WiFi security issues? Newbie ? for W7

[RayLopez99]

I'm switching to Windows 7 on my new laptop and I wonder if there are
WiFi issues I should be aware of. I normally have this machine wired
to a hub on a wired modem/router and so I don't use WiFi, but I'm
thinking if I do, there should be some gotchas. Yes this is an anti-
virus question, don't be stupid you a.c.a-v freaks. For the rest of
you, even you Linux freaks, this should be right up your alley.

I have newbie questions such as:

1) Password. You are supposed to change the Default Password from
"linksys" to something else that's hard to crack. Is this done in the
WiFi hardware installation or by Win7?

2) Public vs private network. W7 has a distinction, but all I can
tell is that when sharing a WiFi say at Starbucks, you switch to
"public" from "private" by clicking on the "public" icon in W7 as
shown by numerous HOWTO sites on the web--is that it? Is there
anything more?

3) What if, assuming I get wireless for the home (like I say right now
I got everything at home wired, but I might switch to wireless now
that I got this new laptop), you find that a neighbor is sharing your
wireless connection? I hear this is possible, but does that person
need a password? I think they do. If I give them a password, will
they be able to read my files on my hard drive, or just be able to
share my internet connection? I don't mind the latter, unless they
are a download hog, but I mind the former.

Any advice "appreciated", even from you critics that think they know
it all. You know who you are. Yeah you. Ash whole.

RL

 

[Mike Easter]

RayLopez99 wrote:
Newsgroups: alt.comp.anti-virus, microsoft.public.windows.vista.general,
alt.comp.hardware.pc-homebuilt, comp.os.linux.setup

Not antivirus, not vista, not homebuilt, not linux setup - and RL
doesn't read some of the groups that he crossposts to

f/ups to cols only - which is where I read the message

1) Password. You are supposed to change the Default Password from
"linksys"

http://bit.ly/hIi5eZ+ This article will guide you on how to change the
password of your Linksys router.

2) Public vs private network. W7 has a distinction,

http://grok.lsu.edu/Article.aspx?articleid=13097 Windows 7: Changing
Between Public and Private Networks

3) What if,

<regarding wi-fi security>

You should configure your wireless with WPA secured password. You can
get in 'trouble' if someone uses your connectivity for bad purposes.

 

[TVeblen]

I'm switching to Windows 7 on my new laptop and I wonder if there are
WiFi issues I should be aware of. I normally have this machine wired
to a hub on a wired modem/router and so I don't use WiFi, but I'm
thinking if I do, there should be some gotchas. Yes this is an anti-
virus question, don't be stupid you a.c.a-v freaks. For the rest of
you, even you Linux freaks, this should be right up your alley.

I have newbie questions such as:

1) Password. You are supposed to change the Default Password from
"linksys" to something else that's hard to crack. Is this done in the
WiFi hardware installation or by Win7?

2) Public vs private network. W7 has a distinction, but all I can
tell is that when sharing a WiFi say at Starbucks, you switch to
"public" from "private" by clicking on the "public" icon in W7 as
shown by numerous HOWTO sites on the web--is that it? Is there
anything more?

3) What if, assuming I get wireless for the home (like I say right now
I got everything at home wired, but I might switch to wireless now
that I got this new laptop), you find that a neighbor is sharing your
wireless connection? I hear this is possible, but does that person
need a password? I think they do. If I give them a password, will
they be able to read my files on my hard drive, or just be able to
share my internet connection? I don't mind the latter, unless they
are a download hog, but I mind the former.

Any advice "appreciated", even from you critics that think they know
it all. You know who you are. Yeah you. Ash whole.

RL

You will set up your wireless router by connecting it to your PC with an
ethernet cable (temporarily). You enter the router setup by following
the instructions in your manual. For linksys you open a web browser and
type the address http://192.168.1.1 and Go.

The router setup is where you name your network and setup your wireless
security.

Password:
"Linksys" or "Netgear" are not the passwords you should concern yourself
with. They are the default names of your wireless network. You should
change the name of your network to something less identifiable.
Something like 7X5gT0, not something like "Apt 322" or "Joe's House".
Your new router will allow you to enter the setup by using the User Name
"admin" and a blank password. After entering the setup and making sure
your wireless network is working you should change these. Normal User
Name and Password rules work here like any website.
The point is you do not want your neighbor to see "Joe's House" as a
possible connection and then just log in to your router setup using
linksys and no password. Unbelievably, this is the way a lot of wireless
routers are set up.

Wireless Security:
The wireless security type you use must be capable in your wireless
devices. Only very old devices can't handle advanced security encryption.
The security types you can choose from are WEP, WPA, and WPA-2. WEP is
antiquated and useless. WPA is good and WPA-2 is better.
Here is where you will be asked to come up with an Encyption Key. This
is the "password" that is important. Linksys automatically generates a
20+ character key. The longer the key, the better the security.
This key is what you will need to get your PC and any other wireless
device to use the wireless connection.

In Windows
You will see a wireless connection named 7X5gT0 in your Network. You
click on it and there will be a "Connect" button. Click that and it will
connect to the router and up will pop the "Password" screen. Here you
type in that 20+ character Encryption Key to be able to use the wireless
network. Somewhere in here Windows will ask if this is a Home or Public
Network. A home network is treated as a private (secure) network by
Windows. A Public network is treated as an open, unsecured network
connection.
When you installed and set up Windows the OS asked if your PC was part
of a Home or Public Network. You may need to change that in Network &
Sharing Center.

Hope that helps.

 

[Dustin]

I'm switching to Windows 7 on my new laptop and I wonder if there are
WiFi issues I should be aware of. I normally have this machine wired
to a hub on a wired modem/router and so I don't use WiFi, but I'm
thinking if I do, there should be some gotchas. Yes this is an anti-
virus question, don't be stupid you a.c.a-v freaks. For the rest of
you, even you Linux freaks, this should be right up your alley.

I have newbie questions such as:

That's probably because you are a newbie. <G>
Dude, just type "how do I setup a secure wifi network?" in google.
You'll get *all* of those questions answered in a very helpful fashion.
Newbie style; so you will have no trouble understanding it. If you have
questions after doing this, then present them to the appropriate place.
Say, a networking newsgroup?

I'm not sure why you mentioned linux or windows in the post tho;
Neither of those are relevent for what your doing with the router. It
matters on the PC side sure, but not the router usually.

Any advice "appreciated", even from you critics that think they know
it all. You know who you are. Yeah you. Ash whole.

I consider myself neither critic nor friend. Neutral for the most part.
I'd point out an error if I found one in any persons post; and I would
expect/hope they'd do the same for me. Information is only worth
something if it's accurate ya know.


--
Hackers are generally only very weakly motivated by conventional
rewards such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest
of work or other activities in terms of the challenges offered and the
toys they get to play with.

 

[RayLopez99]

On 12/19/2010 5:38 AM, RayLopez99 wrote:
You will set up your wireless router by connecting it to your PC with an
ethernet cable (temporarily). You enter the router setup by following
the instructions in your manual. For linksys you open a web browser and
type the addresshttp://192.168.1.1and Go.

The router setup is where you name your network and setup your wireless
security.

Password:
"Linksys" or "Netgear" are not the passwords you should concern yourself
with. They are the default names of your wireless network. You should
change the name of your network to something less identifiable.
Something like 7X5gT0, not something like "Apt 322" or "Joe's House".
Your new router will allow you to enter the setup by using the User Name
"admin" and a blank password. After entering the setup and making sure
your wireless network is working you should change these. Normal User
Name and Password rules work here like any website.
The point is you do not want your neighbor to see "Joe's House" as a
possible connection and then just log in to your router setup using
linksys and no password. Unbelievably, this is the way a lot of wireless
routers are set up.

OK, so apparently a human recognizable network name is a sign of
unsophistication and invites hackers. Got it.

Wireless Security:
The wireless security type you use must be capable in your wireless
devices. Only very old devices can't handle advanced security encryption.
The security types you can choose from are WEP, WPA, and WPA-2. WEP is
antiquated and useless. WPA is good and WPA-2 is better.
Here is where you will be asked to come up with an Encyption Key. This
is the "password" that is important. Linksys automatically generates a
20+ character key. The longer the key, the better the security.
This key is what you will need to get your PC and any other wireless
device to use the wireless connection.

Question: the longer the key the better the security, but I think
(from my experience) the longer the key the slower the connection too,
right? Maybe not radically slower, but it should be slower with a
bigger key. Please confirm.

In Windows
You will see a wireless connection named 7X5gT0 in your Network. You
click on it and there will be a "Connect" button. Click that and it will
connect to the router and up will pop the "Password" screen. Here you
type in that 20+ character Encryption Key to be able to use the wireless
network. Somewhere in here Windows will ask if this is a Home or Public
Network. A home network is treated as a private (secure) network by
Windows. A Public network is treated as an open, unsecured network
connection.

Question: why would anybody use a public network then, such as
Starbucks? Why do people do this? They don't care if people read
their email, is that it? Or does Starbucks always have HTTPS?

When you installed and set up Windows the OS asked if your PC was part
of a Home or Public Network. You may need to change that in Network &
Sharing Center.

Hope that helps.

Yes it does, thanks.

RL

 

[RayLopez99]

In the public domain, you only want to go to sites that are using HTTPS
or your machine has a VPN connection to the site both use encryption, if
credentials are needed to login to the site.

How would you know if it's HTTPS? Does a little padlock icon show up,
like in Firefox? Also do most airports and Starbucks, in your
experience, have VPN and/or HTTPS?

If using WPA on the router, then the wireless client must know the
password for the WPA in order to access the wireless.

OK, thanks.

I use my Droid as the 3G Mobile Hotspot for my wireless laptop, which I
am using now, and it's WPA2 enabled.

Do you think the bigger (longer) the encryption key, the slower the
connection? Classic communications theory predicts that, but I'm
curious if anybody has seen it in practice. Maybe it's only 10% so
people don't really notice.

RL

 

[RayLopez99]

That's probably because you are a newbie. <G>
Dude, just type "how do I setup a secure wifi network?" in google.
You'll get *all* of those questions answered in a very helpful fashion.
Newbie style; so you will have no trouble understanding it. If you have
questions after doing this, then present them to the appropriate place.
Say, a networking newsgroup?

Thanks. After reading this article:
http://www.labnol.org/internet/secure-your-wireless-wifi-network/10549/
I've concluded a wireless network is inherently insecure. Might not
end up using it at home.

Practical question: when at airports, Starbucks, etc, and you want to
send an email, do you do so with impunity or with the chance somebody
can steal your password when you log on? I might end up just using
the laptop at such "public" places so I need more info on what to do
there.

Also what is the usenet group for networking? I use Google Groups and
could not find any.

RL

 

[Peter Foldes]

http://www.ezlan.net/index.html

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

 

[RayLopez99]

Do you mean to tell me that you have never been to a Website that is
using HTTPS:\\ in the URL? If you have been to a bank site or any other
site that is using HTTPS as a secure connection, like a site you
purchase things with a credit card, you are going to clearly see the
HTTPS:\\ as part of the URL in the browser's address line.

OK, as I thought: the little padlock.

As for the VPN, the link below should explain it. You also have ISP(s)
that have VPN as part of their customer package, which you can do a VPN
over wireless in a public hotspot to get protected email and other
things provided by a VPN enabled ISP.

http://www.plathome.com/products/packetix/manual/html/10-12.htm

I see. I have signed up for Steganos VPN (1 year license $99, kind of
expensive, now expired for me) and I will do so again (unless you can
direct me to a free version) for when using this laptop in a public
hotspot. Thanks for the tip.

I have not paid any attention to it, because wireless is slower than a
wire connection, a given to be expected when using wireless. I have not
seen any download speed degradation in using the Droid as a hotspot and
doing downloads to the laptop

I also use the Droid smartphone about 99.9%, which can do everything the
laptop can do in a personal usage situation while I am traveling,  from
doing MS Office documents to going into HTTPS sessions over wireless
with the HTTPS showing in the smartphone browser's address line, doing
Usenet,  email with my ISP and Gmail too -- all of it. All that I was
doing on the laptop, I do with the smartphone.

Interesting. Do you think Droid or Windows 7 is more compatible for
international travel? Kind of like a US carrier (good only for the
US) vs AT&T (which has the best international coverage)? I travel a
lot internationally, and though I swap the SIM card on my mobile phone
eventually, I always carry the AT&T cell phone since in almost every
country it will work at the airport (but expensive). Same for Droid
vs W7 smartphones?

RL

 

[TVeblen]

OK, so apparently a human recognizable network name is a sign of
unsophistication and invites hackers. Got it.



Question: the longer the key the better the security, but I think
(from my experience) the longer the key the slower the connection too,
right? Maybe not radically slower, but it should be slower with a
bigger key. Please confirm.



Question: why would anybody use a public network then, such as
Starbucks? Why do people do this? They don't care if people read
their email, is that it? Or does Starbucks always have HTTPS?



Yes it does, thanks.

RL

Hey Ray
My understanding is that the actual encryption of the data is performed
by an algorithm built into the security protocol and is randomly
generated. The "Encryption Code" I mentioned is technically the
"Pre-Shared Key (PSK)". And the PSK is simply a "password". So the
length of the key is for security in a password sense and has no direct
effect on the actual encrytion algorithm.
Sorry for the confusion.

Wireless networks are inherently insecure. You are broadcasting your
data like a radio station. That is the trade off we make for the ease
and convenience of wireless.
Fortunately, it takes effort to actually hack into someones wireless
network, so the current security measures we have are effective in a
real world sense. Only a tiny percentage of the population has the
know-how, and you have to have something they want for them to go
through the trouble. The biggest issue, by far, is people "free riding"
on your internet connection. Not master criminals trying to steal your
stuff.
A little common sense goes a long way when using wireless, or computers
in general. If you work for the US State Department maybe you want to be
more careful. But if you are Joe-Shmoe no one cares - really!

Wireless security we have today is like having locks on your doors. Do
these provide security? Yes they Do. Do they provide complete
protection? Of course not! But you probably don't need to live in a
concrete bunker given the probability of the risks.

 

[(PeteCresswell)]

Per TVeblen:

Only a tiny percentage of the population has the
know-how, and you have to have something they want for them to go
through the trouble. The biggest issue, by far, is people "free riding"
on your internet connection. Not master criminals trying to steal your
stuff.
A little common sense goes a long way when using wireless, or computers
in general. If you work for the US State Department maybe you want to be
more careful. But if you are Joe-Shmoe no one cares - really!

Given that, could somebody list a dumbed-down version of the
real-world hazards associated with just leaving a home WAP
"Public" - i.e. with no password needed.

Seems like that would be the case with a lot of small restaurants
and other businesses where they don't subscribe to one of the
commercial "Free WiFi" services.

 

[RayLopez99]

I couldn't tell you if an ISP is free with a VPN. I suspect the VPN
service will not be free.

Thanks. I found the right VPN services to use, it is this one, not
Steganos, see here:


http://bestvpnreviews.com/top-3-vpn-services/vpn4all-basic-review

VPN4All Basic Review is best overall, works even in China!

HideMyAss Pro VPN Review http://bestvpnreviews.com/category/vpn-reviews
is second best

RL

 

[mm]

3) What if, assuming I get wireless for the home (like I say right now
I got everything at home wired, but I might switch to wireless now
that I got this new laptop), you find that a neighbor is sharing your
wireless connection? I hear this is possible, but does that person
need a password?

I got a laptop from Ebay about 3 years ago. I should have started
shopping earlier, and had to buy what was available, and it arrived
only 3 days before i was to leave on a long trip to Asia.

It came with 3 methods of internet, a port that accepted a phone cord,
a PC port (PCMCIA) that accepted the included Network Jack card and
the included wireless card. One of them required installing software,
so I was doing that. I didn't have DSL yet, so I was going to have to
use a flashdrive to transport files from my desk computer to the
laptop.

Half way through doing that, I noticed that my laptop was dl'ing my
email and my newsgroups! It turned out I was using one of my
neighbors' broadband/wireless. It's a good thing, too, because it
saved me a lot of time I needed for packing, etc.

When I got back two months later, there was a password on her account.

AIUI, I didn't cost her anything. I didn't even slow her down.

I've run my network without encryption or a password for some of the
time since, and so far, I'm the only MM2005 listed in the phone book.
So I guess no one has stolen my identity yet.

I think they do. If I give them a password, will
they be able to read my files on my hard drive, or just be able to
share my internet connection?

I thought files, directories, and printers had to be checked as Shared
before even you can read those files or use the printer on your own
network, and you have to have the password too. So as long as I
don't put any files in my one Shared directory, I thought I was safe.
Yes?

Is that correct?

 

[Sjouke Burry]

Per TVeblen:

Given that, could somebody list a dumbed-down version of the
real-world hazards associated with just leaving a home WAP
"Public" - i.e. with no password needed.

Seems like that would be the case with a lot of small restaurants
and other businesses where they don't subscribe to one of the
commercial "Free WiFi" services.

Somebody downloading childsporno or wikileaks through your wifi,
to avoid being traced.
So the trace points to your wifi, and you might get a visit
from police or FBI.

 

[Dustin]

Thanks. After reading this article:
http://www.labnol.org/internet/secure-your-wireless-wifi-network/1054
9/ I've concluded a wireless network is inherently insecure. Might
not end up using it at home.

I have wireless disabled presently; Only use it when it's not feasable
to run a hardline.

Practical question: when at airports, Starbucks, etc, and you want
to send an email, do you do so with impunity or with the chance
somebody can steal your password when you log on? I might end up
just using the laptop at such "public" places so I need more info on
what to do there.

I've answered as much as i'm going to do so; as I see you've
crossposted this all over the place... Very trollish behavior... btw.

Also what is the usenet group for networking? I use Google Groups
and could not find any.

I found an alt.comp.networking.routers newsgroup on this server.. Your
milage may vary.



--
Hackers are generally only very weakly motivated by conventional
rewards such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest
of work or other activities in terms of the challenges offered and the
toys they get to play with.

 

[Dustin]

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked
- WPA in seconds, WPA2 takes several minutes) I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.

I think you meant wep was cracked in seconds. Please provide reference
urls discussing WPA cracked in seconds. I'd like to learn more. Thanks.

Those hidden shares can be disabled. They aren't available on these
machines here; for example.

Obviously enabling the windows firewall will make such a simple
attack very much harder - but certainly not impossible.

A hardware based firewall which filters netbios requests helps nicely
too.




--
Hackers are generally only very weakly motivated by conventional rewards
such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest of
work or other activities in terms of the challenges offered and the toys
they get to play with.

 

[The Natural Philosopher]

I'm assuming you are using Windows.

/Everything/ is shared by default - you have to specifically disable the
file sharing service to stop it.

Not in my experience. Getting file sharing to work on a windows LAN
requires that you do a lot of configuration, starting with turning
netbios on, then exporting various things as shares, and finishing with
removing most of the firewalling that is the default way of working.


In particular, there are a number of

"default shares" that are (AFAIK) always enabled in windows unless the
whole file sharing service is disabled - you don't need to explicitly
share them. For every drive, there is a share named "c$", "d$", etc.,
that is available to any user with Administrator privileges. These
default shares are hidden, in the sense that they don't show up in
normal network browsing or "net view \\computer", but you can connect to
them easily enough.

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked -
WPA in seconds, WPA2 takes several minutes)

I think it takes a bit longer than that..

I can type "net use x:

\\computer\c$ /user:Administrator" and try to guess your password. Using
Linux rather than Windows makes such an attack easier to automate, but
it can be done with Windows too.

So that's two passwords to fight past, and hope the man has indeed got
windows netbios on, and the firewall off..which if he is a domestic
single user he will not have enabled either of.

Obviously enabling the windows firewall will make such a simple attack
very much harder - but certainly not impossible.

Windows is utter crap, but it's not THAT crappy.

 

[The Natural Philosopher]

Note - I haven't tried this myself.

You may be right that it is just WEP that can be cracked in seconds. WPA
and WPA2 cracking seems to be done using dictionary attacks on the
pre-shared keys - thus it can be fast or slow depending on the quality
of the password chosen. The WPA/WPA2 cracking is done by capturing a
few packets (not many are needed, apparently) and running the cracking
off-line. With big rainbow tables and a fast cracker computer, this
often won't take long.

If you are using "enterprise" WPA rather than pre-shared key WPA, it's a
different matter - cracking is pretty much infeasible.


Yes, but how many people know how to do that - even if they know the
hidden shares exist in the first place?


Absolutely true - hardware firewalls are far more effective than windows
softwrae firewalls for blocking unwanted external traffic. Software
firewalls on windows are good for limiting outgoing traffic from
specific programs, but not good enough to protect from external attacks.

they are certainly good enough to repel all but the most determined hackers.

But who expects the NSA to come sniffing round in a black van stuffed
with supercomputers and packet sniffers?

Not me, Osama ;-)

 

[TVeblen]

they are certainly good enough to repel all but the most determined
hackers.

But who expects the NSA to come sniffing round in a black van stuffed
with supercomputers and packet sniffers?

Not me, Osama ;-)

Are you trying to say that everyone is not interested in everything I do?
I'm going to go and cry now.......

 

[The Natural Philosopher]

On 12/21/2010 9:15 AM, The Natural Philosopher wrote:

Are you trying to say that everyone is not interested in everything I do?
I'm going to go and cry now.......

No. Merely that the ones who are, are not likely to be clever enough to
find out.
;=-)