(topic being introduced for discussion based on the Technology Poll results at THIS LINK )
Wireless Security Tips For Your Shop or Home
10/28/2004 Mike Labbe www.getthepictureframing.com
If you use wireless networking technology in your shop, you may be a target for hackers or individuals who may want to harvest your customer and/or financial data.
I was surprised when I turned on my laptop one day, in the comfort of my living room, and found a list of 3 available networks. It turns out one was my network and the other two were neighbors on a different street. The individuals left their wireless equipment with the default settings and were broadcasting their shared drives and printers to the entire neighborhood. The neighbors were equally surprised when I brought it to their attention.
This scenario is very common. In fact, as many as 80% of all wireless networks are easy prey because they have absolutely no security and the default factory settings were never changed. I personally think this is a serious problem. If you don't believe me, try downloading the free utility called NETSTUMBLERhttp://www.stumbler.net or VISTUMBLER. You might be surprised to find a half dozen or more unsecured networks. Please don't access any of the networks because that might be considered illegal.
Security precautions to take if you have wireless deployed in your shop or home:
- Change the default password on your router. This will prevent customers, employees, or hackers from removing security that is already in place (firewall, encryption, etc). What if someone posing to view your art database was actually logged in to your router, removing security so they could later come back at night with a laptop and harvest your entire customer base and pricing data from the parking lot/car?
- Upgrade the firmware in your router. All router manufacturers periodically upgrade the software in the routers, and it's upgraded in about a minute through their web page. These important updates are released to improve performance and fix security problems. ( http://www.linksys.com/download/ http://kbserver.netgear.com/main.asp http://www.dlink.com )
- Enable wireless security/encryption and assign a key. This is a setting in the router. I suggest choosing the newer 'WPA2' encryption. It will then let you assign an access "key" (password). In order to use your network, each PC will be prompted for this secret key one time. This is perhaps the most important precaution to take when securing your network, to keep unauthorized folks out.
Note: It is best NOT to use 'WEP' encryption. This older encryption method has been broken, and it would take a hacker less than a minute to break through this layer of security. There are various utilities out there which claim to break through this layer of security in "6 to 30 seconds".
- Change the default SSID name of the router and turn SSID broadcasting OFF. When a hacker sees "NETGEAR" or "LINKSYS" broadcasted, they assume you didn't care enough to set it up properly - and probably have lax security. In addition, it can get confusing if there are multiple networks in range with the same name. Select a unique name. Turning off the SSID broadcasting will discourage most accidental connections, although there are utilities out there to find networks even with this option turned off.
- Enable the "Wireless Mac Filter" option in your router, and enter all of your machines in the table as the only machines permitted to access your network. MAC means "Media Access Control address", not to be confused with Apple Mac computers. Each computer on your network will have a unique 12 digit MAC address. Although there are hacking utilities out there to monitor wireless packets and "spoof" a known mac address, it's unlikely that a novice would get around this security block - especially when combined with the other suggestions in this article.
- Password Protect Shared Drives. If you are running a server inside your shop, take advantage of the security offered by your server software. Often shared drives can be assigned a password, and you can limit which folder(s) are shared through your network. (ex: Just the POS folder, not Quicken or your personal documents.)
I suggest trying these improvements from a machine that is HARDWIRED to your router, so you don't accidentally lock yourself out during the configuration.
The best way to secure your network and have the fastest performance is with a traditional hard wired approach. While wireless is ok for internet access, it's not very good when using a POS system or database that requires higher bandwidth to communicate with your server. Wireless networks are susceptible to interference from other nearby networks, microwave ovens, garage door openers, cordless telephones, rc toys, etc. Such interference can cause disconnections, slow speed, or file corruption.
Wireless technology is easily hacked, and there's no single way to secure it properly. The best way to minimize problems is to use a multi-prong approach that includes changing the router's default password, upgrading the router's firmware, adding WPA2 security with an encryption key, putting passwords on shared drives, turn off the SSID broadcast flag, and turn on MAC FILTERING in your router so it will only communicate with a list of known computers.
=========
Discussion welcomed.
These opinions and advice are provided without warrantee. I hope you find them helpful, but please use them at your own risk. If you have questions, feel free to contact by email.
Wireless Security Tips For Your Shop or Home
10/28/2004 Mike Labbe www.getthepictureframing.com
If you use wireless networking technology in your shop, you may be a target for hackers or individuals who may want to harvest your customer and/or financial data.
I was surprised when I turned on my laptop one day, in the comfort of my living room, and found a list of 3 available networks. It turns out one was my network and the other two were neighbors on a different street. The individuals left their wireless equipment with the default settings and were broadcasting their shared drives and printers to the entire neighborhood. The neighbors were equally surprised when I brought it to their attention.
This scenario is very common. In fact, as many as 80% of all wireless networks are easy prey because they have absolutely no security and the default factory settings were never changed. I personally think this is a serious problem. If you don't believe me, try downloading the free utility called NETSTUMBLERhttp://www.stumbler.net or VISTUMBLER. You might be surprised to find a half dozen or more unsecured networks. Please don't access any of the networks because that might be considered illegal.
Security precautions to take if you have wireless deployed in your shop or home:
- Change the default password on your router. This will prevent customers, employees, or hackers from removing security that is already in place (firewall, encryption, etc). What if someone posing to view your art database was actually logged in to your router, removing security so they could later come back at night with a laptop and harvest your entire customer base and pricing data from the parking lot/car?
- Upgrade the firmware in your router. All router manufacturers periodically upgrade the software in the routers, and it's upgraded in about a minute through their web page. These important updates are released to improve performance and fix security problems. ( http://www.linksys.com/download/ http://kbserver.netgear.com/main.asp http://www.dlink.com )
- Enable wireless security/encryption and assign a key. This is a setting in the router. I suggest choosing the newer 'WPA2' encryption. It will then let you assign an access "key" (password). In order to use your network, each PC will be prompted for this secret key one time. This is perhaps the most important precaution to take when securing your network, to keep unauthorized folks out.
Note: It is best NOT to use 'WEP' encryption. This older encryption method has been broken, and it would take a hacker less than a minute to break through this layer of security. There are various utilities out there which claim to break through this layer of security in "6 to 30 seconds".
- Change the default SSID name of the router and turn SSID broadcasting OFF. When a hacker sees "NETGEAR" or "LINKSYS" broadcasted, they assume you didn't care enough to set it up properly - and probably have lax security. In addition, it can get confusing if there are multiple networks in range with the same name. Select a unique name. Turning off the SSID broadcasting will discourage most accidental connections, although there are utilities out there to find networks even with this option turned off.
- Enable the "Wireless Mac Filter" option in your router, and enter all of your machines in the table as the only machines permitted to access your network. MAC means "Media Access Control address", not to be confused with Apple Mac computers. Each computer on your network will have a unique 12 digit MAC address. Although there are hacking utilities out there to monitor wireless packets and "spoof" a known mac address, it's unlikely that a novice would get around this security block - especially when combined with the other suggestions in this article.
- Password Protect Shared Drives. If you are running a server inside your shop, take advantage of the security offered by your server software. Often shared drives can be assigned a password, and you can limit which folder(s) are shared through your network. (ex: Just the POS folder, not Quicken or your personal documents.)
I suggest trying these improvements from a machine that is HARDWIRED to your router, so you don't accidentally lock yourself out during the configuration.
The best way to secure your network and have the fastest performance is with a traditional hard wired approach. While wireless is ok for internet access, it's not very good when using a POS system or database that requires higher bandwidth to communicate with your server. Wireless networks are susceptible to interference from other nearby networks, microwave ovens, garage door openers, cordless telephones, rc toys, etc. Such interference can cause disconnections, slow speed, or file corruption.
Wireless technology is easily hacked, and there's no single way to secure it properly. The best way to minimize problems is to use a multi-prong approach that includes changing the router's default password, upgrading the router's firmware, adding WPA2 security with an encryption key, putting passwords on shared drives, turn off the SSID broadcast flag, and turn on MAC FILTERING in your router so it will only communicate with a list of known computers.
=========
Discussion welcomed.
These opinions and advice are provided without warrantee. I hope you find them helpful, but please use them at your own risk. If you have questions, feel free to contact by email.
Last edited: