Jonj1611
asked on
Securing Network Devices
Hi,
I am getting quite confused with securing one of the computers on my network, so I will try and explain my set up, 2 of the computers run Vista RC1 and the other one is Win XP.
So here goes
BT HomeHub Router With Wireless turned on using WPA-PSK security.
Win XP Comp - Wired through switch to Router
Win Vista RC1 Comp 2 - Wired through switch to Router
Win Vista RC1 Comp 3 - Connected Wirelessly to router.
When I connect Comp 3 to the wireless router I have to enter a passkey, however my question is, what is stopping people from accessing Comp 3 remotely? I never set up security for that device, so I am concerned their is nothing stopping people from accessing Comp 3 and accessing the system. Is their anything I need to turn on for Comp 3 at all or am I just confused regarding wireless security?
Thanks
Jon
I am getting quite confused with securing one of the computers on my network, so I will try and explain my set up, 2 of the computers run Vista RC1 and the other one is Win XP.
So here goes
BT HomeHub Router With Wireless turned on using WPA-PSK security.
Win XP Comp - Wired through switch to Router
Win Vista RC1 Comp 2 - Wired through switch to Router
Win Vista RC1 Comp 3 - Connected Wirelessly to router.
When I connect Comp 3 to the wireless router I have to enter a passkey, however my question is, what is stopping people from accessing Comp 3 remotely? I never set up security for that device, so I am concerned their is nothing stopping people from accessing Comp 3 and accessing the system. Is their anything I need to turn on for Comp 3 at all or am I just confused regarding wireless security?
Thanks
Jon
Bit about the WPA-PSK From here: http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx
Tips to Strengthen Wireless Security
Are there any risks with WPA-PSK? It should be obvious that the shared secret should be closely guarded. Don't use something that is easily guessed. Use something that hackers employing dictionary attacks won't normally have in their dictionary. (If you've received SPAM that looks like it was addressed to every possible name and name plus numeric on the planet, then you know what a dictionary attack is).You can use something that only you can remember.
Check your wireless access point or router and see if there is a user configurable Rekey Interval and set it. I've been using 100 (seconds). Note that some residential WPA-PSK only routers or access points may not offer this configurability and use a hard-coded Rekey Interval.
Here is a summary of the additional steps you can take, in addition to using WPA, to secure your wireless home network:
• Never use the default SSID provided by the manufacturer. You can optionally turn off the broadcast of the SSID name, but this won't stop determined hackers from finding it.
• Set up an access control list by Mac address of all devices you want to associate with the access point or wireless router.
• Change the default password provided by the manufacturer on the access point or wireless router.
• Place the access point or router in the center of your home and not near a window.
• Turn off administrative access over wireless if possible.
Tips to Strengthen Wireless Security
Are there any risks with WPA-PSK? It should be obvious that the shared secret should be closely guarded. Don't use something that is easily guessed. Use something that hackers employing dictionary attacks won't normally have in their dictionary. (If you've received SPAM that looks like it was addressed to every possible name and name plus numeric on the planet, then you know what a dictionary attack is).You can use something that only you can remember.
Check your wireless access point or router and see if there is a user configurable Rekey Interval and set it. I've been using 100 (seconds). Note that some residential WPA-PSK only routers or access points may not offer this configurability and use a hard-coded Rekey Interval.
Here is a summary of the additional steps you can take, in addition to using WPA, to secure your wireless home network:
• Never use the default SSID provided by the manufacturer. You can optionally turn off the broadcast of the SSID name, but this won't stop determined hackers from finding it.
• Set up an access control list by Mac address of all devices you want to associate with the access point or wireless router.
• Change the default password provided by the manufacturer on the access point or wireless router.
• Place the access point or router in the center of your home and not near a window.
• Turn off administrative access over wireless if possible.
ASKER
Hi,
Thanks for the replies, it has sort of answered the question but I will rephrase just in case.
When I connect to the main router it asks for a passkey.
However, what if someone wanted to access my Win Vista RC1 Comp 3, do I need any type of encryption on that too. I mean, lets say for instance that all computers are off apart from Comp 3. Could someone connect to that computer if they wanted, what is stopping them from connecting? Do I need security on that device for instance?
Cheers All
Jon
Thanks for the replies, it has sort of answered the question but I will rephrase just in case.
When I connect to the main router it asks for a passkey.
However, what if someone wanted to access my Win Vista RC1 Comp 3, do I need any type of encryption on that too. I mean, lets say for instance that all computers are off apart from Comp 3. Could someone connect to that computer if they wanted, what is stopping them from connecting? Do I need security on that device for instance?
Cheers All
Jon
They can only really get to it if they can crack the WPA-PSK and therfore are on your network. If the access point isn't allowing them on then they can't get to your machine as it will probably be configured to only connect to the AP.
You should have a password on your user account on there and disable any user accounts you don't need.
The only route in then is via your username and password unless there are:
any vulnerabilities in the OS
You have any other services on there that are anonymous such as a web server.
I would doubt anyone passing by would bother to crack your WPA-PSK wireless connecion so I woudl say no issue. By all means leave this open to see if anyone else has any comments.
Steve
You should have a password on your user account on there and disable any user accounts you don't need.
The only route in then is via your username and password unless there are:
any vulnerabilities in the OS
You have any other services on there that are anonymous such as a web server.
I would doubt anyone passing by would bother to crack your WPA-PSK wireless connecion so I woudl say no issue. By all means leave this open to see if anyone else has any comments.
Steve
ASKER
Hi Steve,
Many thanks for your comments, the reason why I asked my questions was that I wanted to install a Vue 6 Infinite Rendercow on the remote machine, this machine needs to be on 24/7, so I wanted to make sure the network and/or bandwidth were protected. I know where I live it is extremely remote for anything to happen but wanted to be safe than sorry.
Cheers
Jon
Many thanks for your comments, the reason why I asked my questions was that I wanted to install a Vue 6 Infinite Rendercow on the remote machine, this machine needs to be on 24/7, so I wanted to make sure the network and/or bandwidth were protected. I know where I live it is extremely remote for anything to happen but wanted to be safe than sorry.
Cheers
Jon
ASKER
Hi,
Ok, I have rethought this question as it wasn't very clear.
How do I secure Computer 3 from being accessed by another comptuer wirelessly while still being able to connect to my router.
Or does it not work like that?
Thanks
Jon
Ok, I have rethought this question as it wasn't very clear.
How do I secure Computer 3 from being accessed by another comptuer wirelessly while still being able to connect to my router.
Or does it not work like that?
Thanks
Jon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Steve,
It does help and thanks for that help.
Jon
It does help and thanks for that help.
Jon
No problem, good luck... you could always wallpaper your room in tin foil too I suppose :-)
ASKER
Lol, that was my Plan B ;p
Jon
Jon
I don't think you probably have much to worry about there unless you know different. If you are worried about the wireless traffic run another Cat-5 cable...
Steve