Wireless - Is Security Needed?

[California]

I've had a wireless setup that used the list of accepted MAC's for security.

Now I'm setting up to share my DSL with a rental tenant, and I'm wondering if the router's DHCP provides sufficient security from outsiders getting into our pc's.

I'm not too concerned about some stranger simply accessing the internet through my connection, I'm sufficiently remote that I would see him parked within range. (Or could a Pringles-can antenna let him in from across the canyon, 1/2 mile or more?)

How do others deal with this?

 

[MikePA]

From a legal perspective, be sure your DSL contract allows you to share it with a non-family member. Sometimes there's language in the contract that specifically forbids this, as well as forbidding reselling the service.

Regardling wireless security, I have my access point set up to use both encryption and MAC address authentication. Plus all my PCs run ZoneAlarm intrusion prevention.

When the tenant connects to to your access point, he is on your internal network and will be able to see any resources, e.g., printers, shared files/folders, on it.

Just curious, why doesn't your tenant get their own DSL connection?

 

[rickmacheske]

Mike,
Is that really true regarding connecting to the access point? I wish it was. My wife and I both bring our laptops home from work and do not have a problem connecting to the internet but we can't connect to the home network shared resources (printers and shared files) through wireless. I thought they need to be set up for the same network (same workgroup). Unfortunately because both my wife and my company use specific set ups we can't change the workgroups without messing up the configuration. I would think that if you used a very specific workgroup in your home and didn't tell your tenant you could do that if you trusted the tenant to not try to sabotage you. Mike, if you can tell me how to get into the network to print, etc using a seperate workgroup I would appreciate it.
Thanks,
Rick

 

[MikePA]

Devices have to be specifically shared, i.e., right click on the device or bring up the Properties page, select the Sharing tab, and specify sharing. Also, it wouldn't be unusual for the people who set up your work laptops to restrict their ability to connect to other networks. They might also have an intrusion detection product, such as ZoneAlarm, set up to not allow access into the laptop or out of it to any other networks. Even with WindowsXP (Home or Professional), the built in firewall can make sharing difficult.

How is your printer set up? Is it connected to one PC or is the printer connected directly to the network? If it's connected to another PC, bring up the Properties of the printer, select the Sharing tab, and allow sharing. You will have to give it a name. Once this is complete, all other PCs on the network should see it. Keep in mind that sharing a printer that's physically connected to a PC, means that PC must be powered up for others to be able to print to it.

Also, it's not a question of trusting the tenant. While they might be perfectly trustworthy, what if they are not running anti-virus software, or what if it's not up to date and they get infected? They could infect every other PC on the network. Plus there's the issue of whether it's even legal.

 

[riptides]

Why take a risk with your personnal information? Practice good security habits now, be aware of security threats, and don't take it lightly just because your "remote".

IMHO encryption is one of the better things one can do for specific data on a PC.

-Mike Z.

 

[MossRoad]

I've had a wireless setup that used the list of accepted MAC's for security.

Now I'm setting up to share my DSL with a rental tenant, and I'm wondering if the router's DHCP provides sufficient security from outsiders getting into our pc's.

I'm not too concerned about some stranger simply accessing the internet through my connection, I'm sufficiently remote that I would see him parked within range. (Or could a Pringles-can antenna let him in from across the canyon, 1/2 mile or more?)

How do others deal with this?

Your network has DSL service coming in to a DSL router, yes? That router should be set up to do NAT (network address translation). That way, the outside world can only see the outside IP address of the DSL router. They cannot see any IP address inside the router.

Then, on the inside of your router is your network. Anyone connecting to that wireless setup will be on the inside of your router running NAT. The outside world will not see them, either.

Something on your network provides DHCP. It may be your DSL router. It may be your wireless router. You may have a combination box that does both the DSL and wireless. Either way, DHCP just provides IP addresses to machines that request an IP address on the inside of your network. DHCP does not provide any security. ANY MACHINE THAT REQUESTS AN IP ADDRESS WILL GET IT UNLESS YOU DO SOMETHING TO RESTRICT IT! That means maintaining control of your hard wired netwrok and your wireless network. You should enable some form of encryption with a password or key so that anyone cannot get an IP address and start accessing your network. If you do that, then only give the key to your machines and your tennant's machines, you should be O.K., provided the tennant doesn't give your key away.

If you want to get comlicated, get a router that you can set up yourself and make one network for your house and a different network for you tennant. Then direct all traffic from both networks to the DSL router running NAT. The tennant will be able to access the internet and so will you, but neither of you will be able to see each other's machines.

If you download and run Zone Alarm, there are some features that will check to see how transparent or visible your machine is to the outside world. Run those tools and check. If you are running NAT, you should be invisible to the outside world.

As to your question about how far away someone can pick up your signal, that depends a lot on how much power your radio puts out, how good your antenna is, if it is inside or outside your building, and the surrounding terrain, etc... For instance, I have friends that run CISCO Aeronet radios. They run in the same public band as any other 2.4Ghz radios. With a small rubber ducky antenna they can go about 200' between two buildings. However, they have access to some very high towers, and have put directional antennas on them. They have a link that is 17 miles long! And that is with unamplified radios. So, there are extremes anywhere.

 

[Doc_Bob]

Now I'm setting up to share my DSL with a rental tenant, and I'm wondering if the router's DHCP provides sufficient security from outsiders getting into our pc's.

The risk to your computer is always greatest from inside the network. Virii, trojan, etc that someone brings into your PC are a far greater threat than someone on the outside looking in. I use a hardware based firewall and software based firewall. Plus virus scanner and Ad-Aware program. I run as a simple user in WINXP SP2, never as admin.
Bob

 

[Doc_Bob]

Now I'm setting up to share my DSL with a rental tenant, and I'm wondering if the router's DHCP provides sufficient security from outsiders getting into our pc's.

I "shared" my Cable modem for years with my neighbor. I setup the wireless. Worked fine. I used MAC as my primary method of "defense". Even MAC can be beaten. But do I care? All my neighbors were in their 70's. Only risk was from a road warrior who might drive around my neighborhood trying to get into my WI-FI. My elderly neighbors might have been hard of hearing, but they sure knew when an outsider was parking in the neighborhood. They were the best antihacker setup in the world.
Bob

 

[MikePA]

I "shared" my Cable modem for years with my neighbor.

This is why I mentioned in my initial post that California should check with his broadband supplier if doing this violates his agreement. I'm guessing it will, since it represents theft of service.

 

[Doc_Bob]

This is why I mentioned in my initial post that California should check with his broadband supplier if doing this violates his agreement. I'm guessing it will, since it represents theft of service.

You are correct.
Bob