Re: Security setup please comment:
From: Chuck (none_at_example.net)
Date: 02/13/04
- Next message: ky: "Re: Got trouble with dialup connection to another network"
- Previous message: jay: "can't set up dial-up connecttion on laptop"
- In reply to: Robert Perkins: "Security setup please comment:"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Feb 2004 10:14:21 -0800
On Fri, 13 Feb 2004 14:12:27 GMT, "Robert Perkins"
<rd_perkins@hotmail.com> wrote:
>Hi,
>
>I've setup a wireless network at home with a DLink router hooked to the
>cable. My desktop running XPPro is direct-wired to the router. My laptop is
>wireless running XPHome. I am not running IPX/SPX but TCP. I am not running
>Internet Connection Sharing. Each computer sees the internet directly
>through the modem. I'm running Norton Antivirus and ZoneAlarm Pro on both
>computers and keep them updated. I've configured the router to run WPA-PSK
>security and just on the chance, enabled the WEP security at 128bits also. I
>established one hex key of the four available.
>
>Four questions.
>1) What do I do in addition to be able to share the files safely,
>2) do I need to change some settings when I travel with the laptop and want
>to use a hotzone,
>3) which is better do do, set the shared property on specific folders and
>enable editing or move the folder to the shared folder area and
>4) do I need to the other 3 enter hex keys?
>
>Feel free to comment on the setup.
>
>TIA,
>Robert
Robert,
With XP Home, you don't have a lot of choices in securing the data.
Centralising all shared files in one area, or dispersing them across
the hard drive with additional sharing could probably be argued both
ways. Whatever is convenient for you, and allows you to best maintain
the data itself, would be best IMHO.
Observations about your LAN in general:
1) Disable DHCP on the router, and use fixed ip addresses.
2) Setup ZAP on both computers to only trust the other computer by ip
address.
3) Is your PSK non-trivial? Something more complex than "My dog has
fleas"?
4) MAC filtering is a trivial protection but it does help.
5) Does the D-Link have a wireless access log? Make reviewing it a
regular activity. Look specifically for access attempts blocked,
indicating possible hostile wireless activity.
6) Likewise the ZAP log on both computers.
7) The D-Link router firewall log, if it exists (I use Linksys, and
don't know D-Link) is good for watching for internet threats.
On your computers:
1) Setup a non-administrative account with a non-trivial name and
password, and use it routinely, on both computers.
2) Disable or rename the administrative accounts on both computers.
If you rename them, use different non-trivial names on both.
3) Harden your browsers. Here are useful websites:
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/sid-93434ddfeb49fb2573500c9302d9227d/index.php
https://testzone.secunia.com/browser_checker/
4) Keep all software up to date.
5) Add spyware protection to your list. Spyware protection is as
critical as virus protection - AdAware, HijackThis, and Spybot are all
free and all complement each other.
6) Stay educated. Useful websites:
http://isc.sans.org/index.html?type=0
http://www.cert.org/
You might get more advice from posting in
microsoft.public.windows.networking.wireless too.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: ky: "Re: Got trouble with dialup connection to another network"
- Previous message: jay: "can't set up dial-up connecttion on laptop"
- In reply to: Robert Perkins: "Security setup please comment:"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
