Solved

Securing Network Devices

Posted on 2006-11-15
10
254 Views
Last Modified: 2010-04-10
Hi,

I am getting quite confused with securing one of the computers on my network, so I will try and explain my set up, 2 of the computers run Vista RC1 and the other one is Win XP.

So here goes

BT HomeHub Router With Wireless turned on using WPA-PSK security.
Win XP Comp - Wired through switch to Router
Win Vista RC1 Comp 2 - Wired through switch to Router
Win Vista RC1 Comp 3 - Connected Wirelessly to router.

When I connect Comp 3 to the wireless router I have to enter a passkey, however my question is, what is stopping people from accessing Comp 3 remotely? I never set up security for that device, so I am concerned their is nothing stopping people from accessing Comp 3 and accessing the system. Is their anything I need to turn on for Comp 3 at all or am I just confused regarding wireless security?

Thanks
Jon
0
Comment
Question by:Jonj1611
  • 5
  • 5
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
There a number of levels here.  They would have to crack your WPA-PSK access or read the encrypted data out of the air and decode it.  If they could crack your WPA-PSK then they could then hit the next level of security, i.e. access to your box.  This then comes down to all the normal stuff of strong username and password combinations, software firewall, patches not leaving security holes in the OS etc.

I don't think you probably have much to worry about there unless you know different.  If you are worried about the wireless traffic run another Cat-5 cable...

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Bit about the WPA-PSK From here: http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

Tips to Strengthen Wireless Security
Are there any risks with WPA-PSK? It should be obvious that the shared secret should be closely guarded. Don't use something that is easily guessed. Use something that hackers employing dictionary attacks won't normally have in their dictionary. (If you've received SPAM that looks like it was addressed to every possible name and name plus numeric on the planet, then you know what a dictionary attack is).You can use something that only you can remember.

Check your wireless access point or router and see if there is a user configurable Rekey Interval and set it. I've been using 100 (seconds). Note that some residential WPA-PSK only routers or access points may not offer this configurability and use a hard-coded Rekey Interval.

Here is a summary of the additional steps you can take, in addition to using WPA, to secure your wireless home network:

• Never use the default SSID provided by the manufacturer. You can optionally turn off the broadcast of the SSID name, but this won't stop determined hackers from finding it.
 
• Set up an access control list by Mac address of all devices you want to associate with the access point or wireless router.
 
• Change the default password provided by the manufacturer on the access point or wireless router.
 
• Place the access point or router in the center of your home and not near a window.
 
• Turn off administrative access over wireless if possible.
 
0
 

Author Comment

by:Jonj1611
Comment Utility
Hi,

Thanks for the replies, it has sort of answered the question but I will rephrase just in case.

When I connect to the main router it asks for a passkey.

However, what if someone wanted to access my Win Vista RC1 Comp 3, do I need any type of encryption on that too. I mean, lets say for instance that all computers are off apart from Comp 3. Could someone connect to that computer if they wanted, what is stopping them from connecting? Do I need security on that device for instance?

Cheers All
Jon
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
They can only really get to it if they can crack the WPA-PSK and therfore are on your network.  If the access point isn't allowing them on then they can't get to your machine as it will probably be configured to only connect to the AP.

You should have a password on your user account on there and disable any user accounts you don't need.
The only route in then is via your username and password unless there are:

any vulnerabilities in the OS
You have any other services on there that are anonymous such as a web server.

I would doubt anyone passing by would bother to crack your WPA-PSK wireless connecion so I woudl say no issue.  By all means leave this open to see if anyone else has any comments.

Steve
0
 

Author Comment

by:Jonj1611
Comment Utility
Hi Steve,

Many thanks for your comments, the reason why I asked my questions was that I wanted to install a Vue 6 Infinite Rendercow on the remote machine, this machine needs to be on 24/7, so I wanted to make sure the network and/or bandwidth were protected. I know where I live it is extremely remote for anything to happen but wanted to be safe than sorry.

Cheers
Jon
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Jonj1611
Comment Utility
Hi,

Ok, I have rethought this question as it wasn't very clear.

How do I secure Computer 3 from being accessed by another comptuer wirelessly while still being able to connect to my router.

Or does it not work like that?

Thanks
Jon
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 145 total points
Comment Utility
It doesn't work like that.... if you are using WPA-PSK then that is as strong as you can get for standard home routers. Effectively you have a wireless connection to the AP that is encrypted.  A 'hacker' would have to break the encryption (which with WEP changes all the time) then impersonate the other end of the connection i.e. your access point IMHO.  Turn off wireless zero configuration if it is XP I guess and make sure you fix the wireless settings to your SSID etc.  As long as the auto stuff in wirless-zero-config id turned off it won't try and connect to any other AP's that sneak into range..... Even if someone did get an AP in range and your PC decided it fancied connecting to it a) it will ask you first and b) Your software firewall should only allow connections from the specific hosts you need to talk to.

If that was done it would only be getting as far as your network card, you then need to get past your software firewalls, username / passwords...

Risk is very, very low IMHO.  Hope that helps

Steve
0
 

Author Comment

by:Jonj1611
Comment Utility
Hi Steve,

It does help and thanks for that help.

Jon
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
No problem, good luck... you could always wallpaper your room in tin foil too I suppose :-)
0
 

Author Comment

by:Jonj1611
Comment Utility
Lol, that was my Plan B ;p

Jon
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now