PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Need help to solve security issues with my wireless network and server
From:
Russ Poffenberger <[log in to unmask]>
Reply To:
Personal Computer Hardware discussion List <[log in to unmask]>
Date:
Mon, 6 Mar 2006 07:29:48 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (119 lines) 
Hi Jose,

Some answers below..

At 10:58 AM 3/4/2006, Jose Louies wrote:
>Hi  all tech GURUS !
>
>I am new to the group and I have a problem to be solved
>
>I manage a small net work for a Non-Profit Wildlife Conservation 
>organization in India.
>
>The over all pic about the net work
>
>
>Computers
>10 PCs  ( All athlon XP/Sempron/ XP 64 on Asus Boards) XP  prof  with SP2 
>as OS
>3 Note books  (  2 Acer  intel, 1 Amd Turion )
>+ I file server on win 2000 server  ( Athlon XP 64  bit 2400  512  RAM, 80 
>GB X  4 HDDs  )
>
>Net working
>DSL  on Dlink ADSL  Modem -502T  which is connected to  D link Switch  DES 
>10 16 D
>WRT 54 G wireless router  ( for the lap tops)
>
>
>My Problems
>
>The Clients take almost a minute or even more when they try to login in 
>the server.  " Applying local settings.............. " and  it takes a lot 
>of time.

Are they setup so the users are logging into a domain? If so, and they have 
a roaming profile, then this delay seems typical, unfortunately. It is 
because all the users settings (basically everything under "c:\documents 
and settings\user") are being copied from the server to the local disk. If 
the users keep a lot of stuff (documents, pictures, temporary internet 
files, mail folders, etc), then it simply takes time to copy it over. This 
might be improved somewhat by offering switched gigabit networking between 
the client systems and the server. The other solution is to have users 
avoid storing large amounts of data in the folders that are stored in their 
profile. The best solution I have found is to change their profile from 
roaming to local. The downside to the latter approach though is if they 
routinely use different machines to login with, then the files will not be 
available on the server. Also, if they rely on backups on the server to 
backup their files, this won't be possible either with a local profile.



>Problem II
>
>As i mentioned earlier about the Wifi, it is a security problem. any body 
>with a wifi  lap top can connect to my net work and use  the internet 
>connection. I switch off the wifi router in the eveing and durig the day, 
>i am forced to use it. I have disabled DHCP on the wifi router and  the 
>DSL rotuer give  the DHCP to the clients. So any body can log in to my 
>internet connection.
>
>How can i ensure proper security in the network without  installing any 
>external software ?

Most routers have security built-in, you just need to enable it. There are 
several things you can do to help with security. Here are a few, in order 
of ease of implementation, however the easiest things are typically less 
effective. You typically access the routers setup system by pointing a web 
browser to the IP address of the router.

1.) Do not broadcast your SSID. The wireless network's SSID is required for 
anybody to access it. Most routers broadcast it by default. If you turn 
this off, then a casual person trying to connect would have to guess at it, 
although more sophisticated scanning tools can still figure out the SSID. I 
have seen at least one wireless print server that would not work properly 
if SSID broadcast is turned off, YMMV.

2.) Turn on encryption, however being in India, not sure which encryption 
protocols are available in your models due to export controls, so this 
information is based on US model routers. Most routers have any encryption 
protocols turned off by default.

The most basic encryption model is WEP. Usually available in 64bit or 
128bit. 64bit is very basic and easily crackable by moderately 
sophisticated wireless scanning tools, but will thwart the casual user who 
just wants to camp on your WiFi. 128bit is better, but still can be broken 
by more advanced scanning tools.

WPA-PSK encryption is now available in the US, and is much better than WEP 
on security.

Note that for any encryption, you MUST change both the router AND the 
client computers. Their information including passcodes and keys must match 
or the client will be unable to connect.

3.) Most routers support MAC address filtering. This is a table of hardware 
MAC addresses that you maintain manually. When enabled (it is typically 
disabled by default), you enter into a table the HW ethernet (MAC) 
addresses of each of the wireless interfaces on your client computer. Only 
those computers will get through the router.

Note that all three of the above can be enabled simultaneously, this would 
give the most protection you can get from a wireless network.

One question that many people will wonder is why all the security is turned 
off by default on the routers, the answer is simple, the manufacturers want 
to make it as easy as possible for people to setup their wireless network. 
If it were not nearly plug and play, they would get tons of support calls. 
So it is up to the user to understand the security risks and takes steps to 
address them.



Russ Poffenberger
[log in to unmask] 

         PCBUILD maintains hundreds of useful files for download
                     visit our download web page at:
                  http://freepctech.com/downloads.shtml

ATOM RSS1 RSS2