Interested in Securing Small LAN of 2 PC's from Outside Infiltration

Hi Everyone:

       We are using a wireless LAN of 2 pc's.  Our neighbors also are using a wireless.  Since more and more people are using wireless connections, we are interested in any steps to secure our connection from outside hackers.  I have heard of cases in which people have infiltrated wireless LANS and draining bandwidth of its victims.  

       I have been told there is a setting within Windows XP Pro to encrypt the network.  But, I am unsure of how to do it within Windows XP Pro SP2.  Once I learn the steps, will I need to carry out these steps on both pc's on the network.

       Any information regarding the steps for encrypting the LAN will be appreciated.

       Thank you

       George
GMartinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PehrsCommented:
To begin with, have you got an Ad-Hook network or do you have an access point (a separate device you connect through?). Without knowing that it’s hard to give any complete solutions.

There are several different technologies for wireless security. You have to think a bit about what kind of attackers you are dealing with. To have some basic security, assuming you use an access point I would suggest the following:

Remove the SID announcements (Makes it harder for people to find your network)
Setup MAC-Address filtering (This will stop computers with the wrong address from connecting. If somebody changes his or her address to one of yours, it won’t help)
Setup WEP (Very simple encryption. Can be broken in a matter of hours with the right tool. Still better than nothing).

If you are dealing with a determined attacker this will _NOT_ be enough. Then you should likely use a secondary encryption and tunnelling to keep people out. But for the casual snoopers this will work nicely.  

There is a nice guide to setting up windows XP and wireless security here
http://www.informit.com/articles/article.asp?p=28694&rl=1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maninblac1Commented:
All of pehrs comments are good, but i figure i'll give some more info.  SID isn't a big issue, MAC filtering is a very powerful tool and it limits the users to the network based on there hardware numbers.  And a WEP is good, but for a small personal network that is extremely concerned about security you could try a WPA which is a significantly more powerful encryption algorithm  Now if your two computers are not ad-hoc then the only way to penitrate into your system is through your wireless router or the internet.  But because of the network address translation it is very difficult for attackers from the net to infultrate your network.  Plus most wireless routers are equiped with intrusion detection signatures that will prevent common attacks.  So the WPA will protect your router....and your router will protect your computers.  But to a truly determained infultrater, they won't be quite enough.  These are all basic software and hardware protection features.  If you're serious about protecting your data on your computers.  I suggest Norton Internet Security, it's a highly configurable suite that will monitor all the network traffic on a computer and prevent malicious code and actions.  It is often difficult to describe security especially in a wireless network because there is so much going on.  But i can assure you with even moderate protection levels you'll block nearly 100% of all intrusions.
Tim HolmanCommented:
What type of wireless router do you have?
Will it support WPA encryption, or are the only settings you see on it for WEP?
If you can only do WEP, then it's better than nothing, but it is crackable if anyone can be bothered to sit outside your house and capture enough traffic for them to reverse the encryption.  Takes about 5-10 minutes on a busy company network, but with a home LAN when there's not too much WEP traffic flying around, it could take several days.
WPA is more advanced than WEP, and so far uncrackable.  The downside is that wireless routers that suppot this as a little more expensive, perhaps too expensive for home use?
A very simple way to secure your wireless network is to turn down the signal strength of your transmitter, so that only PCs in your house can pick up a weak signal (which is just as good as a strong signal for transmitting and receiving data), and in theory, anyone outside your house will pick up zilch.  Also place the transmitter out of sight of things like windows and doors - common sense stuff, really.
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

GMartinAuthor Commented:
Hi

      How may I enter the area for WPA encryption of Windows XP Pro SP2?  The LAN is a simple 2 pc wireless using 802.11b.

      Thanks

      George
decoleurCommented:
WPA encryption is typically not supported with 802.11b it came out as an encryption method after the wireless standard was established.

what wireless acees point are you useing and what cards do you have on the two machines, perhaps we can come up with another viable solution.
GMartinAuthor Commented:
Hi

       I have a wireless Microsoft Router or Base Station (Model MN-500) along with a wireless USB adapter for the other pc.

      George
Tim HolmanCommented:
You can only do 128bit WEP with this model.  WEP should be find for small networks/home users - is it really worth the effort of cracking ?  Hackers aren't going to find much, and would be better off targetting something bigger... ;)
Set up WEP and see how you get on.
GMartinAuthor Commented:
Hi Everyone:

        I am sorry for not elaborating upon my two pc LAN.  It is a fairly simple network consisting of a wireless router and a wireless USB adapter.  The OS on each one of these computers is Windows XP Professional SP2.  

       Are there settings available within the OS to enable MAC-address filtering, WEP, etc?  I am very new to this subject matter and really have no experience to draw from on this subject matter.  
As such, I am interested in any step by step procedures which can be utilized within XP to secure a wireless network.  

       Thank you

       George

Tim HolmanCommented:
WEP is a feature you would enable on the wireless router.  You have to specify a key.
Then Windows XP will pick up a 'security enabled network' and prompt you for this key when you log on.
So - to set this up, log onto the wireless router and enable WEP.
This link should tell you how:

http://download.microsoft.com/download/B/ 6/9/B69C956C-85D9-4641-AA6F-1548391E0967/MN-610FY04.pdf

If not, http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=DVXA,DVXA:2005-12,DVXA:en&q=setup+wep+mn%2D510+wireless+router+microsoft has a few more hits.

I'm on the end of a shoddy GPRS connection at the moment, so can't get many links up to see what's in them - sorry!  :)
Tim HolmanCommented:
Some instructions here too:

http://www.winsupersite.com/reviews/ms_broadband_networking.asp

.. but it looks like WEP is enabled by default ?  

When you look at available wireless networks, does yours come up as 'Secured'?
GMartinAuthor Commented:
Hi

      Due to the wireless LAN being 802.11b, I believe it may not have the needed security.  With this in mind, I went ahead and purchased Norton Internet Security.  At this point, I am interested in any steps which I can take to use this program in securing the LAN.  And, secondly, I am curious if the steps carried out using Norton Internet Security will be needed for both pc on the LAN, namely, the one connected to the router and the wireless pc.  And, finally, since this is a small home LAN, would it be worth the trouble to set up a more advanced form of security using Norton Internet Security?

       Thanks

       George
Tim HolmanCommented:
I would have settled for Windows XP SP2 firewall, supplemented with something like www.ewido.com or even Trend.  Norton runs like a dog!  :)
GMartinAuthor Commented:
Hi Everyone:

      While I enjoyed reviewing each expert's reply, I decided to leave everything as it is.  Since this is a small home LAN, it does make sense that hackers would certainly be more interested in corporate LANS.  The only possible concern which I have is the possibility of neighbors on a wireless sharing our internet bandwidth.  But, this is probably not a problem.  I guess when I saw Netgear within the list of available wireless networks, I got overly concerned.  The wireless network software did indicate both are unsecure.  Since the firewall is enabled within XP, that should be sufficient.  And, since this is an older wireless network setup (e.g. 802.11.b), I am sure my options for more enhanced encryption methods are limited and even unavailable.

       In any case, thanks everyone for the prompt replies.  I am sure I will be exploring the available methods of securing a LAN in more detail in the forthcoming future.  At this point, I am more interested in seeking information to make better future decisions about LAN security.

     Thanks again for the assistance on this one.

     George
decoleurCommented:
Glad to be of help, I hope others are able to benefit from this discussion as well.

-t
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.