Securing Wireless Networks

There have been a lot of changes in the home Internet access market. In the early days, we had dial-up modems that would allow home computers to access the Internet. The advances in the modem speeds were slow and it was years between any increase in speed.

Now, there are many high speed Internet access choices are available: cable, DSL, satellite, and even using the electrical grid.

The problem is no longer how to get access to the Internet, but “how to get all of the computers in the home access to the Internet”. The answer: a wireless router.

Home wireless Internet access seems to be all the rage. Why, because setting up and getting the darn things working is so easy. Like magic, you can have all of those home computer surfing the Internet faster than it takes to burn dinner. Most Wireless Access Points (WAP) provide not only the rabbit-ear antennae for wireless devices (PCs, notebooks, PDA), but four or more real network ports for existing wired computers.

Wireless Access Points (WAP or just AP) are inexpensive, you have many choices, and they are easy to setup. They are practically Plug and Play – actually it would be Unplug, Plug and Play.

But, there is a price to pay to facilitate the ease of setting up a wireless home network – privacy and security. The manufacturers of the wireless routers have turned off all security. Like Microsoft Windows, all security is turned off because you, the consumer, want to have a pleasant out of box experience.

Wireless routers broadcast a radio signal that can allow a computer to connect to it anywhere from 60 – 200 feet indoors, up to one mile outdoors. I have lost count of how many times I have visited a friend or family members house, opened up my Dell notebook computer with a wireless network card and Windows XP, scanned, discovered and connected to a neighbor’s wireless network. Within seconds I would have Internet access and in some cases I could even access the neighbor’s home computers.

The manuals that come with the wireless units usually detail the steps required to enable these security measures. But, once the wireless networking is working, most people put down the manual and start surfing.

Instead of writing my own list of steps to secure your Wireless Access Point, I have provided several links that cover all the bases.

PC Magazine

Software Quality Management Magazine

Microsoft Support

Wireless Router Home Install Notes

Most people purchase a wireless router because they have an existing home PC connected to a high speed ISP (Internet Service Provider – cable or DSL) and want to connect addition computers.  Common manufactures of wireless access routers include Linksys, D-Link, Belkins, Netgear and Microsoft.  Purchase a router with at least four “real” network ports (very little difference in price).

The wireless router is connected between the DSL/cable modem and the original home PC.  It will be connected to the cable/DSL modem and all other computer will connect to the router (wired or wirelessly). This usually entails unplugging the network cable from you existing home computer and connecting the cable to the wireless router’s WAN (Wide Area Network) or Internet port.  Then, your home computer will connect to one of the available network ports.  

The following are some comments, notes, and “lessons learned” that I have accumulated over the last couple of years concerning the installing and configuration of Home Wireless Networks. This is by no means intended to be an all-encompassing document.

Check the bottom of this article for link to how to secure your Wireless Router.

Cable/DSL Modems and the Wireless Router – DSL and cable Modem connect to your home computer using either an ethernet cable or a USB cable. If your home computer is connected to the DSL/cable modem using a USB connection then we have a problem.  We want ethernet coming out of the modem. Some cable/DSL modems have both an ethernet network port and USB port and it is just a matter of unplugging the USB cable, powering off the modem, and connecting the ethernet cable.  If your cable/DSL modem has only the USB port to connect to a computer then you will have ask your ISP for a different modem or purchase one.  Also, you will need to check if your computer has a network port.  If not, you will need to purchase a network card ($5-$50). Wireless network cards are cheap and easy to setup.  It does not make sense to install a wireless network card into a desktop computer that is sitting in the same room as the DSL/cable modem and the Wireless Router.

What is ethernet and what does it look like? – An Ethernet cable looks like a fat telephone cable but with an 8-wire module jack (RJ45).  The cables are typically round and not flat because of the 4 pairs of twisted wires inside a plastic cable jacket (telephone wires are usually flat wires). Over the years this type of network port and the cables that plug into the ports have been given many names and many people, including myself, use the terms interchangeably: 10BaseT, 100BaseT, Ethernet, IEEE-802.3, Twisted Pair, network cable, or Cat5 cable. 

Do not install the manufacturer’s software regarding the wireless routers, save the use of the installation software CD provided by the manufacturer as a last resort.  Most home wireless routers will work out of the box with no additional software and they can be configured (and their status viewed) using a Web browser.  Besides, you do not want to introduce any new software (any new variables) onto your home computer until you have insured it still has Internet access.  Seriously, you do not want these CD automatically install a second anti-virus or firewall software, this can just cripple a computer that already has equivalent software installed.

-Updated 1/10/06 -
Most wireless Routers may still work without the installtion CD.  The manufactures have learned from past mistakes and most have little PC impact.  It is now recommended that you run the Installtion CDs as this will enable Wireless security and preventing unwanted computers connecting to your wireless network.

Cycle the power on the DSL or cable modem.  You must power off the cable or DSL modem when it is connected to a new device, in this case a wireless router instead of your home computer. Most cable and DSL modems need to register the network address of the device it is connected to (physical device address or MAC address) before the modem will provide a TCP/IP address.

Does the router work? Confirm that your existing home computer can access the Internet and your email after introducing the new wireless router into the home network. Once the wired computer is working then you start on the wireless networking.

Windows XP has integrated the wireless discovery – once you have installed and loaded the software drivers for a wireless networking card then you should be able to scan or search for wireless networks, hopefully your own.  The manufacture of the wireless card will provide its own piece of software for discovering or defining wireless networks if you are running Windows 98/ME or 2000.

Wireless card on/off switch – Most recent notebook computers come with wireless networking integrated into the unit.  When this stuff was all new, these card where always on.  A new trend by manufactures has been to ship the notebook computers with the wireless network adapter disabled.  This saves battery life and (according to customer surveys) stops those annoying “wireless networking in the area” notification balloons.  You may have to look through the documentation that shipped with the notebook computer on how to enable or disable this device.  Although, I can tell you now that most wireless adapter can usually be enabled using the Windows Device manager, a physical switch (like the old radios) on the side of the computer, or in the BIOS.

Wireless networking cards for notebook and desktop computers – There are three main types of wireless networking cards and the type you need is dependent on your computer.  Let me try to break this down for you.

• USB Wireless Networking Cards – USB wireless cards plug into and available USB computer port.  This type is considered universal as it will work with both desktop or notebook computer. 
• PC-Card Wireless – These are those credit card size adapters intended for notebook computer and Pocket PC devices that do not have wireless networking already integrated.
• PCI Wireless Networking Card – Intended for desktop computers and requires that you open up your home computer and insert this card (requires a screw-driver).

Each of these types of Wireless Networking cards will require that you install the manufacturer supplied software or device drivers.  Once this software is installed, Windows can use this device to discover wireless networks and from there, access the Internet. If you are running Windows 98/Me or 2000, then a utility should/will be installed that allows you to scan, search, or define wireless networks.

How do I attach (find) my wireless network?  The easiest way to find your home wireless network is to SCAN or discover it.  As mentioned earlier, Windows XP has integrated the wireless networking discovery tool.  It should be on your Windows task bar next to the date/time (hover your mouse over the icons). If you can not locate the utility, then you can go into control panel and select Network Connection. If you still do not see a wireless network card then look in the left hand column and select “View Network Connection”.
If you are running Windows 98/ME/2000, then you will be using a utility that was installed when you loaded the wireless networking card software.

Most of these utilities use the same terminology. You will SCAN or Discover your home wireless router.  When you are scanning for wireless networks the name or description of the wireless network will usually reflect the manufacturer’s name: Linksys, Netgear, or D-Link.  This is technically called the “SSID”.  If you see more that one wireless access device that you can connect to then you have probably discovered your wireless network and your neighbors.  Wireless network signals can reach from 20-200 feet.  If this is the case, then it would be a good idea to change your wireless routers SSID to something a little more descriptive, like Fluffy, Buster, or Spot.  Don’t use your real name, use a pet’s name. Refer to the section below.

Wireless access is great.  Once you have discovered and connected to your wireless router, then you should be able to access the Internet using a Web browser, email programs, or whatever you require Internet access to.  The response time should be as good as the wired computer.  You should also notice a signal strength meter or some type of description of the connection strength (Low-Good-Excellent).  Check the signal strengths in different areas in the house.

Use a Web browser to configure your wireless router. Remember earlier in this article, I asked you not to install the manufacturer’s software for the wireless router? Well, this is why. On most of these devices, you can configure them using a web browser and the TCP/IP address of the wireless router. Assuming your home wired computer is up and working, this address would be the same as your computers “Default Gateway”.  Open a DOS prompt and type in IPCONFIG or WINIPCFG to find out the Default Gateway address. 
Here are some examples:  Http://192.168.1.1 or Http://192.168.2.1 or http://10.0.0.1. You will know you have successfully reach the router when you are prompted for a Username and a Password.  Accessing and configuring the wireless router this way will require a Username and Password.  Reference the routers user manual for the specific address, username and password.

Cordless phones and microwave ovens can affect wireless access.  Currently, wireless routers come in two frequency spectrums.  2.4Ghrz and 5.4GHz.  This range of radio spectrum is unlicensed and considered consumer or home appliance use (simplified). Cordless phones commonly use 900mhz, 2.4GHz, and 5.4Ghz and microwave ovens use the 2.4Ghz range.  Why am I telling you this?  Well, you may be cruising the Internet and telling yourself how easy it was to get the wireless working when all of a sudden, everything stops working.  You guest it. Your teen age daughter just called someone on your cordless phone and the radio signals from the cordless phone are interfering with the wireless network.  Or, right before dinner when the microwave oven is warming something.
This does not happen all the time but I have seen it happen and there is a fix.  Just like the old cordless phones use to have the ability to select channels 1-10 so does the wireless router.  By default the wireless routers sold for home use ship with a default of channel 6.  After looking in the manual (or if you are like me just plunge right in) you can use the Web and change the default channel.  Try a couple and see if the cordless phone or the microwave interfere.  You may even gain some distance.

Well, that is enough for now.  If I think of additional topics or receive some recommendation from our listeners, I will update this article.

MSCONFIG – System Configuration Utility and controlling Windows Startup items

MSCONFIG – Microsoft’s system configuration utility for controlling how Windows starts and what programs are automatically loaded when starting.  Many of the items listed in the Windows Task Manager are processes (programs) that can be seen and controlled using the MSCONFIG utility.

MSCONFIG is one of those hidden Windows XP/Me/98 utilities.  After all of these years, I wish that Microsoft had just created an icon for the utility in the “System Tools” program group (between Disk Defragmenter and System Restore).  Everyone should use the utility at least once and view all of the programs that load when Windows starts.  Many of these programs are legitimate (anti-virus, spyware protection, printers, modem, etc.).  If you have had several generations of printers or digital cameras you might just find software loading for a device you no longer use or want.  Become familiar with how to use the utility, and glance through the programs that are starting up.  It may prove useful when and if you need to use this utility to solve a computer problem.

On The Internet Advisor show, we have asked our listeners to use the utility to monitor and control Windows startup programs.  This has proved especially helpful with the manual removal of spyware, Trojans, worms, viruses, and sometime legitimate programs that just slow the computers startup time. 

You can launch the utility by typing MSCONFIG into the Windows Start/Run command line and pressing the OK button.  This powerful utility provides a simple graphical interface allowing you to control startup programs and/or force Windows to come up in Safe (or Diagnostic) Mode upon the next reboot – handy when trying to troubleshoot computer problems.

The utility provides multiple tabs at the top of the screen, but for this topic, we will only concentrating on the General and Startup areas. 

The General tab controls how Windows will start after the next reboot: Normal (everyday), Diagnostic/Safe, or Selective (not discussed here) Modes.  When you select the Diagnostic option, Windows will boot up into a Safe Mode.  As a matter of fact, Windows will continue to boot into Safe Mode until you run the MSCONFIG utility a second time and change the startup selection back to Normal Startup. 

Diagnostic/Safe mode startup loads the minimum amount of software required to have a Windows desktop.  Safe Mode will not load your computer custom video software nor any other hardware drivers. While in safe mode, you will notice that the screen will look huge and that most hardware connected to your computer will not work.  No optional startup software will load, helpful when a virus, spyware, or corrupted software program or hardware driver is causing problems in a normal startup mode.

Why use Windows Diagnostic/Safe Mode?

• Sometime programs will not uninstall properly.  Safe Mode is great for uninstalling programs using the Control Panel’s Add/Remove Programs.
• Repair corrupted software drivers for a hardware device.  Use the Windows Device Manager in Safe Mode, delete a hardware definition item, reboot into normal Windows mode, and let the Windows Plug-and-Play system re-discover the hardware and reload the required software.
• Some viruses and spyware can be a royal pain for anti-virus or anti-spyware to remove.  Most of these programs will also work in Safe Mode and can completely remove the parasite from the computer.

The Startup tab displays the programs that load when Windows starts.  You would simply remove the check from the startup item, preventing it from loading on the next computer restart. 

MSCONFIG startup tab

The difficult part is trying to identify what each of these programs are. You can use www.google.com and search for the command.  You do not have to type the entire path name for the startup item, just the program name at the end. Example: instead of c:\program files\mcaffee\scan.exe just type scan.exe (or what is scan.exe)  into the Google search.

The following list of links specialize in identifying programs listed in the Windows Task manager and the MSCONFIG startup.

• AnswersThatWork.com 
• WindowsStartup.com
• Process List.com
• Program Checker 
• Windows Process and Application lookup by UniBlue Systems.

Another trick to use when trying to discover what a startup item is for is to look for keywords.  If you see a command that includes “Norton” or “Symantec” then chances are this is your anti-virus or firewall software and you can feel pretty safe in leaving this program alone. If you see a keyword of Lexmark, HP, or Cannon, then the startup item is probably an external printer, scanner, fax, or digital camera.

The following is an example technique, using the MSCONFIG utility, that I have used on many occasions to isolate startup programs that give a computer heart-burn.
 
You can try to isolate which program is causing your computer problems by using the System Configuration utility to remove some or all of the programs that will load during startup.  To do this, follow these steps:

1. Configure your computer to come up in Safe Mode.  Select – Start > Run…  and type in: ”msconfig” and press OK.  Use the MSCONFIG utility and select a Diagnostic startup (on the General tab), select OK and answer yes to reboot your computer now.  If your computer problem is serious enough that you can not use the MSCONFIG utility to configure a Safe Mode startup, you can force Windows into Safe Mode upon powering up.  You do this by powering up the computer and pressing the F8 key at one second intervals. This will bring up a Windows XP startup menu, choose “Safe Mode”.  Log into windows.
2. Once in Safe Mode, enter the msconfig utility again and select the Startup Tab (the last tab).
3. Any program that is checked will be loaded at startup.  There are two approaches you can take when deselecting startup items.  You can deselect all programs (after documenting them first) or deselect one or two startup programs at a time.  Again, some of these programs are your anti-virus.
4. To test the Windows startup in Normal mode, don’t forget to select the General tab again and set the selective startup back to Normal.
5. Upon exiting the utility, and rebooting your computer, you may notice that some computer function may not work.  Hopefully your problem has been eliminated or at the very least, starting up faster.

This technique can be used to prove that your error or computer problem was caused by one of these startup programs.  You can now repeat the process and selectively re-enable some of the startup items.  Look up what the programs are that you are enabling and, hopefully, identify the program that has cause the problem or error.

Try the utility at least once and view all of the programs that load when Windows starts because you never know when you may need to troubleshoot your own computer problems.