how to safely configure your home wireless network
DESCRIPTION
TRANSCRIPT
![Page 1: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/1.jpg)
DHS IT FairMarch 12, 2009
Barry CaplinChief Information Security Officer
Minnesota Department of Human [email protected]
WiFi for DummiesSmart People who aren’t sure how
set it up securely
![Page 2: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/2.jpg)
Agenda
• Why wireless?
• Wireless basics
• Top 10 tips
• Wireless at DHS
![Page 3: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/3.jpg)
Why Wireless?
![Page 4: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/4.jpg)
Wireless Basics
You need:• Computer/Laptop
– Built-in wireless (or WiFi)– a/b/g/n– Connects to Access Point
• Wireless Access Point or Router– Receives/transmits signals between
wireless computer and network
![Page 5: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/5.jpg)
Wireless Basics
![Page 6: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/6.jpg)
What, Me Worry?
• If you can connect to your wireless network.
• An outsider can:– Connect to your home network– “listen” to what you do: taxes, banking,
personal communication
And will look like they are part of your home network, so if they do something bad…
… what stops anyone else?
![Page 7: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/7.jpg)
Wireless Basics
• WiFi– Not an acronym
– Trademark
– Play on words (Hi Fi)
![Page 8: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/8.jpg)
Top 10 Tips
• Netgear WGR614v6
• Why?– Cheap
– Available locally
• Not an endorsement!(also Belkin F5D7230-4)
![Page 9: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/9.jpg)
Top 10 Tips
Log in to the wireless Access Point/Router
![Page 10: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/10.jpg)
Top 10 Tips
1. Change the default SSID
Name (SSID): Enter a value of up to 32 alphanumeric characters. The same Name (SSID) must be assigned to all wireless devices in your network. The default SSID is NETGEAR, but NETGEAR strongly recommends that you change your network's Name (SSID) to a different value. This value is also case-sensitive. For example, NETGEAR is not the same as NETGEAr.
![Page 11: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/11.jpg)
Top 10 Tips
1. Change the default SSID
![Page 12: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/12.jpg)
Top 10 Tips
![Page 13: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/13.jpg)
Top 10 Tips
2. Disable SSID Broadcast
(but it was unclear how!)
Wireless network name broadcast can be turned off so that only devices that have the
network name (SSID) can connect.
![Page 14: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/14.jpg)
Top 10 Tips
2. Disable SSID Broadcast
![Page 15: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/15.jpg)
Top 10 Tips
3. Use Encryption (WPA/WPA2)
![Page 16: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/16.jpg)
Top 10 Tips
Key Sharing:
![Page 17: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/17.jpg)
Top 10 Tips
But WEP and WPA-TKIP have been cracked…
• This Netgear only has WPA-TKIP (need newer model)
• The Belkin has WPA2
still OK for suburbs but not for city, apts, or rural (maybe).
![Page 18: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/18.jpg)
Top 10 Tips
![Page 19: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/19.jpg)
Top 10 Tips
4. Change the default administrator passwordFigure 3-2: Log in to the router
When prompted, enter admin for the router user name and password for the router password, both in lower case letters
![Page 20: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/20.jpg)
Top 10 Tips
4. Change the default administrator password
![Page 21: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/21.jpg)
Top 10 Tips
1. Change the default SSID
2. Disable SSID Broadcast
3. Use Encryption (WPA/WPA2)
4. Change the default administrator password
![Page 22: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/22.jpg)
Defaults are Dangerous!
FEATURE DEFAULT FACTORY SETTINGS
Wireless Access Point Enabled
Wireless Access List (MAC Filtering)
All wireless stations allowed
SSID broadcast Enabled
SSID NETGEAR
Authentication Type Open System
WEP Disabled
![Page 23: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/23.jpg)
Top 10 Tips
5. Use HTTPS (and enable “inside only” admin)
(Neither device has
https)
![Page 24: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/24.jpg)
Top 10 Tips
6. Enable Firewall (and any other security features)
![Page 25: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/25.jpg)
Top 10 Tips
7. Turn it off when not in use.• The safest computer is one that is off!
![Page 26: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/26.jpg)
Top 10 Tips
8. Access Point placement (and lower the power)
(Belkin. Netgear does not provide range.)
•Typical indoor operating range for your wireless devices is between 100 and 200 feet.
•Depends on interference - typically 50–300 ft. indoors
![Page 27: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/27.jpg)
Top 10 Tips
![Page 28: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/28.jpg)
Top 10 Tips
![Page 29: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/29.jpg)
Top 10 Tips
9. Patches/Updates• Not automatic• You need to check• Not frequent
![Page 30: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/30.jpg)
The routing software of the WGR614 v6 router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR Web site.
To upload new firmware:1. Download and unzip the new software file from
NETGEAR.2. In the Router Upgrade menu, click the Browse
button and browse to the location of the upgrade file
3. Click Upload.
9. Patches/Updates
Top 10 Tips
![Page 31: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/31.jpg)
Top 10 Tips
10. NAT/Static IP Addresses/Disable DHCP(don’t disable DHCP if you are connecting your DHS laptop
to your home wireless)
![Page 32: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/32.jpg)
(bonus!) Top 10 Tips
11. MAC address filtering
![Page 33: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/33.jpg)
Top 10 Tips
1. Change the default SSID2. Disable SSID Broadcast3. Use Encryption (WPA2)4. Change the default administrator password5. Use HTTPS6. Enable Firewall/Security Features7. Turn it off when not in use.8. Access Point placement9. Patches/Updates10. Static IP Addresses/Disable DHCP11. MAC address filtering (bonus!)
![Page 34: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/34.jpg)
Wireless at DHS
• DHS wireless networks have been assessed by Information Security and use most of the controls we’ve listed here (and some others)
• If you need wireless access, request form is at: InfoLink>Forms>Technology>Remote Access/Wireless Request Form(requires supervisor and director approval)
![Page 35: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/35.jpg)
Wireless outside of DHS
• Home wireless is OK if you are authorized for remote access and wireless; otherwise:
– Business need– Use identified, named networks
And always:– Use a VPN to access DHS(when you connect to an “unknown” network, start your
VPN before doing anything else)
![Page 36: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/36.jpg)
Wireless outside of DHS
For your own personally owned laptop:
• Turn on the Windows firewall
• Encrypt sensitive files
• Don’t type in credit card numbers, passwords, or similar info
• Turn off wireless if you’re not using it.
![Page 37: How to safely configure your home wireless network](https://reader033.vdocuments.us/reader033/viewer/2022061218/54b6a8574a7959b5588b484a/html5/thumbnails/37.jpg)
Discussion?