Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] WiFi for Dummies Sm...
Agenda <ul><li>Why wireless? </li></ul><ul><li>Wireless basics </li></ul><ul><li>Top 10 tips </li></ul><ul><li>Wireless at...
Why Wireless?
Wireless Basics <ul><li>You need: </li></ul><ul><li>Computer/Laptop </li></ul><ul><ul><li>Built-in wireless (or WiFi) </li...
Wireless Basics
What, Me Worry? <ul><li>If you can connect to your wireless network. </li></ul><ul><li>An outsider can: </li></ul><ul><ul>...
Wireless Basics <ul><li>WiFi </li></ul><ul><ul><li>Not an acronym </li></ul></ul><ul><ul><li>Trademark </li></ul></ul><ul>...
Top 10 Tips <ul><li>Netgear WGR614v6 </li></ul><ul><li>Why? </li></ul><ul><ul><li>Cheap </li></ul></ul><ul><ul><li>Availab...
Top 10 Tips <ul><li>Log in to the wireless Access Point/Router </li></ul>
Top 10 Tips <ul><li>Change the default SSID </li></ul>Name (SSID) : Enter a value of up to 32 alphanumeric characters. The...
Top 10 Tips <ul><li>Change the default SSID </li></ul>
Top 10 Tips
Top 10 Tips <ul><li>Disable SSID Broadcast </li></ul><ul><li>(but it was unclear how!) </li></ul>Wireless network name bro...
Top 10 Tips <ul><li>Disable SSID Broadcast </li></ul>
Top 10 Tips <ul><li>Use Encryption (WPA/WPA2) </li></ul>
Top 10 Tips <ul><li>Key Sharing: </li></ul>
Top 10 Tips <ul><li>But WEP and WPA-TKIP have been cracked… </li></ul><ul><li>This Netgear only has WPA-TKIP (need newer m...
Top 10 Tips
Top 10 Tips <ul><li>Change the default administrator password </li></ul>Figure 3-2: Log in to the router When prompted, en...
Top 10 Tips <ul><li>Change the default administrator password </li></ul>
Top 10 Tips <ul><li>Change the default SSID </li></ul><ul><li>Disable SSID Broadcast </li></ul><ul><li>Use Encryption (WPA...
Defaults are Dangerous! Disabled WEP Open System Authentication Type NETGEAR SSID Enabled SSID broadcast All wireless stat...
Top 10 Tips <ul><li>Use HTTPS (and enable “inside only” admin) </li></ul>(Neither device has https)
Top 10 Tips <ul><li>Enable Firewall (and any other security features)  </li></ul>
Top 10 Tips <ul><li>Turn it off when not in use. </li></ul><ul><ul><li>The safest computer is one that is off! </li></ul><...
Top 10 Tips <ul><li>Access Point placement  (and lower the power) </li></ul><ul><li>(Belkin.  Netgear does not provide ran...
Top 10 Tips
Top 10 Tips
Top 10 Tips <ul><li>Patches/Updates </li></ul><ul><ul><li>Not automatic </li></ul></ul><ul><ul><li>You need to check </li>...
<ul><li>Patches/Updates </li></ul>Top 10 Tips <ul><li>The routing software of the WGR614 v6 router is stored in FLASH memo...
Top 10 Tips <ul><li>NAT/Static IP Addresses/Disable DHCP </li></ul><ul><li>(don’t disable DHCP if you are connecting your ...
(bonus!)   Top 10 Tips <ul><li>MAC address filtering </li></ul>
Top 10 Tips <ul><li>Change the default SSID </li></ul><ul><li>Disable SSID Broadcast </li></ul><ul><li>Use Encryption (WPA...
Wireless at DHS <ul><li>DHS wireless networks have been assessed by Information Security and use most of the controls we’v...
Wireless outside of DHS <ul><li>Home wireless is OK if you are authorized for remote access and wireless; otherwise: </li>...
Wireless outside of DHS <ul><li>For your own personally owned laptop: </li></ul><ul><li>Turn on the Windows firewall </li>...
Discussion?
Upcoming SlideShare
Loading in...5
×

How to safely configure your home wireless network

986

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
986
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How to safely configure your home wireless network

  1. 1. Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] WiFi for Dummies Smart People who aren’t sure how set it up securely DHS IT Fair March 12, 2009
  2. 2. Agenda <ul><li>Why wireless? </li></ul><ul><li>Wireless basics </li></ul><ul><li>Top 10 tips </li></ul><ul><li>Wireless at DHS </li></ul>
  3. 3. Why Wireless?
  4. 4. Wireless Basics <ul><li>You need: </li></ul><ul><li>Computer/Laptop </li></ul><ul><ul><li>Built-in wireless (or WiFi) </li></ul></ul><ul><ul><li>a/b/g/n </li></ul></ul><ul><ul><li>Connects to Access Point </li></ul></ul><ul><li>Wireless Access Point or Router </li></ul><ul><ul><li>Receives/transmits signals between wireless computer and network </li></ul></ul>
  5. 5. Wireless Basics
  6. 6. What, Me Worry? <ul><li>If you can connect to your wireless network. </li></ul><ul><li>An outsider can: </li></ul><ul><ul><li>Connect to your home network </li></ul></ul><ul><ul><li>“listen” to what you do: taxes, banking, personal communication </li></ul></ul><ul><ul><li>And will look like they are part of your home network, so if they do something bad… </li></ul></ul>… what stops anyone else?
  7. 7. Wireless Basics <ul><li>WiFi </li></ul><ul><ul><li>Not an acronym </li></ul></ul><ul><ul><li>Trademark </li></ul></ul><ul><ul><li>Play on words (Hi Fi) </li></ul></ul>
  8. 8. Top 10 Tips <ul><li>Netgear WGR614v6 </li></ul><ul><li>Why? </li></ul><ul><ul><li>Cheap </li></ul></ul><ul><ul><li>Available locally </li></ul></ul><ul><li>Not an endorsement! </li></ul><ul><li>(also Belkin F5D7230-4) </li></ul>
  9. 9. Top 10 Tips <ul><li>Log in to the wireless Access Point/Router </li></ul>
  10. 10. Top 10 Tips <ul><li>Change the default SSID </li></ul>Name (SSID) : Enter a value of up to 32 alphanumeric characters. The same Name (SSID) must be assigned to all wireless devices in your network. The default SSID is NETGEAR, but NETGEAR strongly recommends that you change your network's Name (SSID) to a different value. This value is also case-sensitive. For example, NETGEAR is not the same as NETGEAr.
  11. 11. Top 10 Tips <ul><li>Change the default SSID </li></ul>
  12. 12. Top 10 Tips
  13. 13. Top 10 Tips <ul><li>Disable SSID Broadcast </li></ul><ul><li>(but it was unclear how!) </li></ul>Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect.
  14. 14. Top 10 Tips <ul><li>Disable SSID Broadcast </li></ul>
  15. 15. Top 10 Tips <ul><li>Use Encryption (WPA/WPA2) </li></ul>
  16. 16. Top 10 Tips <ul><li>Key Sharing: </li></ul>
  17. 17. Top 10 Tips <ul><li>But WEP and WPA-TKIP have been cracked… </li></ul><ul><li>This Netgear only has WPA-TKIP (need newer model) </li></ul><ul><li>The Belkin has WPA2 </li></ul><ul><li>still OK for suburbs but not for city, apts, or rural (maybe). </li></ul>
  18. 18. Top 10 Tips
  19. 19. Top 10 Tips <ul><li>Change the default administrator password </li></ul>Figure 3-2: Log in to the router When prompted, enter admin for the router user name and password for the router password, both in lower case letters
  20. 20. Top 10 Tips <ul><li>Change the default administrator password </li></ul>
  21. 21. Top 10 Tips <ul><li>Change the default SSID </li></ul><ul><li>Disable SSID Broadcast </li></ul><ul><li>Use Encryption (WPA/WPA2) </li></ul><ul><li>Change the default administrator password </li></ul>
  22. 22. Defaults are Dangerous! Disabled WEP Open System Authentication Type NETGEAR SSID Enabled SSID broadcast All wireless stations allowed Wireless Access List (MAC Filtering) Enabled Wireless Access Point DEFAULT FACTORY SETTINGS FEATURE
  23. 23. Top 10 Tips <ul><li>Use HTTPS (and enable “inside only” admin) </li></ul>(Neither device has https)
  24. 24. Top 10 Tips <ul><li>Enable Firewall (and any other security features) </li></ul>
  25. 25. Top 10 Tips <ul><li>Turn it off when not in use. </li></ul><ul><ul><li>The safest computer is one that is off! </li></ul></ul>
  26. 26. Top 10 Tips <ul><li>Access Point placement (and lower the power) </li></ul><ul><li>(Belkin. Netgear does not provide range.) </li></ul><ul><li>Typical indoor operating range for your wireless devices is between 100 and 200 feet. </li></ul><ul><li>Depends on interference - typically 50–300 ft. indoors </li></ul>
  27. 27. Top 10 Tips
  28. 28. Top 10 Tips
  29. 29. Top 10 Tips <ul><li>Patches/Updates </li></ul><ul><ul><li>Not automatic </li></ul></ul><ul><ul><li>You need to check </li></ul></ul><ul><ul><li>Not frequent </li></ul></ul>
  30. 30. <ul><li>Patches/Updates </li></ul>Top 10 Tips <ul><li>The routing software of the WGR614 v6 router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR Web site. </li></ul><ul><li>To upload new firmware: </li></ul><ul><li>Download and unzip the new software file from NETGEAR. </li></ul><ul><li>In the Router Upgrade menu, click the Browse button and browse to the location of the upgrade file </li></ul><ul><li>Click Upload. </li></ul>
  31. 31. Top 10 Tips <ul><li>NAT/Static IP Addresses/Disable DHCP </li></ul><ul><li>(don’t disable DHCP if you are connecting your DHS laptop to your home wireless) </li></ul>
  32. 32. (bonus!) Top 10 Tips <ul><li>MAC address filtering </li></ul>
  33. 33. Top 10 Tips <ul><li>Change the default SSID </li></ul><ul><li>Disable SSID Broadcast </li></ul><ul><li>Use Encryption (WPA2) </li></ul><ul><li>Change the default administrator password </li></ul><ul><li>Use HTTPS </li></ul><ul><li>Enable Firewall/Security Features </li></ul><ul><li>Turn it off when not in use. </li></ul><ul><li>Access Point placement </li></ul><ul><li>Patches/Updates </li></ul><ul><li>Static IP Addresses/Disable DHCP </li></ul><ul><li>MAC address filtering (bonus!) </li></ul>
  34. 34. Wireless at DHS <ul><li>DHS wireless networks have been assessed by Information Security and use most of the controls we’ve listed here (and some others) </li></ul><ul><li>If you need wireless access, request form is at: InfoLink>Forms>Technology>Remote Access/Wireless Request Form </li></ul><ul><li>(requires supervisor and director approval) </li></ul>
  35. 35. Wireless outside of DHS <ul><li>Home wireless is OK if you are authorized for remote access and wireless; otherwise: </li></ul><ul><ul><li>Business need </li></ul></ul><ul><ul><li>Use identified, named networks </li></ul></ul><ul><ul><li>And always: </li></ul></ul><ul><ul><li>Use a VPN to access DHS </li></ul></ul><ul><ul><li>(when you connect to an “unknown” network, start your VPN before doing anything else) </li></ul></ul>
  36. 36. Wireless outside of DHS <ul><li>For your own personally owned laptop: </li></ul><ul><li>Turn on the Windows firewall </li></ul><ul><li>Encrypt sensitive files </li></ul><ul><li>Don’t type in credit card numbers, passwords, or similar info </li></ul><ul><li>Turn off wireless if you’re not using it. </li></ul>
  37. 37. Discussion?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×