Your SlideShare is downloading. ×
How to safely configure your home wireless network
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to safely configure your home wireless network

971

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
971
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Barry Caplin Chief Information Security Officer Minnesota Department of Human Services [email_address] WiFi for Dummies Smart People who aren’t sure how set it up securely DHS IT Fair March 12, 2009
  • 2. Agenda
    • Why wireless?
    • Wireless basics
    • Top 10 tips
    • Wireless at DHS
  • 3. Why Wireless?
  • 4. Wireless Basics
    • You need:
    • Computer/Laptop
      • Built-in wireless (or WiFi)
      • a/b/g/n
      • Connects to Access Point
    • Wireless Access Point or Router
      • Receives/transmits signals between wireless computer and network
  • 5. Wireless Basics
  • 6. What, Me Worry?
    • If you can connect to your wireless network.
    • An outsider can:
      • Connect to your home network
      • “listen” to what you do: taxes, banking, personal communication
      • And will look like they are part of your home network, so if they do something bad…
    … what stops anyone else?
  • 7. Wireless Basics
    • WiFi
      • Not an acronym
      • Trademark
      • Play on words (Hi Fi)
  • 8. Top 10 Tips
    • Netgear WGR614v6
    • Why?
      • Cheap
      • Available locally
    • Not an endorsement!
    • (also Belkin F5D7230-4)
  • 9. Top 10 Tips
    • Log in to the wireless Access Point/Router
  • 10. Top 10 Tips
    • Change the default SSID
    Name (SSID) : Enter a value of up to 32 alphanumeric characters. The same Name (SSID) must be assigned to all wireless devices in your network. The default SSID is NETGEAR, but NETGEAR strongly recommends that you change your network's Name (SSID) to a different value. This value is also case-sensitive. For example, NETGEAR is not the same as NETGEAr.
  • 11. Top 10 Tips
    • Change the default SSID
  • 12. Top 10 Tips
  • 13. Top 10 Tips
    • Disable SSID Broadcast
    • (but it was unclear how!)
    Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect.
  • 14. Top 10 Tips
    • Disable SSID Broadcast
  • 15. Top 10 Tips
    • Use Encryption (WPA/WPA2)
  • 16. Top 10 Tips
    • Key Sharing:
  • 17. Top 10 Tips
    • But WEP and WPA-TKIP have been cracked…
    • This Netgear only has WPA-TKIP (need newer model)
    • The Belkin has WPA2
    • still OK for suburbs but not for city, apts, or rural (maybe).
  • 18. Top 10 Tips
  • 19. Top 10 Tips
    • Change the default administrator password
    Figure 3-2: Log in to the router When prompted, enter admin for the router user name and password for the router password, both in lower case letters
  • 20. Top 10 Tips
    • Change the default administrator password
  • 21. Top 10 Tips
    • Change the default SSID
    • Disable SSID Broadcast
    • Use Encryption (WPA/WPA2)
    • Change the default administrator password
  • 22. Defaults are Dangerous! Disabled WEP Open System Authentication Type NETGEAR SSID Enabled SSID broadcast All wireless stations allowed Wireless Access List (MAC Filtering) Enabled Wireless Access Point DEFAULT FACTORY SETTINGS FEATURE
  • 23. Top 10 Tips
    • Use HTTPS (and enable “inside only” admin)
    (Neither device has https)
  • 24. Top 10 Tips
    • Enable Firewall (and any other security features)
  • 25. Top 10 Tips
    • Turn it off when not in use.
      • The safest computer is one that is off!
  • 26. Top 10 Tips
    • Access Point placement (and lower the power)
    • (Belkin. Netgear does not provide range.)
    • Typical indoor operating range for your wireless devices is between 100 and 200 feet.
    • Depends on interference - typically 50–300 ft. indoors
  • 27. Top 10 Tips
  • 28. Top 10 Tips
  • 29. Top 10 Tips
    • Patches/Updates
      • Not automatic
      • You need to check
      • Not frequent
  • 30.
    • Patches/Updates
    Top 10 Tips
    • The routing software of the WGR614 v6 router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR Web site.
    • To upload new firmware:
    • Download and unzip the new software file from NETGEAR.
    • In the Router Upgrade menu, click the Browse button and browse to the location of the upgrade file
    • Click Upload.
  • 31. Top 10 Tips
    • NAT/Static IP Addresses/Disable DHCP
    • (don’t disable DHCP if you are connecting your DHS laptop to your home wireless)
  • 32. (bonus!) Top 10 Tips
    • MAC address filtering
  • 33. Top 10 Tips
    • Change the default SSID
    • Disable SSID Broadcast
    • Use Encryption (WPA2)
    • Change the default administrator password
    • Use HTTPS
    • Enable Firewall/Security Features
    • Turn it off when not in use.
    • Access Point placement
    • Patches/Updates
    • Static IP Addresses/Disable DHCP
    • MAC address filtering (bonus!)
  • 34. Wireless at DHS
    • DHS wireless networks have been assessed by Information Security and use most of the controls we’ve listed here (and some others)
    • If you need wireless access, request form is at: InfoLink>Forms>Technology>Remote Access/Wireless Request Form
    • (requires supervisor and director approval)
  • 35. Wireless outside of DHS
    • Home wireless is OK if you are authorized for remote access and wireless; otherwise:
      • Business need
      • Use identified, named networks
      • And always:
      • Use a VPN to access DHS
      • (when you connect to an “unknown” network, start your VPN before doing anything else)
  • 36. Wireless outside of DHS
    • For your own personally owned laptop:
    • Turn on the Windows firewall
    • Encrypt sensitive files
    • Don’t type in credit card numbers, passwords, or similar info
    • Turn off wireless if you’re not using it.
  • 37. Discussion?

×