Keeping your wireless Internet connection safe and secure

Discussion in 'other firewalls' started by Escalader, Mar 2, 2008.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Attached is an article from my ISP that I thought might be useful to members interested in wireless security.

    The only points I would add to it are:

    1. Get a Software Firewall than allows you to "untrust" the Local Area Connection. This is the same setting users should use in airports with Laptops and there is no good reason IMHO to ever have any other setting for any LAN anywhere.
    2. On the PSW's for the router find out the maximum size and syntax for the users name and the PSW and use a PSW generator to create them both randomly. Record these on a
      separate media (usb/dvd/cd?) from your PC since you will never be able to remember them nor do you need to very often.

    NOTE: Please don't ask me about Mr Steer's quote as it is his not mine. I'm not a wireless expert myself having long since dropped it in favour of hard wired. This post is FYI only and you should do your own work with your own ISP and router providers to secure your LAN. Thank you.

    Source: http://www.hispeed.rogers.com/yahoo/spotlight/tech_mate.jsp?id=2008/02/20080229

     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    If your router allows you to change the address range, change it from the usual 192.168.0.0/24 or 192.168.1.0/24 to some oddball address range like 192.168.76.0/24. Then you can set up your trusted local network address range and have very little chance of ever encountering a public hot spot with the same address range.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Just set allowed MAC addresses (this will reject all others), disable all remote access to router (wireless or HTTP remote) and use WPA2 AES encription for wireless. This should be far enough for anyone.
     
  4. mike113377

    mike113377 Registered Member

    Joined:
    Jun 3, 2007
    Posts:
    19
    Hi,

    Sorry if this is a bit out topic, but is Windows Firewall safe enough to connect using your laptop on Public hotspots (such as airports, university wifi, etc) ?
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    You have to remember to turn off file sharing at both the firewall exception level and as a service on the network adapter. If you forget the Windows XP firewall treats any network as trusted. The Vista firewall is better as it asks you if the new network is to be treated as public of private. Of course, you might not be able to stand Vista.
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Mike:

    I'm not sure your post is OT since we are in a FW forum.:doubt:

    But to answer your question I will imagine myself in a "hot spot" with a real need to turn on the laptop and do something important. (BTW this is IMO true only 1% of the time)

    The short answers are:
    1. NO for windows xp.
    2. and maybe if you have vista.
    3. and it depends on your security needs and profile

    I say maybe for Vista because you have to turn on the 2 way feature and be able to tune that FW as Diver has told us. There would be way more settings I would work in the vista but enough for now.

    I suggest you do some study/research on the forum starting with:

    https://www.wilderssecurity.com/showthread.php?t=142036

    Then come back with a new thread under FW's and ask more detailed questions.

    But of course all that work is up to you.

    Good luck and have your data backed up.:thumb:
     
  7. mike113377

    mike113377 Registered Member

    Joined:
    Jun 3, 2007
    Posts:
    19
    Thank you for your answers !
    I'm using both Vista/XP on my laptop (dual boot setup).

    I use wifi hostpost at university everyday, I know about the vulnerabilities and treats regarding XP's filesharing system, however I'm still wondering if I need anything 'better' than XP/Vista built in firewall. I don't need outbound filtering, and I disabled file sharing on network adapter already. Am I still at risk connecting to the hotspots networks ? I'm not sure that windows fw would protect me from all types of inbound attacks, and for that, I need your knowledge :)

    At home I'm using a router with NAT, I guess it's enough already ?
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Escalader,

    Why do you give a flat no to the XP firewall? Are you concerned about outbound?
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Diver:

    Yes, I am concerned for the OP's idea that win xp might be good enough. Plus my classic concern about outbounds in the airport lounges is even greater!

    In my technical manual on tweaking win xp there are pages of information that nobody I know ever talks currently about. But users can create exceptions for programs or services.

    The Netsh FW command allows users to configure xp's FW. But I've never bothered since I use 3rd party 2 way FW's and as you said win fw is incoming protection only.
     
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,284
    Location:
    England
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Stapp:

    You are more correct here than I was! :cool:

    There may be some who do.

    Some day I may have to set up a vista 2 way fw to be optimal within it's design parameters but until that day actually comes I'll set the idea aside.
     
  12. wat0114

    wat0114 Guest

  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep, my choice also, plus changing default settings as mentioned in earlier post is also a nice extra threshold.
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thank you, Escalader. This thread is very useful for me, and probably for many others as well.
     
  15. wat0114

    wat0114 Guest

  16. DavidON

    DavidON Registered Member

    Joined:
    Mar 7, 2008
    Posts:
    19
    Location:
    North Island
    what i noticed with Wireless Router is very confuised.
    I have 30/30 Mbit/s but when i use cable from my Wireless Router to my both 2 PC´s then my speed is 30/30 but when i don´t use cable but only Wireless router then i have something like: 13/20 Mbit/s, what can be the problem do you guys think?
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    very usefull information and from what I understand there are a lot folks out there that do not no most routers are not secure out of the box by default and are broadcasting to the general public.I recently set up a wireless router a couple of weeks ago and reading threads like this that gave me the knowledge of what to check and secure.
     
  18. msibuc

    msibuc Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    3
    I wonder what any of you have to say about sharing my wireless key with a neighbor that I don't know very well. What are the risks?

    Thanks.
     
  19. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA



    1. This question goes to Escalader : (a little bit off-topic, so my apologies to all)

      Does Online Armor FREE, version 2.1.0.131 have this characteristic ?
      I mean, if I am at a public hotspot at the airport and I want to connect my laptop via wireless to that hotspot, Will OA prompt me to select where do I want to place that new connection (Untrusted Zone or Trusted Zone ) .

      In ZAP 8.0 I think these settings are called Internet Zone (Not Trusted) and Trusted Zone.

      Regards,

      Carlos
     
  20. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Yes and No.
    Giving your neighbor your wireless keys (I am assuming WPA2 keys) is like providing a wire from your router to his house.

    So Risk is that, the Neighbor can probably compromise your wireless network. But if you have well configured router (changed SSID,defualt password,default IP, Create WAN partition) the risk is very less.
     
    Last edited: Aug 28, 2008
  21. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    In Windows, when you connect to a wireless hotspot for the first, time it will ask you if type is Home/Private or Public.
    For existing connections, you can edit the same from network connections. If you choose public, the network usage will be limited and be untrusted.
    Screen shot below:

    nw.jpg
     
  22. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Thank you, vijayind for your response but I was referring to Online Armor firewall 2.1.0.131 ( the FREE version) not the Windows Vista firewall (or the Win XP one for that matter) .

    I've never used that firewall (OA free)and I was wondering if it provides protection for wireless connections when you connect to an unsecure wireless network (non WEP, or WPA).

    I know SOME firewalls (like ZoneAlarm PRO) promt you to where you want to place a new detected wireless network upon detection, while your laptop wireless card is in the process of acquire an IP Address form that network.

    Regards,

    Carlos
     
  23. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Sorry Carlos, I should have been more specific.

    I am referring to Window OS ( not firewall).
    In Vista the flow is (for existing connections) :
    Start > Control Panel > Networking and Sharing Center > Customize Network

    While some firewall allow you to do this also. You can do this in Windows OS and use OA as needed. No firewall that I know of can security in a unsecured wireless network. Since basically you are sending your packets to everyone in clear visibility, what can the firewall do ?
     
  24. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Yes, I get your point and I could not agree with you more.

    No firewall protects you from sending your data packets in an open wireless network. That is why you need a VPN to take care of that job, although a software firewall may stop instrusions of people who might want to break in to your computer on an open wireless network.


    P.S. : I'm still waiting the Escalader's response regarding OA 2.1.0.131 free detecting a protected wireless network and an unprotected one.


    Carlos
     
  25. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I don't think that my setup technically confirms to WPA2.

    To what extent is WPA2 different from WPA-PSK (AES encryption) ?

    I believe PSK means that the key is changed every ... amount of time.
     
Loading...
Thread Status:
Not open for further replies.