I finally made it...

Jim Warman · September 10, 2006

... into the 21st century, that is,

We finally have our wireless LAN at work... My DSL modem at home crapped out so I decided this would be a good time to upgrade to enhanced DSL - especially with our local telco offering a free wireless gateway for the change.

My old wireless router went to work and now we have connectivity beyond my dreams including the PDS and IDS stations. Our toughbooks and our PDAs have built in wireless.

The really neat part is that this old dog has to show the pups how to use this new found power...

This is great since I can now access the on line PC/ED and OASIS without leaving what I'm working on. Now, if Ford can allow us instant messaging to hotline....

Torqued_Up · September 13, 2006

Wireless in a shop is definately the way to go. At my dealer we have been running LAN lines to all of the toolboxes that need them and the router was full. The company put in a wireless LAN when we got IDS and the guys with laptops can connect so I guess wee wil be pullin out the wires.

Kyle E. Grathwol · September 16, 2006

Hi Jim,

You may have already done this but I strongly encourage you to secure the wireless in your shop. Change the default password to your router, turn off the SSID broadcast and use 128 bit encryption. A MAC filter alone is not good enough as anyone sniffing packets in your parking lot will get your MAC addresses as it is broadcast with every packet sent accross the wireless. They can spoof your MAC and connect to your network.

When I'm not wrenching at work, I am doing computer work. I do it as a side business. You would be suprised as to how many kids drive around and look for unsecured wireless networks just so they can screw with people.

Jim Warman · September 16, 2006

Already did, Kyle.. but thanks for the heads up.

It's always a surprise when folks learn that the old dog in the shop is showing the pups how to work a computer... something about this stuff enthralls me and I try to keep up (wireless network at home for several years now).

Still, nothing is perfect so we choose to keep the shop networks as stand-alone with no capability to access the Ford network. It limits the utility a bit but we can still accomplish lots over the DSL connection.

pcassidy111 · September 23, 2006

Hi Jim,

You may have already done this but I strongly encourage you to secure the wireless in your shop. Change the default password to your router, turn off the SSID broadcast and use 128 bit encryption. A MAC filter alone is not good enough as anyone sniffing packets in your parking lot will get your MAC addresses as it is broadcast with every packet sent accross the wireless. They can spoof your MAC and connect to your network.

When I'm not wrenching at work, I am doing computer work. I do it as a side business. You would be suprised as to how many kids drive around and look for unsecured wireless networks just so they can screw with people.

Leaving your wireless network open is no big deal as long as your computer'S firewall and virus definitions are up to date. Living in the 'Silicon Valley' everyone has wireless networks-8 unsecured ones (and only 1 secured site) available from my easy chair-and most of my neighbors are techies. Some cities here are even going to city wide open access wireless networks.

So some kids are out 'WAR'ing on my IP address, they cannot access any of my computers and if the Fed's come knocking because of some illegal activity on my IP address they will find no evidence of it on my computers.

Kyle E. Grathwol · September 28, 2006

WOW. You are wrong.

1. Antivirus has absolutely nothing to do with wireless security-period. It does nothing to protect you from intruders.

2. Firewall? If someone is on your wireless, they are behind your firewall. They are on your network.

3. If you do not encrypt your wireless transmissions then any little meathead can read your e-mail, passwords, credit card numbers, etc. They can read EVERYTHING going across the wireless.

4. Without security on your wireless it is no different than someone connecting to your network with a LAN ethernet cable.

Always remember...THE INTERNET IS A HOSTILE PLACE.

Keith Browning · September 28, 2006

2. Firewall? If someone is on your wireless, they are behind your firewall. They are on your network.

I am no expert but I do have to question the above line because if your computer is running the right software with a firewall it still does not matter where protecting your PC is concerned. I do agree that putting up every possible wall or shield of protecions you can is the best way to go about it.

With either a wireless or wired network, if my computer is running it's own firewall then it really doesn't matter "who" is getting past my router in either instance.

I know this as fact because I have tried to connect to both of my computers with my wireless laptop from Work. One of my home PC's is using the wireless part of my router and one is wired to the same router along with my cable modem and my printer. All wireless computers are connecting with 128 bit encryption and its own key which without they CANNOT connect to my network and onto the Internet.

My point is, the even though all of my computers are "in" the network they cannot even see each other, let alone allow connections between them or from the Internet. I have tried, I have tried! /forums/images/%%GRAEMLIN_URL%%/banghead.gif As long as your computer is running a firewall and have file and printer sharing disabled you are pretty well protected. The way I have my PC's set up they are all almost running in true stealth mode. I say almost because even though I am running software that closes ALL NET BIOS PORTS I have read that is not totally fool proof. I don't believe any computer is impenetrable to an extremely skilled and determined hack.

Try these links for information:

http://www.grc.com/default.htm

https://www.grc.com/port_113.htm

Kyle E. Grathwol · September 29, 2006

My statement that you question about the firewall. I thought for sure Pete was referring to a hardware firewall in a router because within a network the Windows built in firewall does not block communication between PC's, which leads to my next statement. I hate to break the news to you Keith but the reason you can't see your machines is because you don't have a network set up. You are sharing an internet connection-that's all. Again, Windows firewall does not block that type of communication. Turning off file and print sharing STILL will allow you to see the other machines in the domain or workgroup. You need to run the network setup to have a network and see the other machines.

Your statement of dropping port requests refers to REMOTE machines/servers/networks trying to connect to yours from the internet. Machines connected wirelessly are LOCAL not remote.

This is starting to p*ss me off. All I did was offer Jim some advice and it is turning into a geek pi**ing match.

Keith Browning · September 29, 2006

Quote:

This is starting to p*ss me off. All I did was offer Jim some advice and it is turning into a geek pi**ing match.

It was not my intention to take it there nor was I trying to debate you. I was simply questioning something based on my findings, experience and knowledge which is apparently far depreciated from yours. I was actually learning something from you which is what these forums are all about. I don't know what else to say... sorry? /forums/images/%%GRAEMLIN_URL%%/shrug.gif Your input is welcome here and valuable to all. I actually had another question but now I guess I had better not.

Perhaps you could write a post with general advice and instructions on setting up networks and Internet connections and we'll make it a sticky thread! This is information I am sure everyone could use.

Kyle E. Grathwol · September 29, 2006

I apologize to you as well Keith. It is very hard to tell someone's attitude in a post. It appears as though I took yours and Pete's post the wrong way. I'm sorry.

Unfortunately I have dealt with many machines from good people who have lost their data or been hacked by little punks with nothing better to do in life. This causes me to preach computer security to everyone.

Go ahead with your next question and I would be honored to author a sticky in this forum.

Keith Browning · September 29, 2006

My troubles with networking all of my home PC's is that when I tried to set it up they did not see each other. I could even do a search for a specific computer's name and it would come up blank! But now, months later if I go into "My Network Places" I DO see the "Shared Documents" folders for each PC. Each PC also shows when you click on "View Network Computers."

I now see the difference between being protected from remote connections and from within a network, therefore securing both your wired and wireless networks is important.

The confusion is why did I have those problems setting up the network and why is it all magically working properly now? I understand the theory of turning off printer and file sharing and that is why only the shared documents folders are accessible.

I guess I wanted to have my cake and eat it too. I wanted full access to each PC from within my network but also protect them from outside connections and hacking. If I use a wireless/wired router that has it's own firewall is that the answer? Is that safe enough to trust and would that allow me to turn off file sharing?

By the way, I am not using Windows Firewall either. I use EZ Armor from Computer Associates.

Thank you for sharing you knowledge! /forums/images/%%GRAEMLIN_URL%%/rockon.gif

Kyle E. Grathwol · October 2, 2006

The issue was probably with your firewall. I use Zone Alarm. When I set up a network and I want to map a drive to another machine, I have to shut Zone Alarm off or else I can't hit the drive. When using an aggressive firewall I usually set everything up and then launch the firewall. When it detects the network I put it in the trusted zone and don't have problems after that. Make sure all of your machines are in the same workgroup.

Are any of your machines running Windows 2000 Pro? W2000 is a very good, stable and SECURE operating system. Consequently it can be a little finicky to set up a network.

As far as safe wireless is concerned, this is what I do.

1. Change the default password and SSID for the router. Changing the default password is very important.

2. Turn off the SSID broadcast.

3. Set up WPA or WEP encryption. You can only use the encryption level that all your devices support.

4. Enable the MAC filter in your router. You will have to manually add the MAC address of every device that you want to allow to connect to your router. To find your wireless mac: start>run>type"CMD">enter>type"ipconfig/all">enter and your mac for your wireless card will be visible as the PHYSICAL ADDRESS. Be sure to select the wireless mac because your ethernet mac will be listed also. It will look like 00-01-A0-AB-03-A0 but you may have to enter it into your router with colons 00:01:A0:, etc. Even with a mac filter you need encryption. Your mac is broadcast with every packet and can be sniffed and spoofed to gain access to your network. Encryption encrypts your mac.

Remember that a wireless device connected to your LAN is the same as having an ethernet cable plugged into it. It is local and not coming in through the internet.

Jim Warman · October 2, 2006

Zone alarm is good in some cases.... but it has created concerns in the past.... Most routers will incorporate a firewall that works very well without some of the trouble that zone alarm brings... Please note that I haven't used ZA for a few years and some of these issues ma have been resolved.

One thing that is important is to consider pop-ups and ActiveX controls. ActiveX makes our web browsing experience more enjoyable... but, if we allow pop-ups a rogue window can carry an ActiveX command in past our firewall.

Security isn't a one point deal.... we have to be careful every inch of the way...