', and WPA stands for Wi-Fi Protected Access. WEP was the original form of protection designed for wireless networks, but whilst it will deter casual attacks or unauthorised access attempts ther is in fact a documented flaw that a competent hacker will be able to use to get into your network if really determined.

WPA is a far stronger more secure protocol, although it has been hacked, but I shouldn't worry too much as they would have to drive a huge truck with a number of PCs up outside your house for some time to be able to stand a chance at getting in.

Each of these are usually options in the Base Station configuration and will require the user to enter a passkey or passphrase in much the same way as logging on to a machine. You then set the laptop or other wireless client up with the necessary info such that it can automatically connect to your network.

I broadcast my SSID, use MAC filtering combined with WPA encryption and feel quite safe here at home ( at the moment <g> )

Hopefully that helps somewhat.

Regards
Ken...................

----------------------------------------------------------------------------
[peace]It's easier to beg forgiveness than ask permission[2thumbsup]
---------------- Click here to help the tsunami victims ----------------

 
Upvote 0 Downvote
Hmmm - should have made the MAC filtering clearer. I have two laptops that I use, and each has it's own cardbus adapter. Each adapter had it's own MAC or ID (Very long alphanumeric string printed on each adapter). When I set up my Base Station via Internet explorer as above, I told it to only allow these two specific MAC IDs by typing them into an 'allowed to connect' list.

Regards
Ken............

----------------------------------------------------------------------------
[peace]It's easier to beg forgiveness than ask permission[2thumbsup]
---------------- Click here to help the tsunami victims ----------------

 
Upvote 0 Downvote
Maybe I am in left field here. I am not trying to setup a wireless access point for users to connect to. My case is like this:

I am traveling. Using Cisco to VPN when I have access to high speed. The high speed I have available happens to be at a the Double Tree hotel for example. I am trying to prevent someone in the room next door from hacking into my computer.

What software would I need to achomplish this. Keep in mind the user is very computer illiterate and may not know what he could or could not be blocking if he used a program such as Zone Alarm.

Thanks.
 
Upvote 0 Downvote
It specificly spoke of XP. All of my users are using 2K and like most people, Microsoft is the first thing with known vulnerabilities or it is in best practices to use more than one means of protection. With all that aside, if I don't plan on installing XP on all of my traveling workstations, what other options are out there as well as added security to existing XP boxes running SP2?

Thanks.
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ntue
  • Locked
  • Question
Mikrotik Bulk Users Setup
Replies
1
Views
1K
loki88
loki88
sartechy
  • Locked
  • Question
Mobile Data or Pocket WiFi? 1
Replies
3
Views
501
teknance
teknance
smittywes38
  • Locked
  • Question
Unable to print to wireless printer connected to VPN
Replies
0
Views
144
smittywes38
smittywes38
DenisTz
  • Locked
  • Question
Wireless Management software
Replies
0
Views
162
DenisTz
DenisTz
DrJorde
  • Locked
  • Question
No wireless receiver detected on your computer message after plugging in a USB3 1
Replies
3
Views
524
DrJorde
DrJorde

Part and Inventory Search

Sponsor

Back
Top