KA Data Group -Technology Solutions - Networks

Keep Your Network (and PC) Secure - Use Firewalls

blog@kadatagroup.com (admin) — Tue, 27 Nov 2007 08:35:00 -0500

One of your best ways of protecting your LAN isn't to protect the network itself - it's to protect the individual PCs on it. If an intruder makes his way onto your network, but then can't touch any of your PCs, the only damage he'll be able to do is steal your bandwidth. So use a firewall on each of your PCs.

At a minimum, turn on XP's firewall, which is turned on by default. But the XP firewall won't block outbound connections. So get a better firewall. The free version of ZoneAlarm, available from ZoneLabs, provides excellent protection. You can also buy any of the many for-pay firewalls and security suites as well.

Symantec's Internet Security is widely popular and available everywhere. Don't confuse firewalls with anti-virus software, although many companies will package suites with both (or more) capabilities. In computer networks with 5 or more PCs, we would recommend a second level of firewall protection or proxy to help secure your network. KA Data Group will gladly meet to discuss your LAN requirements specific to your environment. Call us today!

This is the final part of a six part series on securing your wireless network.

It's Easy To Sniff Out Wireless Intruders!

blog@kadatagroup.com (admin) — Sun, 25 Nov 2007 20:58:05 -0500

Part five of our six steps in securing your wireless network is very straight forward. If you've taken every possible step to keep out wireless intruders, there's still a chance that someone can get onto your network. So you should regularly check to see whether someone's where he shouldn't be - on your network.

If ever you find someone that shouldn't be on your network, kick them off IMMEDIATELY! One way to do this is to get a program, which will keep an eye out for wireless intruders. When it finds any, it notifies you that they're on your network, show you their activity, and even send them alerts telling them that you know they're using your network. It's called "AirSnare" and you can get it for free here.

This is part five of our six steps to securing your wireless network.

Secure Your Wireless Network - Limit The Number of IPs

blog@kadatagroup.com (admin) — Fri, 23 Nov 2007 20:39:00 -0500

Normally, when your computer connects to your network, your router gives it an IP address. Every computer connected to the Internet needs an IP address in order to browse the Web.

Most times, your router just hands out these IP addresses without question to all network clients, so any time a nearby wireless PC asks for an IP address, the router hands one over with no questions asked.

To help control your security, you can tell your router to only give out a certain number of IP addressesone for each computer on your network. How does this help you? If the computers on your network use all the available IP addresses, it prevents your router from assigning an IP address to an intruder trying to connect to your network.

This setup varies somewhat from router to router. In the Linksys WRT54GX4, log in as an administrator and go to the Setup screen. In the box next to "Maximum Number of DHCP Users:" type the number of computers that will use your network, (both wired and wireless), and click Save Settings. That's all it takes. Now intruders won't be able to get IP addresses to get onto your network. If you add another computer to your network, make sure you go back to the Setup screen and increase the number of DHCP users by one.

This is part four of a six part series about securing your wireless network.

See part one here.

See part two here.

See part three here.

Secure Your Wireless Network - Filter Out MAC Addresses

blog@kadatagroup.com (admin) — Tue, 20 Nov 2007 20:27:00 -0500

Every piece of networking hardware has a unique ID number, like a serial number, called a MAC address. No two pieces of networking hardware have the same MAC address. A MAC address always has 12 hexadecimal digits and looks something like this: 00-08-A1-0B-8E-3D.

You can use these MAC addresses to keep out intruders. Many routers let you permit only certain MAC addresses onto your network. You can set your router to let in each of your computers, and keep everyone else out.

The way you do this varies from manufacturer to manufacturer, and even from model to model. On a Linksys WRT54GX4, log into the administrator screen, and click the Wireless link, and then Wireless Network Access. The Wireless Network Access screen appears, with boxes labeled MAC 1, MAC 2, and so on, up to MAC 50. Select "Permit only PCs listed to access the wireless network. Scroll to the bottom of the screen and click "Select MAC Address from Networked Computers." From the screen that appears, make sure all the boxes are checked, and click Select. You'll be sent back to the Wireless Network Access screen. All the MAC addresses that you check will be automatically filled into the boxes next to MAC 1 and so on. Click Save Settings. Now only PCs on your network can connect to it; all others will be blocked.

What happens if you buy a new computer, and want it to get onto your network, or you have a friend over who wants to use your network? You just need to find their wireless adapter's MAC address and pop it into a MAC box on the Wireless Network Access screen. To find out the network adapter's MAC address, choose Start-->Run, type command, and press Enter. A command line box will open. Type ipconfig /all and press Enter. Look for the numbers next to "Physical Address," such as 00-08-A1-00-9F-32. That's the MAC address. Copy that number into a MAC box on the Wireless Network Access screen, and that computer will be allowed to connect to your network. When you copy the number, don't include the hyphens.

This is part three of a six part series about securing your wireless network.

See part one here.

See part two here.

How and why to hide your wireless network's SSID, and not broadcast it

blog@kadatagroup.com (admin) — Sat, 10 Nov 2007 22:09:33 -0500

The first and foremost step to securing a wireless network is to keep it hidden from public view. To keep your network discreet, don't advertise it by broadcasting your SSID (Service Set Identifier) from your router. Learn more...

Computers on your network connect in a kind of two-way conversation. Your network router constantly sends out its name, known as its SSID. Your wirelessly equipped PCs see that SSID, and then connect to the router by using the SSID name. So if someone knows your SSID, it makes it easier to connect to your router.

When you buy a wireless router, it comes with a default SSID. That default SSID is the same for the thousands, or millions, of routers the manufacturer makes. So a would-be intruder can search for networks with a few common default SSIDs from the major manufacturers, and quickly find wireless networks. So a good line of defense is to change your network's SSID from the default to a unique name that others can't guess. By itself this isn't a great defense, because most war driving software will automatically find the SSIDs of any nearby networks. And Windows XP will automatically do the same thing. So you need to do more than just change the name. You also need to tell your network to stop broadcasting its SSID. Now only someone who knows the name will be able to connect to it.

The steps you take for changing the SSID and telling your router not to broadcast the SSID varies from router manufacturer to router manufacturer. In the Linksys WRT54GX4, log into your administrator screen, and click the Wireless link. In the "Wireless Network Name (SSID):" box type in a new name for your router. In the "Wireless SSID Broadcast:" box, click Disable. Then click Save Settings. Other brands will have similar settings. Check your user manual for details.

Your router is now invisible to passersby, but it's also invisible to your own PCs on the network as well. So you need to tell them to use the new SSID. On each PC, in Windows XP SP2, click small wireless icon in the Windows System Tray and click the View Wireless Networks button. Click the "Change advanced settings" link in the left-hand column and then click the Wireless Networks tab. Click the Add button in the "Preferred network" section, type your new network name, click OK, and then click OK again. You'll now be connected to your network.

Stay posted for more steps to securing your wireless network as time permits, and remember, if you feel that this is beyond your ability or out of your field of expertise, KA Data Group can help you by securing your network for you. Call for details.