Solved

Securing Network Devices

Posted on 2006-11-15
10
258 Views
Last Modified: 2010-04-10
Hi,

I am getting quite confused with securing one of the computers on my network, so I will try and explain my set up, 2 of the computers run Vista RC1 and the other one is Win XP.

So here goes

BT HomeHub Router With Wireless turned on using WPA-PSK security.
Win XP Comp - Wired through switch to Router
Win Vista RC1 Comp 2 - Wired through switch to Router
Win Vista RC1 Comp 3 - Connected Wirelessly to router.

When I connect Comp 3 to the wireless router I have to enter a passkey, however my question is, what is stopping people from accessing Comp 3 remotely? I never set up security for that device, so I am concerned their is nothing stopping people from accessing Comp 3 and accessing the system. Is their anything I need to turn on for Comp 3 at all or am I just confused regarding wireless security?

Thanks
Jon
0
Comment
Question by:Jonj1611
  • 5
  • 5
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17945687
There a number of levels here.  They would have to crack your WPA-PSK access or read the encrypted data out of the air and decode it.  If they could crack your WPA-PSK then they could then hit the next level of security, i.e. access to your box.  This then comes down to all the normal stuff of strong username and password combinations, software firewall, patches not leaving security holes in the OS etc.

I don't think you probably have much to worry about there unless you know different.  If you are worried about the wireless traffic run another Cat-5 cable...

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17945698
Bit about the WPA-PSK From here: http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

Tips to Strengthen Wireless Security
Are there any risks with WPA-PSK? It should be obvious that the shared secret should be closely guarded. Don't use something that is easily guessed. Use something that hackers employing dictionary attacks won't normally have in their dictionary. (If you've received SPAM that looks like it was addressed to every possible name and name plus numeric on the planet, then you know what a dictionary attack is).You can use something that only you can remember.

Check your wireless access point or router and see if there is a user configurable Rekey Interval and set it. I've been using 100 (seconds). Note that some residential WPA-PSK only routers or access points may not offer this configurability and use a hard-coded Rekey Interval.

Here is a summary of the additional steps you can take, in addition to using WPA, to secure your wireless home network:

• Never use the default SSID provided by the manufacturer. You can optionally turn off the broadcast of the SSID name, but this won't stop determined hackers from finding it.
 
• Set up an access control list by Mac address of all devices you want to associate with the access point or wireless router.
 
• Change the default password provided by the manufacturer on the access point or wireless router.
 
• Place the access point or router in the center of your home and not near a window.
 
• Turn off administrative access over wireless if possible.
 
0
 

Author Comment

by:Jonj1611
ID: 17945924
Hi,

Thanks for the replies, it has sort of answered the question but I will rephrase just in case.

When I connect to the main router it asks for a passkey.

However, what if someone wanted to access my Win Vista RC1 Comp 3, do I need any type of encryption on that too. I mean, lets say for instance that all computers are off apart from Comp 3. Could someone connect to that computer if they wanted, what is stopping them from connecting? Do I need security on that device for instance?

Cheers All
Jon
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17945969
They can only really get to it if they can crack the WPA-PSK and therfore are on your network.  If the access point isn't allowing them on then they can't get to your machine as it will probably be configured to only connect to the AP.

You should have a password on your user account on there and disable any user accounts you don't need.
The only route in then is via your username and password unless there are:

any vulnerabilities in the OS
You have any other services on there that are anonymous such as a web server.

I would doubt anyone passing by would bother to crack your WPA-PSK wireless connecion so I woudl say no issue.  By all means leave this open to see if anyone else has any comments.

Steve
0
 

Author Comment

by:Jonj1611
ID: 17945998
Hi Steve,

Many thanks for your comments, the reason why I asked my questions was that I wanted to install a Vue 6 Infinite Rendercow on the remote machine, this machine needs to be on 24/7, so I wanted to make sure the network and/or bandwidth were protected. I know where I live it is extremely remote for anything to happen but wanted to be safe than sorry.

Cheers
Jon
0
 

Author Comment

by:Jonj1611
ID: 17964940
Hi,

Ok, I have rethought this question as it wasn't very clear.

How do I secure Computer 3 from being accessed by another comptuer wirelessly while still being able to connect to my router.

Or does it not work like that?

Thanks
Jon
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 145 total points
ID: 17965488
It doesn't work like that.... if you are using WPA-PSK then that is as strong as you can get for standard home routers. Effectively you have a wireless connection to the AP that is encrypted.  A 'hacker' would have to break the encryption (which with WEP changes all the time) then impersonate the other end of the connection i.e. your access point IMHO.  Turn off wireless zero configuration if it is XP I guess and make sure you fix the wireless settings to your SSID etc.  As long as the auto stuff in wirless-zero-config id turned off it won't try and connect to any other AP's that sneak into range..... Even if someone did get an AP in range and your PC decided it fancied connecting to it a) it will ask you first and b) Your software firewall should only allow connections from the specific hosts you need to talk to.

If that was done it would only be getting as far as your network card, you then need to get past your software firewalls, username / passwords...

Risk is very, very low IMHO.  Hope that helps

Steve
0
 

Author Comment

by:Jonj1611
ID: 17965623
Hi Steve,

It does help and thanks for that help.

Jon
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965694
No problem, good luck... you could always wallpaper your room in tin foil too I suppose :-)
0
 

Author Comment

by:Jonj1611
ID: 17965746
Lol, that was my Plan B ;p

Jon
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPsec VPN - which encryption? 5 53
Setup small office network 1 54
Simple Fibre Question 6 33
Change to New Domain, carry Wks configs foward? 4 22
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question