WIRELESS SECURITY LIMITATIONSThe Annoyance:I'm a total security freak. In fact, I approach paranoia when I configure security for my computers and network. For my wireless network... The Fix:STOP RIGHT THERE! If you're that serious about security, you don't want wireless technology on your network. A wireless network has an "intrusion possibility" factor that's much higher than any wired network (Ethernet, phoneline, or powerline). To get into a wired network, an intruder needs to come into your house and connect to the wired network. You'd probably notice that. Getting into a wireless network is much easier because it can be accomplished without anyone noticing. The security features available for wireless networks don't overcome that security gap. Keep your network hardwired or you'll probably have a nervous breakdown!
WEP DISABLED BY DEFAULTThe Annoyance:I want to set up my WEP key, but I can't figure out where or how to perform this chore. Why is it so hard to find? The Fix:By default, wireless device manufacturers disable (hide) WEP. To turn it on, you need to read the instructions that came with the device. Isn't this annoying? I asked representatives of two manufacturers about this decision and received similar answers from both of them: "Configuring WEP is complicated and prone to errors, so we decided to disable it as the default mode." Right, I see, so it's better to let your customers send data that can be intercepted by anyone in the vicinity who has a wireless adapter. Warning: Most manufacturers with devices that support WPA encryption hide it (just like they hide the WEP feature). Currently, only Linksys (not Belkin, D-Link, or Netgear) lets you enable WPA during the setup wizard. Hopefully, the others will change their approach soon. WPA SUPPORT IN WINDOWS XPThe Annoyance:I want to use wireless technology for my Windows XP laptop. I'm interested in using WPA encryption, but Windows XP doesn't appear to support it. I'm really annoyed because I was told that Windows XP provided the best support for wireless security. The Fix:You haven't been keeping up with Windows updates. WEP support was introduced in Service Pack 1. Service Pack 2 is now available, which incorporates all the enhancements in SP1, and adds even more robust support for wireless communications and wireless security. WIRELESS DEVICES DON'T SUPPORT WPAThe Annoyance:I installed a wireless network about six months ago, but the adapters and router don't support WPA. It's really annoying to have to replace practically brand-new equipment just to have better security. The Fix:You don't have to replace the equipment because most (probably all) manufacturers provide free hardware upgrades. A hardware upgrade is called a firmware upgrade, and the file is downloaded to the device. Go to the support section of the manufacturer's web site and look for a link to "downloads." You'll be asked for your model number and operating system. The downloaded file is compressed (it's usually a zip file). If the file package doesn't include installation instructions, look on the web site. Warning: Manufacturers offer firmware downloads to enhance many hardware features in most versions of Windows. For firmware that includes WPA support, you'll probably find that only Windows XP is supported. Tip: The Wi-Fi Alliance web site (www.wi-fi.org) has a list of the equipment certified for WPA support.
USING DEFAULT SETTINGS IS A BAD IDEAThe Annoyance:I added a wireless computer and an access point to my wired home network. I set up the computer for infrastructure mode. When I booted my computer, Windows XP announced it had found the wireless network, which is really nifty (and now I know why people say Windows XP has great built-in support for wireless networks). Unfortunately, the computers on the network aren't in my house. I finally found out I was accessing my neighbor's wireless network. How is this possible? The Fix:Scary, huh? Have you thought about the fact that your neighbor can get to your network, too? You and your neighbor are using the default network settings and Windows XP found your neighbor's signal first. Is your computer and access point near a window that faces your neighbor's window? Your workgroup is probably still named MSHOME, your SSID is the default identification string, and you're using the default wireless channel for the signal. Each part of that statement represents a mistake you made. Reconfigure your network immediately! Create a unique setting for each network and security setting. Warning: Wireless hackers go down streets and through buildings (apartment houses and business structures) with their wireless computers configured for default settings. That configuration gets them into more than half of the existing wireless networks. Change the default settings, people! Tip: Access points and routers require passwords to enter the setup feature to change the settings. Don't forget to change the default password. WIRELESS SECURITY SETUP ISN'T SECUREThe Annoyance:To establish the connection between a wireless adapter and the access point for the first time, it's necessary to enable broadcasting of the access point's SSID, which is usually not broadcast for security purposes. In other words, to enable security, you first need to make the connection insecure. That makes no sense. The Fix:I agree, and I wish I had an easy workaround for this problem. All I can say is "work fast." Or, bring all the computers and access points (including the wireless router) into a room that has lead walls, and then set up your security. SECURITY FOR LAPTOP COMPUTERSThe Annoyance:I read an article about someone who lost his laptop at a convention. The computer was filled with secret information about his company's plans and financial situation. I take my laptop to client offices, meetings, airports, and so on. I have a lot of sensitive, private information in the documents, which I need to conduct business. Do I have to chain the laptop to my neck to make it secure? The Fix:Laptop security is an enormous problem because the risk of loss or theft is very high. In addition to sensitive documents, many laptops have cookies to web sites where you store credit card numbers and passwords. The trick is to make sure the information on the laptop can't be read by anyone except you. Here are some guidelines:
EFS encrypts files using a complicated, hard-to-break encryption algorithm. When a file is encrypted, all reads and writes to the file are decrypted and encrypted transparently to the user who encrypted the file (the logged-on user). If another user logs on to the computer and tries to open an encrypted file, an Access Denied error appears because the user does not possess a key to decrypt the file. You can copy your EFS key to a floppy disk and keep it in your office or at home. If your laptop goes missing, you can use the key to work on the backup files you made before you took the laptop out. You can learn more about EFS on Microsoft's web sites. |