Log in

View Full Version : Another 802.11b Security Question


Pocket User
12-31-2002, 04:15 AM
If you set up a wireless router to handle sharing of your broadband connection but do not set up the file sharring networking part, could someone still access files on your PC through the wireless network? I'll be using encryption, of course, but I just wondered if it is still possible for someone adept at such things that is able to bypass the encryption to get at files on a PC in a set-up where files have not been set for sharing.

Hope this has made sense. I am really not all that familiar with networking. Sorry if this is a newbie question.

Thanks.

Janak Parekh
12-31-2002, 04:41 AM
This is actually a very good question. The answer is a bit complex, and stems to the fact you don't need a firewall or encryption, in theory; a firewall is just a second defense in case your machine has been opened up for some reason, and encryption prevents people from sniffing information in case it's unencrypted.

If file sharing is turned off in your PC, then no, no one should be able to access your files, unless you download and install or are already running a program/configuration that "opens up" your PC -- these "back-doors" may be intentional or unintentional, but they do exist in various forms.

By using a firewall, plus wireless encryption, plus turning off file-sharing, plus being judicious in which software you install, you should be pretty safe. While there are no guarantees, this is a good combination.

I use three different PC's as my main computers; two of them are firewalled plus encrypted wirelessly, and the third is not. All have file sharing enabled, but with appropriate security. None have been hacked into. I also have a Linux server completely exposed to the 'Net. It's all a matter of being careful, and the idea of firewalling or using wireless encryption is that you have additional defenses.

--janak

Pony99CA
12-31-2002, 12:15 PM
If you set up a wireless router to handle sharing of your broadband connection but do not set up the file sharring networking part, could someone still access files on your PC through the wireless network? I'll be using encryption, of course, but I just wondered if it is still possible for someone adept at such things that is able to bypass the encryption to get at files on a PC in a set-up where files have not been set for sharing.

I'm no networking guru, but I think you're confusing two things. Turning off file sharing prevents people from accessing your files (assuming no other security breeches). It doesn't really have anything to with encryption.

WEP encryption is primarily intended to prevent people from "sniffing" your network traffic, not protect your files. (Of course, if you were sending a file wirelessly, it would do both.)

Janak gave a pretty good answer, I think, but I view a firewall as a first line of defense on a LAN. Having a home LAN without file sharing defeats much of the purpose of the LAN, in my opinion.

Also, there are two types of firewalls. The hardware firewalls of most routers will prevent a lot of unwanted traffic from getting into your computer. However, if you get one of those backdoor programs, they won't generally prevent those programs from sending traffic out to other people.

To prevent that, lots of people recommend running a software firewall, like ZoneAlarm (http://www.zonelabs.com/store/content/home.jsp), too. I don't, because running ZoneAlarm on my laptop prevented me from accessing my company's LAN for some reason. However, if you just use your PC at home, you can get a free version if you go to their download area.

Steve

Janak Parekh
12-31-2002, 05:08 PM
Janak gave a pretty good answer, I think, but I view a firewall as a first line of defense on a LAN. Having a home LAN without file sharing defeats much of the purpose of the LAN, in my opinion.
Variety is the spice of life, eh? ;) I consider it a "second" defense, as my first defense is permissions and passwords. Comes from a background of having machines always connected directly to the Internet. But you're right, a lot of corporations use firewalls as "first" defenses... not sure I agree with that philosophy.

And there are a lot of people who don't do filesharing on their home LAN -- all they want to do is to share internet access (well, AOL to be precise, which they can't do anyway, because AOL sucks :pukeface:)

Oh, and by the way, make sure you install antivirus software and keep it up-to-date. It's amazing how a lot of people worry about hardware/software firewalls and then get infected with Klez. :?

--janak

Da_Brain
01-01-2003, 01:47 AM
Just reading the topic here as recently I got DSL (Finally Available here in the Sticks) and have all working Wirelessly via a LincSys Router/AP.

My Lap Top came with PC Cillan and I have been very happy with it. Now it's time to renew it for another year. When I was reading about PC Cillan update, they mention that included in their latest version is Firewalll Virus Protection and also PDA protection for the PPC, Palm and something else.

Are any of you using the latest PC Cillan with the above features? If so, have you run into any instali problems with their Firewall options?

I ask, cause they stress networking must be disabled before installing Firewall Option and that IM a bit leary of, as I don't want to hose my system or settings. Took me awhile to get where I am now--)))

Any Feed back woould greatly be appreciated and TIA!

8)

Janak Parekh
01-01-2003, 02:49 AM
Are any of you using the latest PC Cillan with the above features? If so, have you run into any instali problems with their Firewall options?
Can't really say, since I haven't used PC-cillin for years. Looking at the webpage now, the firewall might be useful, but I'd pass on the PDA protection bit -- virus protection on the Pocket PC isn't necessary at this point.

--janak

Pony99CA
01-01-2003, 03:46 PM
Are any of you using the latest PC Cillan with the above features? If so, have you run into any instali problems with their Firewall options?
Can't really say, since I haven't used PC-cillin for years. Looking at the webpage now, the firewall might be useful, but I'd pass on the PDA protection bit -- virus protection on the Pocket PC isn't necessary at this point.

I guess it depends on how much you keep on and your level of paranoia. If you have Beaming or Bluetooth always on, maybe you need it.

I don't know how many viruses are in the wild, but when I downloaded the PC-cillin software in Summer 2001, they had a few viruses listed. 8O I'd guess there are more now.

Steve

Pocket User
01-01-2003, 06:30 PM
That's a great help! As Janak alluded to, I am one of those users who just wants to be able to share my broadband connection. I am the only one in my household and for now, simply use my desktop PC. I recently purchased a Pocket PC and want to be able to check e-mail and perhaps, surf a bit from the Pocket PC. I like the idea of streaming MP3's via 802.11b and might be interested in doing that someday, but for now, I am just interested in e-mail and the web and not accessing files from my PC. When I set-up the wireless router, I want to do so in a way that others nearby can not access my PC (I live in a townhouse so there are lots of other homes nearby). That's why I asked this question.

I hope you guys don't mind, but I want to ask a bit more about your responses. First of all, is file sharing automatically turned off? I am using Windows XP Pro. I always kind of assumed that file sharing is something you have to set up and by default, is not permitted. Is my assumption correct?

Also, Janak, what do you mean by permissions and passwords. What do you use those for?

One other thing..and this must be a frequent question but I don't know its answer. The wireless router that I purchased includes a firewall. I am also using Norton Internet Security, which has a firewall. Will using them both be overkill? And if so, which one should I NOT use?

And finally, Pony99CA, why do you say " Having a home LAN without file sharing defeats much of the purpose of the LAN, in my opinion."

Sorry to ask so many questions.

Pony99CA
01-02-2003, 07:19 AM
One other thing..and this must be a frequent question but I don't know its answer. The wireless router that I purchased includes a firewall. I am also using Norton Internet Security, which has a firewall. Will using them both be overkill? And if so, which one should I NOT use?

As I said above, having a hardware and software firewall is recommended. Use both.


And finally, Pony99CA, why do you say " Having a home LAN without file sharing defeats much of the purpose of the LAN, in my opinion."

Because many home networks (at least in the past) were set up because there were multiple computers in the house. The reason this was done was to allow sharing peripherals and files among those computers.

With the Internet, this may welll have changed, though. More people may do what you're doing -- setting up a network just to share an Internet connection. I'm just more old-school, I guess. :-)

Steve

Jorgen
01-02-2003, 08:38 AM
>As I said above, having a hardware and software firewall is recommended. Use both

I assuem you by hardware firewall mean a router. Real hardware firewalls cost real money.

I agree if you have a dedicated Internet server (i.e. connect to the modem or router through a PC). If your router connects to the Internet, the place to put a firewall would be before the LAN/WLAN i.e. between the modem and the router; this could be a dedicated computer or a hardware firewall. Having firewalls on each computer is too much!

What I am trying to say is that it very much depends on the architecture.

Jorgen

Pony99CA
01-03-2003, 07:41 AM
>As I said above, having a hardware and software firewall is recommended. Use both

I assuem you by hardware firewall mean a router. Real hardware firewalls cost real money.

Sort of. I was referring to a router which implemented NAT or some other technique that had the effect of protecting users. My SMC router has NAT and packet filtering, for example.


I agree if you have a dedicated Internet server (i.e. connect to the modem or router through a PC). If your router connects to the Internet, the place to put a firewall would be before the LAN/WLAN i.e. between the modem and the router; this could be a dedicated computer or a hardware firewall. Having firewalls on each computer is too much!

What I am trying to say is that it very much depends on the architecture.

Of course it depends on the architecture. A business will have more sophisticated needs than a home user.

However, as I believe we're talking about home users here, how many would have a separate PC to dedicate as a firewall? For those that have a spare PC (like me), how many would want to try to learn to set one up to do this? Not me. You can install ZoneAlarm on all of your PCs for free (if you're a home user). For a typical home with 1-4 PCs, I don't think that's too much effort.

Steve

Jorgen
01-03-2003, 08:27 AM
I actually have two NAT routers: my Speedtouch Pro modem and my di-713p router. I wonder how much protection that gives in itself in terms of a break-in (as of course denial of service is still possible)?

Jorgen

Janak Parekh
01-03-2003, 05:09 PM
Just to cover the other questions you asked...

I hope you guys don't mind, but I want to ask a bit more about your responses. First of all, is file sharing automatically turned off? I am using Windows XP Pro. I always kind of assumed that file sharing is something you have to set up and by default, is not permitted. Is my assumption correct?
Actually, no. In XP Pro file sharing is turned on, but only certain folders, like "Shared Documents", are automatically shared.

If you want to explicitly turn off file sharing, go to Control Panel -> Network Connections -> Local Area Connection -> Properties -> and uncheck "File and Printer Sharing for Microsoft Networks".

Also, Janak, what do you mean by permissions and passwords. What do you use those for?
For example, if you had one person (e.g., your wife) who you wanted to give file sharing access to, but not children, you could set up a password on the file share so that only she could access it.

--janak