Oregon
Professional Microsystems, Portland, Oregon
There
is no perfect way to secure a network. Having said that, let's look
at some ways to make your network as secure as possible:
Securing
Any Network - Wired or Wireless
Use
password access to the network. Don't use English words (so that
someone could scan using an electronic dictionary). Use a combination
of letters and numbers. Write it down to a secured location so that
you can have a record of it. Don't
use dictionary words.
Use
a defined backup procedure that defines when and how backups are
made. Keep the backups in a secure location. In one simple form
for a home system, just back up to an external hard disk using firewire
or fast USB. Alternately, you could use a backup network drive that
sites on the network.
Use
antivirus software and update it regularly.
Use
firewalls. Most routers and wireless access points have a built-in
firewall. This protects you from hackers outside the network but
does nothing to protect you from viruses on other computers on the
network. Use a software firewall on each network computer to protect
from viruses within the network.
Use
caution in opening any attachments from unknown parties. Even commercial
antivirus software won't protect you on this if the attachment has
a virus that is new to the Internet.
Cautions
is Securing Wireless Networks
(in
addition to the above)
The
Federal Government and many major corporations do not support the
use of wireless networks for their work. The major problem is that
the Internet address used by a wireless network (IP) is shared by
everyone on the network. If someone cracks your security and gets
into your local network from a car in the parking lot, you could be
legally accountable for their use of this stolen IP. They can also
take data from any computer on the local network or plant a trojan
on a local computer without a software firewall.
The
slip, however, is often human and can be deliberate. George works in
a cubicle of a major corporation. He buys a cheap wireless access point
and hooks it to the corporate network in his cubicle. No encryption.
He then takes his laptop and works in the lunchroom with his wireless
network. Unknown to him, someone in the parking lot also found it easy
to use the same corporate network. Or maybe George is more than friends
with the guy in the parking lot.
For
a home network, however, the current encryptions (even WEP), when
used, are quite sufficient. For a small business, WPA provides extremely
good protection. No one has knowlingly cracked WPA yet.
Remember
that if someone hacks your system through a wireless network connection,
they have bypassed your hardware firewall in the router. They
can plan a trojan in your computer that gives them a backdoor through
your firewall later or use your IP for spamming, ID theft, and other
illegal activity. Use a software firewall on each network system
in addition to your hardware firewall to prevent this. This keeps
the wireless interloper from planting a trojan and stops him from
stealing the use of your IP.
Be
sure your network runs with the encryption turned on. If using the
older WEP encryption, you have less protection as commercial products
can get through to your network although it takes the hacker some
time. The newer WPA encryption is much, much harder to break. The
level of protection varies somewhat with how frequently you use
the network. For heavily used corporate networks, it takes less
than six hours to crack a 64-bit encryption with the proper tools.
For a lightly used home network, expect a hacker to need a month.
For WEP, use 128-bit keys and change them weekly. For the newer
WPA encryption, the security is much, much, higher. This helps to
prevent someone from stealing the use of your IP. With WPA, the
security also depends on the length of the key. Use a 63-character
key and you are the safest. The key length should be at least 40
bits. In addition, the WPA system automatically changes the key
periodically. Normally this defaults to changing every hour.
Monitor
who is on your network. Forget about the fact the wireless spec
says your network is only good for a short distance. An antenna
build from a simple Pringle can hack your system from a much, much
further distance.
Change
the SSID for the network to something else besides the default "linksys"
or whatever.
Turn
off the SSID beacon so you are not broadcasting your SSID. This
won't help much, but it is a valid step. Some commercial products
can find you with the beacon turned off.
Most
drive-by hackers work at night. Shutting down your system at night
can help some. Shutting down only the modem prevents someone from
stealing your IP during the night for their spamming.
Keep
private data on removable disks, such a zip drives. Only load the
data when needed. Don't keep credit card numbers and other private
information on your hard disk. The better systems remembering your
credit card numbers - such as banks - may remember your credit card
number but don't leave it in a cookie on your computer. It remains
on their system in a secure area. Amazon, eBay, and other companies
should only put non-secure items (such as your shopping cart contents)
in your cookies.
Turn
off your modem at night so a wireless interloper can't get into
the Internet and use your IP. You can go one step beyond this, if
you wish, and shut the computer and WAP down. Want to save time?
You can find a software solution at http://pathlock.com
that shuts off the Internet connection at night.