General Security Guide
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View General Security Guide as PDF for free.
More details
- Words: 4,254
- Pages: 9
General Security Guide 2003.02.12 10:58 EST by Philip
Introduction Let's start with the basic presumption that no system is completely secure. The only way to secure your system completely is by turning it off, locking it in a safe and throwing away the key... The only way you can completely prevent remote exploits is to disconnect from the network. All Operating Systems have some security flaws, with the more complex OSes having more potential vulnerabilities. Keeping that in mind, we can come very close to a completely secure level and still maintain a working system by following a few basic principles, described bellow.
General Guidelines 1. Don't turn on services you don't need. Turning off services you don't use is simply common sense and can greatly reduce the risks while online. File and Print Sharing is probably the single most common Windows security vulnerability. Don't use it unless you really need it. You can check if it's turned on (In Win 9x) under "Control Panel > Network > File and Print Sharing". If, on the other hand you have a LAN and need to share files, follow the guidelines below: • • • • •
Unbind File and Print Sharing and Client for MS Networks from TCP/IP - you will need to check all TCP/IP Entries in "Control Panel > Network". Install NetBEUI and bind File and Print Sharing to it. Turn access on just for the necessary directories/drives and make it read-only. Use strong passwords for all your shares. Install a software/hardware firewall.
2. Use strong passwords - whenever you use paswords, being an online banking interface, network share or even a forum, common sense dictates you should make them hard to guess/crack. Although some of the suggestions below might seem trivial, they are not followed by many users and it might be a huge security risk. Use the following guidelines with passwords: • • • • •
use both lower and upper case letters use some non-alphanumeric characters as well don't base your passwords on a dictionary word, name, place or date. use long passwords use different passwords for different places.
3. Stay current with updates - download and install all available security patches for your OS, as well as new anti-virus definitions, etc. For example, all Windows-based computers should have the latest service pack installed. Also check the Windows Update site on a regular basis (or use automatic updates) for the latest security updates. 4. Use the encryption available to you - FTP/SMTP/HTTP and many other protocols widely used on the Internet transmit information in ASCII (clear text). What that means is, all information transfered to/from servers, including your passwords is transmitted in
clear text, and is readily available to any network device it passes through to get to its destination. When possible, use the secure variations of those protocols to avoid personal information being transmitted unencryted.
Multi-Layered Security Approach 1. Hardware Firewall ( and/or optional software firewall) Firewalls basically filters all network traffic, block ports and inspect packets in order to protect your PC or LAN from unauthorized entries. Some firewall solutions include additional functionality that allows you to detect and gather information about any intrusions. There are different types of firewalls of different complexities, however most of them allow for you to close unused ports from being accessed externally. Computers with always-on Cable Modem, DSL or similar broadband connections to the Internet have mostly static IP addresses and are online much longer than those with dialup connections, which by itself increases the security risks and justifies installing a firewall for protection. For reference, some established brandnames are SonicWall, ZyXEL ZyWALL, ZoneAlarm, BlackICE, etc. 2. Anti-Virus Software - with the increasing popularity of the Internet, viruses and trojan horses have become more common simply because of people's ignorance and PCs being interconnected in a network, communicating with each other much more easily. Some viruses have caused havoc on the Internet, spreading with alarming rates through email or other similar means. Installing a good Anti-virus software (and maintaining virus-definitions current) is a must, or you are bound to become a victim of some virus/trojan horse at some point in time. I'd recommend installing one of the leading products, such as Norton Anti-virus for compatability, ease of use, eficiency and fast response to new threats. 3. Anti-Spyware Software - your every action online could be recorded withour your explicit permission ! The least we can do is bring this to your attention, so you have the choice and are well aware before giving away personal information. The issue begins with marketing, companies trying to collect consumer information, demographics, or in some cases personaly identifiable informaton about users. It's accomplished through their software installing Spyware, or Trojans on your computer, usually without your knowledge or consent, and then forwarding the collected personal information to their data collection facilities... The gathered information is then potentially being sold and combined with other databases to build up profiles of individual web users, usually for direct marketing purposes. It might sound like sci-fi to the uninitiated, but it is real, and it is happening every day online. Your privacy is being invaded. For anti-spyware software solutions, you might want to look up: Lavasoft Ad_Aware, Gibson Research OptOut, SpyCop, WinTasks Pro, etc. Many such anti-spyware programs block advertisements on websites as side-effect of protecting your privacy.... I'd also like to bring up the fact that not all advertising is evil. Many websites, including ours rely on banner advertising as a source of revenue, the bandwidth used in serving you with free information costs money and it is paid for by advertising. Blocking ALL ads just hurts independent websites sponsored by banner
advertising.
Conclusion One should be aware of all the major security threats, especially when connected to a large network, such as the Internet. With all the above precautions in mind, the Internet can be a fun, (almost) safe place to explore ;)
5 Ways to Improve your Wireless Network 2007.09.28 15:19 EST by Comtrad
While installing a wireless network may seem trendy, it makes good business sense. You have the flexibility and convenience of working untethered, plus you won't have to pay someone to come in and reroute network cables if you hire new employees or reconfigure your office floor plan. Setting up a wireless network requires thought and planning. We spoke with Doug Potts, a security specialist at CDW, to find out what you can do to ensure their network works as smoothly and as securely as possible. The five steps to improving your wireless network are listed in order of their cost and complexity. Whether you take one or all five depends on the size of your budget and the level of security you need.
1. Set Up Wireless Encryption Encrypting your network makes it difficult for hackers to crack in and use your wireless connection, access your data or other perform other malicious actions. "Encryption's an effective hacker deterrent," said Potts. "The thought of trying to hack a 128-bit or 256-bit cipher is enough to send a hacker packing — and looking for an easier target." You have two types of encryption from which to choose: WEP and WPA with AES encryption. Potts likened 128-bit WEP encryption to a barking dog that frightens off a burglar. "Now AES, that's 256bit — an even tougher type of encryption," Potts said. "That's like having the dog, an alarm system and a guard out front." According to Potts, the 128-bit WEP encryption can be cracked, but it can take up to four hours of work to do it To date, he says, 256-bit AES has never been cracked. Most wireless access points (APs) support both WEP and WPA standards, but not all client cards (the Wi-Fi card that plugs into your laptop) support AES encryption, which requires a dedicated chip. "At the very minimum," said Potts, "everyone running a wireless network should have WEP installed and turned on."
Typically you'll pay about $50 to $100 more for an AP that supports AES. Potts says that if you're installing a wireless network for the first time, it's a good idea to invest in the security features that WPA offers. If you already have a wireless network, Potts recommends upgrading all of your APs to WPA over time as your budget allows.
2. Stick With the Same Vendor Buying your APs and Wi-Fi cards from the same vendor increases your network performance and reduces compatibility issues, since not all vendors support the same features. Potts sited a feature called "Turbo mode" as an example. "Some manufacturers build a Turbo mode into their APs and Wi-Fi cards," he said. "It's supposed to double your network throughput, but it only works if all your cards come from the same vendor. It could even be available only on a specific card within a vendor's line." Potts continued, "D-Link has an AP and a Wi-Fi card that are specific to the Turbo mode feature. The company makes lots of cards and APs, but not all of them support that feature. This is true of most vendors," Potts said.
3. Do a Site Survey Potts likes to ask his customers a question — Do you know where your wireless signal is? Unless you know exactly how far your wireless network reaches, and in what directions it travels, chances are you're leaking a Wi-Fi signal that anyone with a laptop and a Wi-Fi card — including hackers — can use for free. "A site survey will tell you exactly how far your signal reaches," said Potts. "Take your laptop and Wi-Fi card and call up the utility that measures signal strength, [each maker has it's own — Cisco's is called ACU] and walk around your office with the utility running. That will tell you how far the signal reaches and the signals strength," said Potts. There's also lots of software that can help you do site surveys, such as the programs from Wireless Valley. "If the signal's strong throughout the office, then go outside and keep walking around to see how far it leaks," he said. "I work on the fifth floor of a building in downtown Chicago, and when I'm in my office and I turn on my laptop, I can access the unprotected network from the coffee shop on the first floor." Small businesses need to be aware that their network's AP signal could be traveling further than they want and creating a potential security breach. Potts pointed out that encryption offers a good deal of protection, but the longer someone has access to your network, the greater the chance they can crack it. "Remember WEP encryption can be cracked," [argh] said Potts. "If your signal leaks out into the parking lot, you're giving someone the time and opportunity to hack you. If the signal's contained to your office, you significantly reduce the likelihood of an outside attack."
4. Place Your Wireless Network on Its own VLAN Potts explained that a VLAN, or Virtual Local Area Network, is a way of segmenting your network so that employees can access only the job-related resources they need without having access to the entire network.
"Not everyone needs to know everything," said Potts "This is a way to add a layer of internal data protection to your business." This is a somewhat more costly addition to a wireless network, but a good option if your business requires compliance with HIPAA or other types of state and federal regulations or you want to make sure that your personnel or other backend data isn't readily accessible. Potts pointed out that high-end equipment manufacturers typically support VLAN capability. "You'll find VLAN in Cisco, Proxim and 3Com products," said Potts, "but not in Linksys, D-Link or NetGear."
5. Set Up a Secondary Authentication Mechanism Authentication is a way that people can prove they are who they say they are in order to access a network or any secure area. The most common authentication method is the user name and password. Potts said that companies that deal with highly sensitive data might want to consider adding a second method on top of the type they currently employ. "Of these five steps, this is the most expensive option," he said. "A company would need to invest in a RADIUS server, which can range anywhere from $3,000 to $8,000 dollars depending on the size of the company." However, a number of low cost solutions for small businesses exist to help them use authentication servers that utilize the protocol called 802.1X. They include software packages like LucidLink or Elektron that runs on a local computer to turn it into a RADIUS authentication server, or hosted RADIUS like WSC Guard or WiTopia.net.
How DSL Internet Access Works Your Knowledge Connection 2004.05.04 14:34 EST by Gareth Marples
Ah yes – the world of digital. It appears to be a world of technological advances all geared towards developing more speed. More speed creates, in turn, better audio, better video, faster downloads. And speaking of downloads, have you ever sat in front of your computer and waited…and waited… and waited…and…well, you get the picture. At least, eventually, you probably got the picture. And the technology that brought you that picture is DSL. So, to give you a better understanding of how DSL Internet access works, we’ll take a simple look at a complex process. DSL is, technologically, quite complex. But we’ll try to create an easy-tofollow picture for you. Here we go.
It all starts with a telephone line First, we’ll look at the telephone line. The wires that connect your home or small business to a
telephone company are made of copper. These wires are wound around each other and are called twisted pair. You exchange voice information over the POTS, and the type of signal used for this is called an analog signal. This analog signal is acoustic in nature, but is converted to an electrical equivalent in terms of volume and pitch. The signal is transmitted through the wire on a selected frequency. To properly understand DSL, we first need to know what frequencies are. Think of it this way: Split a telephone wire lengthwise into sections. Each section is a frequency. You can send information along this frequency in the form of a signal. The transmission of the signal is converted into cycles per second, each cycle being known as a Hertz. (For example, a megahertz (MHz) is one million cycles per second.) Each hertz can carry a signal along its separate frequency. The total range of frequencies, expressed in Kilobits per second (Kbps) is called the bandwidth. Now, getting back to your telephone conversation, human voices, speaking in normal conversational tones, can be carried in a frequency range of 0 – 3,400 Hertz ( a very small frequency). Because telephone companies limit the frequencies carried over the lines, the phone system can pack lots of wires into a very small space without worrying about the interference between lines. This is good news for DSL –they can use the large amount of space left on the lines to transmit digital signals.
DSL offers far faster signal speed – but not too far So now DSL could use the available space on the phone line to transmit high-speed digital signals. As soon as they’d established their basic system, improvements were sought. Different types of DSL were developed. Most DSL users are connected to one of these new developments, an ADSL (asymmetric DSL) line. ADSL divides up the available frequencies in a line. Because most Internet users download more information than they upload, it was logical to make the connection speed from the Internet to the user four or five times faster than the connection from the user back to the Internet. So ADSL offers far faster speed – but, as we mentioned, not too far. Not too far from what? The CO (Central Office). Distance is a major factor in ADSL technology. As you get farther away from the CO, your signal gets weaker and your connection speed gets slower. The limit for ADSL service is 18,000 feet (5,460 meters). Maximum downstream (Internet to customer) speeds are up to 8 megabits per second (Mbps) at a distance of about 6,000 feet (1,820 meters), and upstream speeds are up to 640 Kbps. So when you’re ordering your DSL, make sure to ask how far you are from your CO.
ADSL systems compete There are two completely different competing standards for ADSL. American National Standards Institute (ANSI) is the primary organization for fostering the development of technology standards in the United States. The standard they set for ADSL is a system called discrete multitone (DMT). Most ADSL equipment today uses DMT. The earlier standard was the carrierless amplitude/phase (CAP) system, which was more easily implemented. The CAP system divides the signals on the telephone line into three bands:
• •
0-4 KHz (kilohertz): the standard for POTS; carries voice conversations 25-160 KHz: the upstream channel
•
160-240KHz: the downstream channel
This system, with the three channels widely separated, minimizes the possibility of interference between the channels on one line, or between the signals on different lines. DMT also divides signals into separate channels, but instead of using two broad channels for upstream and downstream data, it divides the data into 247 separate channels, each 4 KHz wide. Each channel is monitored and, if the quality is poor, the signal is shifted to another channel. This system constantly shifts signals between different channels, searching for the best channels for transmission and reception. DMT also uses some of the lower channels as bi-directional channels. These frequencies can be used to transmit upstream or downstream information. All this information going up and down, along with monitoring the quality of it all, makes DMT more complex to operate than CAP, but it’s much more flexible.
Of course, nothing runs without equipment ADSL used two pieces of equipment, one at the customer end and one at the DSL provider end. At the customer end, there’s a DSL transceiver, commonly known as a DSL modem. The modem is the point where data from the user’s computer is connected to the DSL line. We’ve already determined that the signal sent by the telephone company is an analog signal. The purpose of the DSL modem is to convert this signal back to a digital form that your computer can understand. The DSL service provider has a DSLAM (a DSL Access Multiplexer) to receive customer connections. This piece of equipment is what really allows DSL to happen. A DSLAM takes connections from many customers and combines them into a single, high-capacity connection to the Internet. It’s able to support multiple types of DSL, as well as different types of protocol and modulation, including CAP and DMT, in a single central office.
It all comes together on your computer screen So now we’ve tracked the journey of the information you see on your computer. ADSL is the form of DSL that’ll become most familiar to home and small business users. Using ADSL, up to 6.1 Mbps of data can be sent downstream and up to 640 Kbps upstream. The high downstream bandwidth means that your telephone line will be able to bring motion video, audio, and 3-D images to your computer or hooked-in TV set. Also, a small portion of the downstream bandwidth can be devoted to voice data, and you can hold phone conversations without requiring a separate line. So now you’re connected. Now you know how DSL Internet access works. Now you can sit at your computer, knowing why, occasionally, your computer slows down. But, hey, don’t worry – you can still talk on the phone while you wait!
About The Author Gareth Marples is a successful freelance writer providing valuable tips and advice for consumers purchasing internet service providers, free long distance and discount web hosting. His numerous articles offer moneysaving tips and valuable insight on typically confusing topics. This article on "How DSL Internet Access Works" reprinted with permission. © 2004 - Net Guides Publishing, Inc.
Wireless Broadband service and LONG Range 2007.02.28 21:16 EST by db_2kwireless
SG, Thanks for such a great website that helps the end-user so much. However, I wanted to help out everyone that see’s your website find broadband access and help them with their routers and wireless networks. First a bit about myself, I own and operate two different Wireless ISPs. So I know a bit about Wireless technology, not to mention can get 802.11b radios to talk to each other at 25 miles apart! I can assure you that your home Linksys or D-Link, is’nt up to the challenge, but I bet I can help some people get more wireless access around the house! First, let’s start with Wireless ISP’s or WISPs. Believe it or not, there are thousands out there, most operating in the outlying underserved towns and areas outside of major cities. There are also quite a few inside big cities, doing what they do best. One of the best resources is www.part15.org. This is a group the helps WISPs and provides services and a compete state by state listing of any WISP that wishes to be listed. If you are tired of cable or DSL, in some cases, WISPs can deliver more bandwidth, faster, more reliably, and have better customer service! Sounds like an oxy-moron, an internet provider with good service, however, quite a few of these companies are 2-3 man shops, so your installer is the same guy who runs the network and bills you for your service. Having a single point of contact, and talking to the same guy every time is always a plus, you don’t have to tell your story to someone else who really doesn’t care because he is one of 300 people in this building that all they do is answer your calls. Also, unlike DSL or cable, most WISPs offer symmetrical service, that is, the same speed both ways. You will pay for this service, but, it is typically cheaper than other high speed connections. The best way to get started is to find yourself a WISP and contact them to see if you are in their coverage area. Once that happens, some companies can install within a few days, by placing an antenna on your roof that is close to your satellite dish for TV service. But don’t be fooled, there is a big difference compared to the services of Direct Way or other satellite internet providers. One of the biggest differences is speed; Direct Way offers a 400k package, where fixed wireless in most areas can go up to 6000k, and in some areas even higher, with packages in the 10-15meg area! The second difference is latency; the time it takes data to go from your computer to the internet and back. Most fixed wireless networks can get you to the internet in less than 5ms; compare that to the 20+ for DSL and cable and the 400-800ms that Direct Wayoffers. VoIP and online gaming is as fast as can be. Most companies offer no money out of pocket installation with a one or two year term, just like most DSL or cable operators. So I am sure that you can find something that will work for you. I mentioned that I can get 802.11b to go 25 miles, and yes, I have done this, I believe the longest was 110 miles, but that was not using off the shelf gear. So how do you get more range with your wireless router? First, you need to know what hardware you have. Most of your off the shelf routers or wireless access points use 60 milliwatt radios and 2db gain antennas. Some of the
more expensive devices are 100 milliwatts. To put this in perspective, 100mw (milliwatts) is .1 or 10% of a single watt. Very low power compared to the 1000 watt AM radio stations that are out there. Now we need to convert the milliwatts into db, so 60mw is 17.5db then you add your 2db gain antenna. You end up with a whopping 19.5db transmitter. Also note that every 2db doubles your signal. So by adding the 2db antenna you are doubling your output. This is good for home use, but just by swapping out the 2db antenna with say a 5db, you have now a 22.5db transmitter, plus your router can now hear 2x better, because the antenna also boosts what the router can receive! What if you put a 200mw or 23db radio on a 12db antenna! Ohhh ahhhh, now we are talking, 35db - what kind of range can you get out of that ? Well, long and short, as long as you are on a single floor not too much higher or lower than what your antenna is at, much longer range! That is because the 12db antenna has a much flatter signal, it only goes out at about 7 degrees from a straight line, but you can get some other antennas at say, 8db, that do much better, 20-30 degrees from center. Where to get these, well I recommend www.jeffcosoho.com, great place, and you can buy some serious hardware there, not to mention new 400mw radios! But be careful, it is against the law to go above 36db and in an area such as around your home; there would be no need for such equipment. Words of wisdom, I hope I hear some feedback and questions! Dennis Burgess
Introduction Let's start with the basic presumption that no system is completely secure. The only way to secure your system completely is by turning it off, locking it in a safe and throwing away the key... The only way you can completely prevent remote exploits is to disconnect from the network. All Operating Systems have some security flaws, with the more complex OSes having more potential vulnerabilities. Keeping that in mind, we can come very close to a completely secure level and still maintain a working system by following a few basic principles, described bellow.
General Guidelines 1. Don't turn on services you don't need. Turning off services you don't use is simply common sense and can greatly reduce the risks while online. File and Print Sharing is probably the single most common Windows security vulnerability. Don't use it unless you really need it. You can check if it's turned on (In Win 9x) under "Control Panel > Network > File and Print Sharing". If, on the other hand you have a LAN and need to share files, follow the guidelines below: • • • • •
Unbind File and Print Sharing and Client for MS Networks from TCP/IP - you will need to check all TCP/IP Entries in "Control Panel > Network". Install NetBEUI and bind File and Print Sharing to it. Turn access on just for the necessary directories/drives and make it read-only. Use strong passwords for all your shares. Install a software/hardware firewall.
2. Use strong passwords - whenever you use paswords, being an online banking interface, network share or even a forum, common sense dictates you should make them hard to guess/crack. Although some of the suggestions below might seem trivial, they are not followed by many users and it might be a huge security risk. Use the following guidelines with passwords: • • • • •
use both lower and upper case letters use some non-alphanumeric characters as well don't base your passwords on a dictionary word, name, place or date. use long passwords use different passwords for different places.
3. Stay current with updates - download and install all available security patches for your OS, as well as new anti-virus definitions, etc. For example, all Windows-based computers should have the latest service pack installed. Also check the Windows Update site on a regular basis (or use automatic updates) for the latest security updates. 4. Use the encryption available to you - FTP/SMTP/HTTP and many other protocols widely used on the Internet transmit information in ASCII (clear text). What that means is, all information transfered to/from servers, including your passwords is transmitted in
clear text, and is readily available to any network device it passes through to get to its destination. When possible, use the secure variations of those protocols to avoid personal information being transmitted unencryted.
Multi-Layered Security Approach 1. Hardware Firewall ( and/or optional software firewall) Firewalls basically filters all network traffic, block ports and inspect packets in order to protect your PC or LAN from unauthorized entries. Some firewall solutions include additional functionality that allows you to detect and gather information about any intrusions. There are different types of firewalls of different complexities, however most of them allow for you to close unused ports from being accessed externally. Computers with always-on Cable Modem, DSL or similar broadband connections to the Internet have mostly static IP addresses and are online much longer than those with dialup connections, which by itself increases the security risks and justifies installing a firewall for protection. For reference, some established brandnames are SonicWall, ZyXEL ZyWALL, ZoneAlarm, BlackICE, etc. 2. Anti-Virus Software - with the increasing popularity of the Internet, viruses and trojan horses have become more common simply because of people's ignorance and PCs being interconnected in a network, communicating with each other much more easily. Some viruses have caused havoc on the Internet, spreading with alarming rates through email or other similar means. Installing a good Anti-virus software (and maintaining virus-definitions current) is a must, or you are bound to become a victim of some virus/trojan horse at some point in time. I'd recommend installing one of the leading products, such as Norton Anti-virus for compatability, ease of use, eficiency and fast response to new threats. 3. Anti-Spyware Software - your every action online could be recorded withour your explicit permission ! The least we can do is bring this to your attention, so you have the choice and are well aware before giving away personal information. The issue begins with marketing, companies trying to collect consumer information, demographics, or in some cases personaly identifiable informaton about users. It's accomplished through their software installing Spyware, or Trojans on your computer, usually without your knowledge or consent, and then forwarding the collected personal information to their data collection facilities... The gathered information is then potentially being sold and combined with other databases to build up profiles of individual web users, usually for direct marketing purposes. It might sound like sci-fi to the uninitiated, but it is real, and it is happening every day online. Your privacy is being invaded. For anti-spyware software solutions, you might want to look up: Lavasoft Ad_Aware, Gibson Research OptOut, SpyCop, WinTasks Pro, etc. Many such anti-spyware programs block advertisements on websites as side-effect of protecting your privacy.... I'd also like to bring up the fact that not all advertising is evil. Many websites, including ours rely on banner advertising as a source of revenue, the bandwidth used in serving you with free information costs money and it is paid for by advertising. Blocking ALL ads just hurts independent websites sponsored by banner
advertising.
Conclusion One should be aware of all the major security threats, especially when connected to a large network, such as the Internet. With all the above precautions in mind, the Internet can be a fun, (almost) safe place to explore ;)
5 Ways to Improve your Wireless Network 2007.09.28 15:19 EST by Comtrad
While installing a wireless network may seem trendy, it makes good business sense. You have the flexibility and convenience of working untethered, plus you won't have to pay someone to come in and reroute network cables if you hire new employees or reconfigure your office floor plan. Setting up a wireless network requires thought and planning. We spoke with Doug Potts, a security specialist at CDW, to find out what you can do to ensure their network works as smoothly and as securely as possible. The five steps to improving your wireless network are listed in order of their cost and complexity. Whether you take one or all five depends on the size of your budget and the level of security you need.
1. Set Up Wireless Encryption Encrypting your network makes it difficult for hackers to crack in and use your wireless connection, access your data or other perform other malicious actions. "Encryption's an effective hacker deterrent," said Potts. "The thought of trying to hack a 128-bit or 256-bit cipher is enough to send a hacker packing — and looking for an easier target." You have two types of encryption from which to choose: WEP and WPA with AES encryption. Potts likened 128-bit WEP encryption to a barking dog that frightens off a burglar. "Now AES, that's 256bit — an even tougher type of encryption," Potts said. "That's like having the dog, an alarm system and a guard out front." According to Potts, the 128-bit WEP encryption can be cracked, but it can take up to four hours of work to do it To date, he says, 256-bit AES has never been cracked. Most wireless access points (APs) support both WEP and WPA standards, but not all client cards (the Wi-Fi card that plugs into your laptop) support AES encryption, which requires a dedicated chip. "At the very minimum," said Potts, "everyone running a wireless network should have WEP installed and turned on."
Typically you'll pay about $50 to $100 more for an AP that supports AES. Potts says that if you're installing a wireless network for the first time, it's a good idea to invest in the security features that WPA offers. If you already have a wireless network, Potts recommends upgrading all of your APs to WPA over time as your budget allows.
2. Stick With the Same Vendor Buying your APs and Wi-Fi cards from the same vendor increases your network performance and reduces compatibility issues, since not all vendors support the same features. Potts sited a feature called "Turbo mode" as an example. "Some manufacturers build a Turbo mode into their APs and Wi-Fi cards," he said. "It's supposed to double your network throughput, but it only works if all your cards come from the same vendor. It could even be available only on a specific card within a vendor's line." Potts continued, "D-Link has an AP and a Wi-Fi card that are specific to the Turbo mode feature. The company makes lots of cards and APs, but not all of them support that feature. This is true of most vendors," Potts said.
3. Do a Site Survey Potts likes to ask his customers a question — Do you know where your wireless signal is? Unless you know exactly how far your wireless network reaches, and in what directions it travels, chances are you're leaking a Wi-Fi signal that anyone with a laptop and a Wi-Fi card — including hackers — can use for free. "A site survey will tell you exactly how far your signal reaches," said Potts. "Take your laptop and Wi-Fi card and call up the utility that measures signal strength, [each maker has it's own — Cisco's is called ACU] and walk around your office with the utility running. That will tell you how far the signal reaches and the signals strength," said Potts. There's also lots of software that can help you do site surveys, such as the programs from Wireless Valley. "If the signal's strong throughout the office, then go outside and keep walking around to see how far it leaks," he said. "I work on the fifth floor of a building in downtown Chicago, and when I'm in my office and I turn on my laptop, I can access the unprotected network from the coffee shop on the first floor." Small businesses need to be aware that their network's AP signal could be traveling further than they want and creating a potential security breach. Potts pointed out that encryption offers a good deal of protection, but the longer someone has access to your network, the greater the chance they can crack it. "Remember WEP encryption can be cracked," [argh] said Potts. "If your signal leaks out into the parking lot, you're giving someone the time and opportunity to hack you. If the signal's contained to your office, you significantly reduce the likelihood of an outside attack."
4. Place Your Wireless Network on Its own VLAN Potts explained that a VLAN, or Virtual Local Area Network, is a way of segmenting your network so that employees can access only the job-related resources they need without having access to the entire network.
"Not everyone needs to know everything," said Potts "This is a way to add a layer of internal data protection to your business." This is a somewhat more costly addition to a wireless network, but a good option if your business requires compliance with HIPAA or other types of state and federal regulations or you want to make sure that your personnel or other backend data isn't readily accessible. Potts pointed out that high-end equipment manufacturers typically support VLAN capability. "You'll find VLAN in Cisco, Proxim and 3Com products," said Potts, "but not in Linksys, D-Link or NetGear."
5. Set Up a Secondary Authentication Mechanism Authentication is a way that people can prove they are who they say they are in order to access a network or any secure area. The most common authentication method is the user name and password. Potts said that companies that deal with highly sensitive data might want to consider adding a second method on top of the type they currently employ. "Of these five steps, this is the most expensive option," he said. "A company would need to invest in a RADIUS server, which can range anywhere from $3,000 to $8,000 dollars depending on the size of the company." However, a number of low cost solutions for small businesses exist to help them use authentication servers that utilize the protocol called 802.1X. They include software packages like LucidLink or Elektron that runs on a local computer to turn it into a RADIUS authentication server, or hosted RADIUS like WSC Guard or WiTopia.net.
How DSL Internet Access Works Your Knowledge Connection 2004.05.04 14:34 EST by Gareth Marples
Ah yes – the world of digital. It appears to be a world of technological advances all geared towards developing more speed. More speed creates, in turn, better audio, better video, faster downloads. And speaking of downloads, have you ever sat in front of your computer and waited…and waited… and waited…and…well, you get the picture. At least, eventually, you probably got the picture. And the technology that brought you that picture is DSL. So, to give you a better understanding of how DSL Internet access works, we’ll take a simple look at a complex process. DSL is, technologically, quite complex. But we’ll try to create an easy-tofollow picture for you. Here we go.
It all starts with a telephone line First, we’ll look at the telephone line. The wires that connect your home or small business to a
telephone company are made of copper. These wires are wound around each other and are called twisted pair. You exchange voice information over the POTS, and the type of signal used for this is called an analog signal. This analog signal is acoustic in nature, but is converted to an electrical equivalent in terms of volume and pitch. The signal is transmitted through the wire on a selected frequency. To properly understand DSL, we first need to know what frequencies are. Think of it this way: Split a telephone wire lengthwise into sections. Each section is a frequency. You can send information along this frequency in the form of a signal. The transmission of the signal is converted into cycles per second, each cycle being known as a Hertz. (For example, a megahertz (MHz) is one million cycles per second.) Each hertz can carry a signal along its separate frequency. The total range of frequencies, expressed in Kilobits per second (Kbps) is called the bandwidth. Now, getting back to your telephone conversation, human voices, speaking in normal conversational tones, can be carried in a frequency range of 0 – 3,400 Hertz ( a very small frequency). Because telephone companies limit the frequencies carried over the lines, the phone system can pack lots of wires into a very small space without worrying about the interference between lines. This is good news for DSL –they can use the large amount of space left on the lines to transmit digital signals.
DSL offers far faster signal speed – but not too far So now DSL could use the available space on the phone line to transmit high-speed digital signals. As soon as they’d established their basic system, improvements were sought. Different types of DSL were developed. Most DSL users are connected to one of these new developments, an ADSL (asymmetric DSL) line. ADSL divides up the available frequencies in a line. Because most Internet users download more information than they upload, it was logical to make the connection speed from the Internet to the user four or five times faster than the connection from the user back to the Internet. So ADSL offers far faster speed – but, as we mentioned, not too far. Not too far from what? The CO (Central Office). Distance is a major factor in ADSL technology. As you get farther away from the CO, your signal gets weaker and your connection speed gets slower. The limit for ADSL service is 18,000 feet (5,460 meters). Maximum downstream (Internet to customer) speeds are up to 8 megabits per second (Mbps) at a distance of about 6,000 feet (1,820 meters), and upstream speeds are up to 640 Kbps. So when you’re ordering your DSL, make sure to ask how far you are from your CO.
ADSL systems compete There are two completely different competing standards for ADSL. American National Standards Institute (ANSI) is the primary organization for fostering the development of technology standards in the United States. The standard they set for ADSL is a system called discrete multitone (DMT). Most ADSL equipment today uses DMT. The earlier standard was the carrierless amplitude/phase (CAP) system, which was more easily implemented. The CAP system divides the signals on the telephone line into three bands:
• •
0-4 KHz (kilohertz): the standard for POTS; carries voice conversations 25-160 KHz: the upstream channel
•
160-240KHz: the downstream channel
This system, with the three channels widely separated, minimizes the possibility of interference between the channels on one line, or between the signals on different lines. DMT also divides signals into separate channels, but instead of using two broad channels for upstream and downstream data, it divides the data into 247 separate channels, each 4 KHz wide. Each channel is monitored and, if the quality is poor, the signal is shifted to another channel. This system constantly shifts signals between different channels, searching for the best channels for transmission and reception. DMT also uses some of the lower channels as bi-directional channels. These frequencies can be used to transmit upstream or downstream information. All this information going up and down, along with monitoring the quality of it all, makes DMT more complex to operate than CAP, but it’s much more flexible.
Of course, nothing runs without equipment ADSL used two pieces of equipment, one at the customer end and one at the DSL provider end. At the customer end, there’s a DSL transceiver, commonly known as a DSL modem. The modem is the point where data from the user’s computer is connected to the DSL line. We’ve already determined that the signal sent by the telephone company is an analog signal. The purpose of the DSL modem is to convert this signal back to a digital form that your computer can understand. The DSL service provider has a DSLAM (a DSL Access Multiplexer) to receive customer connections. This piece of equipment is what really allows DSL to happen. A DSLAM takes connections from many customers and combines them into a single, high-capacity connection to the Internet. It’s able to support multiple types of DSL, as well as different types of protocol and modulation, including CAP and DMT, in a single central office.
It all comes together on your computer screen So now we’ve tracked the journey of the information you see on your computer. ADSL is the form of DSL that’ll become most familiar to home and small business users. Using ADSL, up to 6.1 Mbps of data can be sent downstream and up to 640 Kbps upstream. The high downstream bandwidth means that your telephone line will be able to bring motion video, audio, and 3-D images to your computer or hooked-in TV set. Also, a small portion of the downstream bandwidth can be devoted to voice data, and you can hold phone conversations without requiring a separate line. So now you’re connected. Now you know how DSL Internet access works. Now you can sit at your computer, knowing why, occasionally, your computer slows down. But, hey, don’t worry – you can still talk on the phone while you wait!
About The Author Gareth Marples is a successful freelance writer providing valuable tips and advice for consumers purchasing internet service providers, free long distance and discount web hosting. His numerous articles offer moneysaving tips and valuable insight on typically confusing topics. This article on "How DSL Internet Access Works" reprinted with permission. © 2004 - Net Guides Publishing, Inc.
Wireless Broadband service and LONG Range 2007.02.28 21:16 EST by db_2kwireless
SG, Thanks for such a great website that helps the end-user so much. However, I wanted to help out everyone that see’s your website find broadband access and help them with their routers and wireless networks. First a bit about myself, I own and operate two different Wireless ISPs. So I know a bit about Wireless technology, not to mention can get 802.11b radios to talk to each other at 25 miles apart! I can assure you that your home Linksys or D-Link, is’nt up to the challenge, but I bet I can help some people get more wireless access around the house! First, let’s start with Wireless ISP’s or WISPs. Believe it or not, there are thousands out there, most operating in the outlying underserved towns and areas outside of major cities. There are also quite a few inside big cities, doing what they do best. One of the best resources is www.part15.org. This is a group the helps WISPs and provides services and a compete state by state listing of any WISP that wishes to be listed. If you are tired of cable or DSL, in some cases, WISPs can deliver more bandwidth, faster, more reliably, and have better customer service! Sounds like an oxy-moron, an internet provider with good service, however, quite a few of these companies are 2-3 man shops, so your installer is the same guy who runs the network and bills you for your service. Having a single point of contact, and talking to the same guy every time is always a plus, you don’t have to tell your story to someone else who really doesn’t care because he is one of 300 people in this building that all they do is answer your calls. Also, unlike DSL or cable, most WISPs offer symmetrical service, that is, the same speed both ways. You will pay for this service, but, it is typically cheaper than other high speed connections. The best way to get started is to find yourself a WISP and contact them to see if you are in their coverage area. Once that happens, some companies can install within a few days, by placing an antenna on your roof that is close to your satellite dish for TV service. But don’t be fooled, there is a big difference compared to the services of Direct Way or other satellite internet providers. One of the biggest differences is speed; Direct Way offers a 400k package, where fixed wireless in most areas can go up to 6000k, and in some areas even higher, with packages in the 10-15meg area! The second difference is latency; the time it takes data to go from your computer to the internet and back. Most fixed wireless networks can get you to the internet in less than 5ms; compare that to the 20+ for DSL and cable and the 400-800ms that Direct Wayoffers. VoIP and online gaming is as fast as can be. Most companies offer no money out of pocket installation with a one or two year term, just like most DSL or cable operators. So I am sure that you can find something that will work for you. I mentioned that I can get 802.11b to go 25 miles, and yes, I have done this, I believe the longest was 110 miles, but that was not using off the shelf gear. So how do you get more range with your wireless router? First, you need to know what hardware you have. Most of your off the shelf routers or wireless access points use 60 milliwatt radios and 2db gain antennas. Some of the
more expensive devices are 100 milliwatts. To put this in perspective, 100mw (milliwatts) is .1 or 10% of a single watt. Very low power compared to the 1000 watt AM radio stations that are out there. Now we need to convert the milliwatts into db, so 60mw is 17.5db then you add your 2db gain antenna. You end up with a whopping 19.5db transmitter. Also note that every 2db doubles your signal. So by adding the 2db antenna you are doubling your output. This is good for home use, but just by swapping out the 2db antenna with say a 5db, you have now a 22.5db transmitter, plus your router can now hear 2x better, because the antenna also boosts what the router can receive! What if you put a 200mw or 23db radio on a 12db antenna! Ohhh ahhhh, now we are talking, 35db - what kind of range can you get out of that ? Well, long and short, as long as you are on a single floor not too much higher or lower than what your antenna is at, much longer range! That is because the 12db antenna has a much flatter signal, it only goes out at about 7 degrees from a straight line, but you can get some other antennas at say, 8db, that do much better, 20-30 degrees from center. Where to get these, well I recommend www.jeffcosoho.com, great place, and you can buy some serious hardware there, not to mention new 400mw radios! But be careful, it is against the law to go above 36db and in an area such as around your home; there would be no need for such equipment. Words of wisdom, I hope I hear some feedback and questions! Dennis Burgess
Related Documents
General Security Guide
May 2020 0
Security Guide
November 2019 9
Ibm Unix Security Guide
December 2019 9
Guide To Bluetooth Security
June 2020 4
75_label Security Administrator's Guide
October 2019 5