Answers - 4
Source: Tom's Guide US | Keywords: wireless, faq, security
- 4. Answers - 3
- 5. Answers - 4
5. Answers - 4
• What security precautions should I take when using wireless hotspots?
First, be aware that any data you send or receive can be monitored by any other wireless user unless you are using a VPN, secure web browser (HTTPS) or other secured connection. This includes login information, account numbers, etc., so be sure that you use the secured option for webmail, on-line ordering, etc..
The other important precaution to take is to disable File and Printer sharing and Client for Microsoft Networks on your wireless adapter if you have them enabled. Not all public wireless hotspots use technology that prevents wireless client-to-client communication. This writer recently used the free wireless in the food court of Pittsburg's airport and found via a quick browse of My Network Places that the entire drives of numerous fellow wireless users were totally accessible. Both settings can be found in the wireless adapter's Network Properties.
• Should I consider buying a wireless device that doesn't support WPA?
In our opinion, no. Manufacturers have had enough time to incorporate this greatly improved wireless security capability into their products. Any new wireless product that you purchase should support at least WPA-PSK (Pre-Shared Key) / TKIP capability.
• Can WPA be used with Windows versions other than Windows XP?
Yes, but only WinXP has a built-in WPA "supplicant" (a small application that performs the client-side duties for WPA authentication).
For other OSes, you will need to use the supplicant that should be in the client utility that came with your wireless adapter. You may need to go to your adapter manufacturer's website to download an updated client that includes the supplicant.
If your adapter doesn't have a WPA-capable client utility, you can purchase a third-party application such as Jupiter Network's (formerly Funk) Odyssey client.
• How do keep wireless users connected to my wireless router from accessing my wired network?
There are a couple of ways to do this. The simplest would be to use a switch or router with VLAN (VirtualLAN) capability. This would allow you to assign wireless and wired clients to different VLANs which would prevent any communication between them. Unfortunately, consumer-priced products with VLAN capability still are not available.
If all you need is protection in one direction, i.e. keeping wireless users off the wired LAN, you can use the router-cascading technique described in the TomsNetworking Setting up File and Printer sharing between two routers How To. Just make the wireless router the one connected to the Internet and the wired router WAN port connected to one of the wireless router's LAN ports.
If you want both wireless and wired users from reaching one another you can use three routers, as described in the TomsNetworking One Internet connection - Two Private LANs How To. Only one of the routers, needs to be wireless, the others can be Ethernet-only.
• Does software exist that will allow someone to monitor my Wi-Fi Lan to display the same screens I am seeing on my computer in real time?
There is software (both open-source and commercial) that will display information flowing through a wireless network. eEye Digital Security sells their Iris vulnerability scanner that will reconstruct web pages in real-time, by following conversations from computers.
The dsniff suite written by Dug Song is a collection of open source utilities that can capture URLs, Emails, Instant Messaging and other interesting bits of information. Webspy, one of the programs in the suite, will capture URLs and then input them into a browser. This will let an attacker "follow" users surfing the web.
Driftnet is an open-source program that will rip pictures from wireless networks. As users surf the web, each picture will be captured and displayed on the attacking computer.
All of this assumes that the wireless traffic is not encrypted using WEP or preferably WPA or WPA2.
- Previous page Answers - 3
