Is my wireless network safe from prying eyes?

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
19,847
Location
Lincoln, RI
Business
Get The Picture
(topic being introduced for discussion based on the Technology Poll results at THIS LINK )


Wireless Security Tips For Your Shop or Home
10/28/2004 Mike Labbe www.getthepictureframing.com

If you use wireless networking technology in your shop, you may be a target for hackers or individuals who may want to harvest your customer and/or financial data.

I was surprised when I turned on my laptop one day, in the comfort of my living room, and found a list of 3 available networks. It turns out one was my network and the other two were neighbors on a different street. The individuals left their wireless equipment with the default settings and were broadcasting their shared drives and printers to the entire neighborhood. The neighbors were equally surprised when I brought it to their attention.

This scenario is very common. In fact, as many as 80% of all wireless networks are easy prey because they have absolutely no security and the default factory settings were never changed. I personally think this is a serious problem. If you don't believe me, try downloading the free utility called NETSTUMBLERhttp://www.stumbler.net or VISTUMBLER. You might be surprised to find a half dozen or more unsecured networks. Please don't access any of the networks because that might be considered illegal.

Security precautions to take if you have wireless deployed in your shop or home:

- Change the default password on your router. This will prevent customers, employees, or hackers from removing security that is already in place (firewall, encryption, etc). What if someone posing to view your art database was actually logged in to your router, removing security so they could later come back at night with a laptop and harvest your entire customer base and pricing data from the parking lot/car?

- Upgrade the firmware in your router. All router manufacturers periodically upgrade the software in the routers, and it's upgraded in about a minute through their web page. These important updates are released to improve performance and fix security problems. ( http://www.linksys.com/download/ http://kbserver.netgear.com/main.asp http://www.dlink.com )

- Enable wireless security/encryption and assign a key. This is a setting in the router. I suggest choosing the newer 'WPA2' encryption. It will then let you assign an access "key" (password). In order to use your network, each PC will be prompted for this secret key one time. This is perhaps the most important precaution to take when securing your network, to keep unauthorized folks out.

Note: It is best NOT to use 'WEP' encryption. This older encryption method has been broken, and it would take a hacker less than a minute to break through this layer of security. There are various utilities out there which claim to break through this layer of security in "6 to 30 seconds".

- Change the default SSID name of the router and turn SSID broadcasting OFF. When a hacker sees "NETGEAR" or "LINKSYS" broadcasted, they assume you didn't care enough to set it up properly - and probably have lax security. In addition, it can get confusing if there are multiple networks in range with the same name. Select a unique name. Turning off the SSID broadcasting will discourage most accidental connections, although there are utilities out there to find networks even with this option turned off.

- Enable the "Wireless Mac Filter" option in your router, and enter all of your machines in the table as the only machines permitted to access your network. MAC means "Media Access Control address", not to be confused with Apple Mac computers. Each computer on your network will have a unique 12 digit MAC address. Although there are hacking utilities out there to monitor wireless packets and "spoof" a known mac address, it's unlikely that a novice would get around this security block - especially when combined with the other suggestions in this article.

- Password Protect Shared Drives. If you are running a server inside your shop, take advantage of the security offered by your server software. Often shared drives can be assigned a password, and you can limit which folder(s) are shared through your network. (ex: Just the POS folder, not Quicken or your personal documents.)

I suggest trying these improvements from a machine that is HARDWIRED to your router, so you don't accidentally lock yourself out during the configuration.

The best way to secure your network and have the fastest performance is with a traditional hard wired approach. While wireless is ok for internet access, it's not very good when using a POS system or database that requires higher bandwidth to communicate with your server. Wireless networks are susceptible to interference from other nearby networks, microwave ovens, garage door openers, cordless telephones, rc toys, etc. Such interference can cause disconnections, slow speed, or file corruption.

Wireless technology is easily hacked, and there's no single way to secure it properly. The best way to minimize problems is to use a multi-prong approach that includes changing the router's default password, upgrading the router's firmware, adding WPA2 security with an encryption key, putting passwords on shared drives, turn off the SSID broadcast flag, and turn on MAC FILTERING in your router so it will only communicate with a list of known computers.

=========

Discussion welcomed.

These opinions and advice are provided without warrantee. I hope you find them helpful, but please use them at your own risk. If you have questions, feel free to contact by email.
 
Last edited:
When my brother was a teenager, he said he and his friends used to drive around with a garage door opener just to see what doors they could open. They were mischevious, but not crooks. They weren't stealing lawnmowers or anything, just doing it becuase they could...

I talked to my teenage son the other day and relayed my brothers story. He said the big thing now for kids to do is drive around and hack into peoples wireless networks. Thankfully he told me he's got better things to do with his time.

The above information is timely, important and appreciated.

Dave Makielski
 
I was working in construction in the early years, (when I had a strong back). And we were doing finish woodwork.

The first morning we showed up with the new home owners garage door opener. Imagine our surprise when we pushed the button and 128 garage doors opened in salute. Evidently the contrator had dialed up the reception on all units and they came all set to the same code so he just had to open all at once to start the day of work. LOLSHIFD.

Thanks Mike, my tweaky is here now installing our WiFi for the house. He looked it over and was pleasantly pleased that you had covered all the areas that he was dreading going over with me.....
HEY! I'm not a Ludite, I'm knot, I'm knot, I'm knothead.
 
It's amazing how many wireless networks exist in this part of the country, and how many are COMPLETELY unsecured. It has to be in the 80% range.

A friend and I drove by a large mall in Providence the other day, (while on route 95) and it picked up about 15-20 networks in the mall. He was on the internet researching stereo equipment while we were on way to Best Buy, and the laptop alerted him of new available networks. Only 4 of them were partially secure. I assume they were POS systems, because they had the names of the stores broadcasted with the unsecured networks.

I named our shop network with the name of a business about 1/3 of a mile away. If someone is driving by and finds it, they'll (hopefully) head the wrong direction to get a better signal.

Did anyone make any (shop or home) changes to their wireless security as a result of this info? I hope it was useful.

Mike
 
Hi Mike,

Yes, this is very interesting; especially since Verizon has recently introduced DSL service in a few sections of town. Residential customers get it for $30/month with a free wireless modem/router if self-installed. Business customers $40/month, no modem but small rebate.

I would definitely change any/all settings and the idea to use a competitor's name is genius. The process is much easier when someone puts the process into simple terms and makes reading the manuals much easier. THANKS. I'd be concerned that if left with default settings that someone would make the argument that my wireless network with default settings was considered public.

Now if I could only convince the local wireless internet provider that his Motorola Canopy system would work 1 mile greater than spec since I can see his two transmitting towers and knowing that Motorola has historically been very conservative with their RF spec. Enabling a repeater at my location would allow service into a relatively affluent area that has a large hill/small mountain blocking the two transmitter sites. It would take very little time to take signal strength measurements and test the throughput, but so far they just want to quote spec and not see the potential even at reduced throughput.
 
>Rick: I'd be concerned that if left with default settings that someone would make the argument that my wireless network with default settings was considered public.

That's a very interesting argument, as is the "Airwaves are free and came on to my property" argument.

It's alarming that so many fail to take a few minutes to set these up properly. It's a gamble who might be stealing or viewing your customer, financial, & pricing databases.

I had some really GOOD email inquiries that came from this message/article, and only wish they were posted here instead.

One question I was asked is if routers have the ability to filter what employees are allowed to do with regard to the internet. Most routers DO have the ability to restrict certain services (aol instant messenger, online game sites, file trading networks, porn, as examples) You can do it globally or just for certain machines, such as the front counter. In addition, you can often limit the HOURS & DAYS these rules apply.

If anyone thinks they might be at risk, and needs assistance, fire away.

Mike
 
Mike, you're always so helpful and I'm always amazed at how much I don't know, even much of the elementary stuff. Until you brought this up, I didn't give security much of a thought. However...

yesterday, our son brought over his laptop (working while Thanksgiving-ing). He's equipped with a wireless card and easily found someone else's connection to use. Apparently, someone in our neighborhood has one and I could use it?? See what I don't know. One of the connections was password protected, but two weren't.

Also, I had one of the babies last Monday. Put her down, went to the kitchen, turned on the baby monitor, and found myself listening to an animated conversation between two thirty-somethings. They were chatting away about getting up to the airport early Wednesday to avoid the crowds. Wow. What if they'd been talking to their banker or broker. I quickly turned it off and reminded myself that F-bombs liberally sprinkled about in a phone visit just may be heard by unsuspecting ears!


Wonder whether it was cordless or cell technology.
 
Isn't it amazing? Your son probably had full access to their internet connections and shared files. There are a LOT of unsecured networks out there.

What you heard was probably another baby monitor or a cordless phone from a neighbor.

Ironically, wireless networks share some of the same frequency range too. They have been known to conflict with wireless phones and can be adjusted to one of about 13 channels. (2.412GHz - 2.472GHz)
 
A recent Grumble survey showed 9% of Grumbler's use wireless networking in their shops, and of those *46%* had absolutely NO security protection. A competitor or hacker could literally sit in your parking lot with a laptop and capture (or erase) your POS system data/customer list/pricing formula/documents/payroll, violate your customer's confidentiality, grab your quicken data, etc.

Bumped to top, in case it will help even one person secure their shop or home network.

This is important, if you have a wireless network. If you fall into this %, don't be shy to email if you have any questions about securing your network. Always glad to help a fellow grumbler!

Mike
 
Hi Judy

That's most likely a problem within the slow computer, not the hub. Either it needs some RAM, has a slower chip, has spyware running, or the virus scanner may need to be re-configured to EXCLUDE a folder with a lot of database or index activity.

If you think it might be due to a defective wire, try moving to the computer temporary and plug it into the wire from another computer that runs fast.

To scan for spyware, grab AD-ADAWARE SE from www.download.com (center, near bottom of page)

To check the amount of RAM(memory), right click on MY COMPUTER and pick PROPERTIES. The computer specifications (speed and memory) will appear on the bottom right. If the RAM is less than 256, the computer will probably be slow.

Just some things to check...

Is everything slow, or just one particular networked application?

Mike
 
Originally posted by JudyN:
Mike maybe you should teach a "computer class for dummies" at one of the shows...what do you think?
Excellent idea! I would be in attendance (if Atlanta) for sure.
 
Upgrading from 128 would certainly speed up the computers. You'd have to check for available slots, but most Dells come with at least 1 free slot. If you install a 256 chip, it'll bring you up to about 384 total. (a comfortable minimum amount) The memory upgrade will make windows boot up and shutdown faster, web pages will load faster, and there will be less swapping/disk activity.

Is the faster computer the "server" and the slower computer the "client/workstation"? If so, it's normal for the remote machine to do certain (POS RELATED) tasks slower. This is because the shared files are physically stored ON the server machine's hard drive, and you're transferring all that data over the network. (a slower "route" than retrieving it from the hard drive in the same machine) If this is the case, I usually suggest running your REPORTS on the server machine.

I don't know about a class. It's the wrong industry, so I doubt there would be any interest. This forum is always here for folks to share help with each other, just as the others are for framing.

Have a great weekend!
Mike
 
No one has mentioned the use of "hotspots" (a location where anyone can access the web via wireless, cafes, airports, hotels etc...) they are all over the town i live in. i asked a lawyer friend about the legality of leeching onto someones network and theft of services would be the only thing you would be guilty of, if they could prove it. the authorities would probably tell you to secure your network or go away. rambling....
 
I think much of it depends on the situation - i.e. leeching your neighbors bandwidth versus a corporation's. There was though a bill up for vote in Hew Hampshire that wanted to legalize accessing insecure networks, but I don't know if it passed or not. And the word "insecure" is rather ambiguous, as the WEP algorithm used by most wifi routers is inherently insecure.

I think if all you're doing is using their network as a proxy for casual internet surfing then you'd be barely a blip on the radar, much less even noticed. And catching someone breaking into a wifi network is rather difficult, if not impossible, without sophisticated equipment (or a lot of luck).
 
On the way to work today I heard commercials for the local primary phone company (Verizon) giving away free wireless routers with any new dsl internet subscription. I believe they're giving out Netgear wireless G routers which are completely unsecured by default.

I'm just bumping this up again in case anyone has taken advantage of their generous offer. It's important to secure any wireless equipment to keep others out.

Driving around with a laptop is somewhat of a "sport"/fad at the moment, especially for students. I've caught cars in front of my house, because there are 3 networks within a few blocks and only one of those is secured (mine)

Something to consider if you use wireless at the shop is that someone can likely sit in the parking lot with a laptop and snag your financials, customer database, pricing formulas, etc.

Mike
 
Thanks for the information Mike. I know that we have a wireless connection between our two computers at home, but now I need to see if steve has them secured. (Probably not.)

Our computers at the store have a hub, and are all connected by wire... I know this, because I ran the wire for them myself.
 
I'm bumping this thread to the top, a year later, because it is apparently still a very important issue.

The results of the 2005 tech poll were posted today, and they were somewhat alarming. According to our response, about 50% of us have wireless networks with no security in place. In other words, we're broadcasting our data to the neighborhood.

Full results: http://www.custompictureframing.com/poll_results.htm

It's important to secure your wireless network with a WPA security key (password), at the least. Changing the default login pw, enabling mac address filtering, and turning off the SSID are other recommended things that will minimize the likelyhood of your shop being a victim.

These settings can usually be accessed within your network by going to http://192.168.1.1 or http://192.168.0.1 Your router will display a web page with the settings. The password is usually "admin" (no quotes) I suggest doing this from a hardwired PC, so you don't lock yourself out by mistake.

Best regards
Mike
 
Thanks for bumping it to the top again Mike. I emailed it to my daughter at college. Her friends and her are renting a house and they have 2 wireless nets set up. When they set the first one up, they didn't have it very well secured and were having trouble with it running slowly. When they looked at who was on it, they found only 1 computer from their house and 4 from outside. They quickly increased security.

They added a second net for the upstairs because they have 9 kids in the house. The upstairs net is very well secured. Even the kids downstairs are locked out.

She said currently she is picking up 4 nets, the 2 in their house and 2 from neighboring houses. One of the neighboring ones is only partly secure and one is unsecured. Colleges are going to have to start offering classes in how to set up and secure your net if this trend continues.

By the way, my daughter says thanks and she showed it to her housemates.
 
My mother and father in law are doing the snowbird thing, and their 5th wheel is currently in Texas. The parks they stay in often have wireless included. My mother in law also demonstrated to me how she uses other peoples wireless (if she can find a unsecured router) to send and recieve her email. Not bad for a 60+ year old who only learned about computers a few years ago. I asked her why she didn't just plug into my network in the house. Basically the answer was, this is easier and I am done!

James
 
Mike, I have a Linksys EtherFast Model BEFSR41 wired, 4 port router. I have heard, all up and down the grapevine, that a simple routher between the modem and the computer does something funky with the IP address of your computer.

This, of course, in theory, causes anything sent to your computer IP address to be snagged by the router. Is this true, and is there a simple way to set it up? It came with no instructions, just a disc, but I have it wired in anyway. Honestly I haven't been able to tell that it's doing much 'diverting' at all.

The FCC act says that anything that is transmitted, over the air, can be recieved. Legally! Worked around that law for 30 years. It's not all that difficult to pull some cable and have a secure, wired network. But, that's just me. Of course, there ARE some people who think phone traffic via the fiber network is safe from snooping. (Sometimes ya NEED a good laugh!)
 
The BEFSR41 is a good non wireless model. (The newer Linksys WRT54G model is both wired and wireless)

{Cablemodem(or DSL)} -> {BEFSR41 router} -> {Your PC(s)}

The befsr41 acts as a "Traffic cop" and will block any incoming attempts from the internet, as a firewall. (email and web sites come through, but incoming port scans are blocked) Specific ports can be routed to specific pc's, if necessary. (some games and communications programs may require this)

How it works is that the router takes over the single IP address assigned to you by the cable company, and appears as "the computer" to the outside world. It then creates a block of internal only IP addresses for computers inside your business or home. (192.168.1.???) It handles the appropriate incoming and outgoing packets and knows which internal PC to route them to/from. You can connect over 250 pc's to your router, if you have that many


To wire it, plug the pc into one of the 4 HUB/SWITCH ports, and plug the WAN/INTERNET port back to the cablemodem. Turn everything off for 5 mins, including the cable modem. (cablemodems tend to associate themselves with a specific MAC address/pc and turning them off lets them "marry" to a new address- in this case the router)

Turn the cablemodem on, then the router, then the PC.

Open the web browser. Do you see your regular home page? If so, you should be all set!

If not, navigate to http://192.168.1.1 and log in with ADMIN as a password. This is the router's built in web page for purposes of configuration. (If for some reason this page doesn't come up, you may have to switch your PC to automatically get an ip address (dhcp))

In the router's menu, the "Obtain IP address automatically" (DHCP) option is sufficient for most cable companies. If they assigned you a specific fixed IP address, youll be able to enter it on this screen. (with gateway, dns servers, subnet mask, etc)

Here's a diagram that shows a small network, using a befsr41. For purposes of demonstration, picture the same thing with only PC#1.

gtpnetwork.gif


Mike
 
revisted

Based on Kathy's inquiry, I bumped this two year old post up to the top again. Most of the info is still valid. I now recommend encryption type of WPA PERSONAL with TKIP, or even WPA2 PERSONAL w/AES if your wireless devices support it. WEP has been cracked and easily hacked.

Mike
 
Last edited:
Mike helped me secure my new wireless network yesterday. Thanks Mike!! :thumbsup:

And it really holds true to what Mike said in various posts on this issue: I was able to see lots of other people's networks in my neighborhood, only one of them showed a lock next to it (secure).

I bet anyone could go there and take a walk around their hard disks....not good!
 
Borrowing neighbors wireless, legal or not, am I putting myself in the same danger as they are in when using it?

I have 6 that have shown up in my block, 2 unsecured, of which one is the neighbor next door.

Are the DSL and Cable more secure?
 
The short answer is: YES

The legality is highly questionable. I don't think it has been challenged in court yet, but it's a sticky subject for sure. One argument claims they are transmitting an unsecured signal into YOUR home/space, and the other says it is theft of service and/or privacy. Approximately 80% of wireless networks are unsecured, and it's a real problem IMO. (ESPECIALLY for businesses)

They can use any of the shared resources on your computer just as you can theirs. (If you have any) When connecting to their wireless, you are getting in after their firewall/router. If they look in the networking section of windows, or the dhcp activity log in the router, they can also see the NAME of your computer. (most people put their real name as the computer name)

DSL , FIOS, and Cable are about equal. Most providers now provide routers, to add a layer of security that blocks outside/incoming activity. Routers also let customers share the connection with multiple wired and wireless devices/pc's at the same location. When connecting wirelessly, it bypasses that layer of security and you have full access to see and communicate with the other computers, or even to log into the router itself to change settings. By default, most of the wireless routers come with encryption turned off and with no password assigned.

You only see 6, but there are probably many more. Most routers come configured on the same frequency (channel six) and overlap each other's reach area a bit. I consulted for a client last week that had 9 in range, and not a single one was secure.

Thanks for bumping this topic up again, as a reminder for people to secure their wireless feeds.

Mike
 
Tips for making your wireless more secure

Special Security Note: By default, wireless is turned on and has NO protection. Anyone within a few blocks can use your internet for free and steal or modify your shared files, customer list, etc. It is VERY important to fix this by either disabling the radio entirely, or taking steps to improve security if you wish to use a laptop or other wireless device in the office. Just because you are not using the wireless portion of your router, does not mean that others cannot. Out of the box, most routers have security turned off, and allow everyone in without a password. The encryption method WEP should not be used, as it has been broken by hackers. WPA2 is better. No wireless is truly secure, and I DO NOT recommend it in a business environment.


Disabling the WIRELESS Radio in your router (Highly recommended, if you won’t be using wireless)
-Log into the configuration menu on your router
-Open a web browser and navigate to your router's control panel/menu:
note: It will vary by brand and model:
3Com http://192.168.1.1 admin / Admin
D-Link http://192.168.0.1 admin / (leave blank)
Linksys http://192.168.1.1 admin / Admin
Netgear http://192.168.0.1 admin / password
-Click the WIRELESS tab
-In the WIRELESS NETWORK MODE field, select ‘DISABLED’
-Click SAVE SETTINGS

Improving Security for your Wireless Router (If you plan to/must use wireless in your shop)
-Log into the configuration menu on your router
-Open a web browser and navigate to your router's control panel/menu:
note: It will vary by brand and model:
3Com http://192.168.1.1 admin / Admin
D-Link http://192.168.0.1 admin / (leave blank)
Linksys http://192.168.1.1 admin / Admin
Netgear http://192.168.0.1 admin / password
-Click the WIRELESS tab (or equivalent)
-Assign a name to your wireless network in the SSID field ie: ACMEFRAME
-Change the wireless channel from 6 to 9 (or any other number. They ALL come on 6, and will conflict)
-(optional) Set WIRELESS SSID BROADCAST to DISABLE
Note: You may want to do this after you connect to the new settings once from each pc
-Click SAVE SETTINGS
-Click WIRELESS SECURITY tab
-Set SECURITY MODE from ‘NONE’ to ‘WPA2 PERSONAL’
-Set WPA ALGORITHMS to ‘TKIP + AES’
-Set WPA SHARED KEY to a unique 10 character password. I suggest NOT using words found in dictionary
-Note the password/key, because you will need to provide it once for each PC that connects in the future. Also make note of the SSID from the step above.
-(Optional) enable the MAC FILTER and enter the mac addresses from your PC’S for ‘PERMIT ONLY’
Note: You may want to do this after you connect to the new settings once from each pc
-Click SAVE SETTINGS

I hope this info is useful. The instructions will vary slightly for each brand, but will get you in the right direction. Check the documentation from the vendor for details, or ask in the chat room.

Best regards
Mike
Forum co-moderator
 
This is so real!~
This is such a useful thread!~
Thank You.
 
Mike,

I was glad to see that you updated this thread with a recommendation to move away from WEP to WPA, it is a much more secure encryption methodology. One other point for general performance on wireless. If you look at your wireless router you will see that it offers a range of channels, typically 1-11. In the US there are only three that are "clear", in that there is no overlap with other wireless channels, these are 1,6 amd 11. I always recommend that you set your wireless router to use typicaly 1 or 11; keeping in mind that the typical default is 6 and that most people just leave it there. Modifying this provides you with less chance of radio interference and a higher level of performance with your wireless network.
 
We got DSL about a month ago and just added a laptop to the shop network. It's taking over for the computer that just died that we used to run Lifesaver on. I hooked it up using the wireless option on our router since it's location makes it hard to run a cable from. I thought we were good on security until I read this.

Does the problem with WEP still apply? I looked at the router's set up site and besides WEP it offers WPA-PSK. Should I change it to that and assign it a new password? I actually only go online with the laptop to get updates. I don't use it for most of my internet visiting.

I did assign it a name and changed the channel on it. Just wondering if I need to go to the next step.
 
Yes. WPA is far more secure. (newer equipment/firmware also has WPA2) I would change it to WPA, and pick a new password (encryption key) in the router. The current WEP password can be obtained in minutes, just by having it turned on in your router. The sport of finding these is a game for some folks...

Once you change it, the laptop will be briefly cut off. You will have to pick your network once more from the list of wireless networks, and it should prompt for the new pass key. This is a one time thing.

Happy computing!
Mike
 
I had dropped my landline at home...
I was considering getting it again just for DSL....

Well low and be hold had my laptop at home.. I had 15 wireless connections show up & 8 were unsecured. Three of them even placed their last names on them so I know where they live..
I have stopped when I have seen them out in the yard and have asked them how they like their routers.
Shock!~ Suprise!~
Well how do you know I had one? Then I tell them.
Only two of them have changed it.
 
Mike's yearly nag reminder :)

The 12/1/08 6th annual grumble technology survey results show that many of us use Wireless routers in our offices, and about 22% of those are not secured.

I'm resurrecting this thread once again, as a friendly reminder that wireless routers should always be secured. If not, your data will be subject to harvesting. (accounting files, customer database, pricing, even emails and identity theft for what you do online from that location)

Your internet signal travels several blocks, and can be abused anonymously by others in homes or cars for illegal purposes. If a court order is served or the police come, it will be to the person transmitting the signal.

Remember, if your router has ANTENNAS, it is transmitting. (Even if you don't use wireless computers) By default, there is no security for most models.

These are compelling reasons to consider securing your wireless router at the shop, and even at home. It only takes a few minutes to log in, turn WPA encryption on, and assign a key/password. If you don't use wireless devices, you can also turn the radio off completely. Instructions are earlier in this thread, which work with most router models.

I hope this is useful to keep your data safe.

Mike Labbe
Get The Picture

PS Thanks again to everyone who participated in the recent survey. The full results live at http://www.custompictureframing.com/poll_results.htm
 
Good posts and not trying to muddy it up too much, but would like to add a thought.

If your wireless is just for your shop - turn down your transmitting power.
No point to light up the whole block.

If someone is in range of your signal, it can be hacked into no matter what what type of encryption you have. Granted someone would seriously have to try, but it could be done.

Most AP's have a way to adjust their power from 5% to 100%.
You can play with this slider to find a point in which the wireless works fine for you in your shop, but step outside or a step a few feet from your building and there is no signal.
 
WOW...what I don't know about technology is mindboggling...QUESTION...I have my internet provider DSL that is over the air to towers since we can't get service any other way in the boonies..this antenna thing on my house picks up the signal from a tower across the lake, and at the shop it picks up a signal frpom a tower about a mile away...can everything I do be intercepted because of these over the air signals ?? If so what can i do to secure my incoming and outgoing DSL signals to and from the towers?
 
Yes, but its highly unlikely. Those are secured and encrypted signals, which require special radio equipment which operates at a different frequency.

The subject of this thread is specifically ROUTERS (within your office or home) that come after the ISP's equipment. By default, these are set to grant full access to everyone. They don't require special equipment. Someone with a laptop could get in to use your internet, capture passwords and other personal data with packet sniffing software, or grab/sabotage data from your networked POS drive(s).

It's very easy to fix, so I 'nag' about this topic every year. :) I feel that it's that important.

Mike
 
Normally when I'm using the laptop at home (on dial up), it tells me there is no wireless signal available since we live out in the country. Yesterday, I noticed it didn't give me that message, so I clicked on the wireless icon and it was showing a free public wireless net available with a moderate strength signal. Not sure where that was coming from since the nearest town is 7 miles away and as far as I know, they haven't installed any kind of highspeed internet in our rural area. There is a possiblity that it is the neighbors. They may have internet through a satelitte dish and have a wireless router.
 
That was most likely a neighbor's LAPTOP, not an actual ROUTER.

Any time you see "Free Public WIFI", don't connect to it :) It will usually say AD HOC or show a picture of a computer to computer connection. Often those are people trying to impersonate a public feed, so they can be the "man in the middle" between you and the real internet. In the process, they can collect anything that passes through (emails, im's, credit card #s, etc)

Other times its just a misconfigured or exploited machine (neighbor) who is allowing anyone access to their computer wirelessly.

I see these often at airports.

Here's an article with more info, and even some pictures

http://news.cnet.com/8301-13554_3-9941355-33.html

Mike
 
I bumped this 2004 thread as a reminder, due to another thread that mentioned wifi security concerns. It's an oldie but still a very important issue to protect your shop. Based on the most recent poll, there are still some shops (although not as many) that are offering their network to others.

WEP encryption or NONE (no encryption) are both a bad idea, and should be avoided at all costs. If you use Verizon FIOS service, the default WEP password is also available to anyone. (it can be easily looked up on a website, based on the name of your network)

By securing your network, it will keep neighbors or people with laptops/smartphones from accessing/damaging your shared files, sniffing packets to gather your habits, or using your internet connection for illegal purposes that could be traced back to you. (stealing movies, music, etc)

Mike
 
Beside this all, you can also make an extra security to use a second (non-wifi) router for pc's and Mac's that you can use in wired connection. Than you get two levels that hackers should have to pass and will be nearly impossible.

- computers for surfing, gaming and fun direct in wifi
- computers for work and classified stuff behind the second router on wire.

The second router can be protected as well as the wifi-router.
 
Also arrange your computer-connection with your mail-server as an ssl-connection. Even when it has no certification, it will also work as a second protection behind a WPA2 wifi-connection. If you live is a town with probably suspicious people around, open that mail-connection only for short time, even when it's ssl. I always use it very short in a hotel.

An other thing is that you go into your system prefs to make your notebook "stealth" and be sure that ftp-approach and file-sharing and all other connection-options are closed. (Very easy to arrange in a Mac.)
 
Bumping old thread.

Mike,

Bringing up an old thread.

I was looking for the link you posted on updating a router's operating system with an after market one and I can't find that link. I am trying to make mine more secure and thought that it fit the general gist of this thread. I am unable to find that thread or a link to the web site that has alternative OS's for routers.

I want to be able to set tighter parameters for access on my router beyond the scope of what is built into the router. Figured if I had that questions others might as well.

Thanks.
 
Speaking of which, I was just considering adding a wireless access point and am wondering how I might do that in my circumstances. We do not use wireless inside our private network.

Our (wired only) internet router has four ports -
  • one goes to our hardware firewall and then on to our server (which adds a software firewall) and shares the connection through our switch for our private network.
  • one connects to a typical wireless router (Cisco/Linksys E1200) that we use for internet access on personal devices and guest laptops etc. There is no access to or from our private network to this router.

I'd like set up an additional wireless router set up similar to the one we have (the one doesn't provide coverage to the whole building). Can I have two plugged into the same router? What happens if someone moves from one area to another - will it hand off to the stronger signal, or will it have to completely lose connection with the one before it picks up the other? Or do we need two new wireless routers that are designed to work together in this kind of application?
 
Mike,

Bringing up an old thread.

I was looking for the link you posted on updating a router's operating system with an after market one and I can't find that link. I am trying to make mine more secure and thought that it fit the general gist of this thread. I am unable to find that thread or a link to the web site that has alternative OS's for routers.

I want to be able to set tighter parameters for access on my router beyond the scope of what is built into the router. Figured if I had that questions others might as well.

Thanks.

The alternative operating systems depend on the hardware and revision level. Different revision levels of the same routers sometimes have different boards, processors, and ram.

The aftermarket freebies are usually far better than stock.

Mike
 
Mike you had a link to a site, that had you pick the os based on the router. Do you still have a link? The one I want to change is a linksys 300n but I also have a netgear g. If I remember right the netgear I have is a model that was between revisions and that site didn't have an os compatible, one of the few models without, and of course the one I bought. :)
 
Back
Top