Windows Client UPDATE, May 25, 2006: 5 Things You Can Do to Secure Your Wireless Network
Please take a moment to visit these advertisers' Web sites and show your support for Windows Client UPDATE.
- 5 Things You Can Do to Secure Your Wireless Network
- Editor's Note: Calling All Windows IT Pro Innovators
2. Reader Challenge
- May Reader Challenge Winners
- June Reader Challenge
3. News & Views
- WinHEC 2006: AMD Ships 64-Bit, Dual-Core Mobile Processor
- Tip: Download Wi-Fi Protected Access Support
- Featured Thread: "8866 2288 6600 8800 9966 7700"
5. New and Improved
- uvSoftium announces uvScreenCamera 2.1
- Tell Us About a Hot Product and Get a T-Shirt!
==== Sponsor: Macrovision ====
Learn how application packaging can cut your OS migration time while maintaining error-free deployment.
==== 1. Commentary ====
Securing Your Wireless Network; Understanding Wireless Bridges
by David Chernicoff, email@example.com
My commentary about solving wireless networking problems (May 11, 2006, InstantDoc ID 50339) generated quite a few reader questions, primarily about security and using wireless bridges. Based on those reader questions, my commentary details how to secure your wireless network and explains more about wireless bridges.
5 Things You Can Do to Secure Your Wireless Network
1. Put a password on your wireless router/access point (AP).
It’s amazing how often I come across wireless networks that retain the default router name and password. Every other security option is meaningless if the router isn't secured. You might also consider disabling remote administration unless you have a reason to administer the router from a location other than the local network.
2. Turn off broadcast of the Service Set Identifier (SSID).
By default, your router will broadcast your wireless network's SSID. The SSID will then be visible to anyone with a computer and a wireless networking card. However, before you turn off the SSID, you need to know the name of the wireless network should you want to access it, as turning off the SSID means you won't automatically be able to get that name.
3. Consider disabling DHCP.
If only a few systems access the wireless network, you might want to turn off DHCP and give the clients static IP addresses, which have to be assigned manually and must match the IP address range supported by the router. Otherwise, if you use DHCP, any DHCP client that finds the network will be assigned an address. Disabling DHCP is simple and prevents unauthorized users from getting a network-supplied IP.
4. Use MAC-address filtering.
MAC addresses are specific to individual network devices. When you type “ipconfig /all” at a command prompt in Windows, one of the items returned is titled Physical Address and consists of six pairs of numbers. These numbers are the MAC address of the adapter, which is stored in the network adapter ROM. You can lock down your wireless network by configuring your router to accept only connections from a specific list of PCs by their MAC address. Unfortunately, this is a time-consuming task if you need to add hundreds of PCs to the list. Once the list is created, however, adding individual PCs to it is simple.
5. Enable encryption.
Although Windows defaults to the 802.11 Wired Equivalent Privacy (WEP) standard when encryption is enabled, consider upgrading to Wi-Fi Protected Access (WPA). WPA provides a stronger security model than WEP, and you can download WPA support to Windows XP (if you don't already have Service Pack 2--SP2--which already has it). My tip (see below) references a URL for downloading the WPA support patch as well as other helpful URLS related to WPA. Regardless of which encryption method you choose, you should use one, even if WPA isn’t supported on all your clients.
Many brands and models of wireless routers and APs support these five tasks and when combined with them will provide solid wireless network security.
Understanding Wireless Bridges
You can find a broad range of wireless bridges, from products capable of connecting networks that are 50 miles apart to products that enable building-to-building connections to simple bridges that allow wireless networks to connect back to wired components. I mentioned the last type in the May 11, 2006, "Windows Client UPDATE." These simple bridges are inexpensive units (typically from $100 to $400 depending on capabilities) that let you connect a wired Ethernet component to your existing wireless network.
In my home, I use a simple wireless bridge to connect my Turtle Beach AudioTron digital music player, which is attached to the stereo system in the family room, to my wireless network for access to the music server, which is on a wired network in my home office. The bridge also provides general Internet access to the player so that I can listen to Internet radio stations. This same type of bridge could connect any wired Ethernet networking device to a wireless network.
The more expensive wireless bridges offer greater management capabilities and are often referred to as workgroup bridges. They are generally used to connect wireless workgroups to larger wired networks.
Calling All Windows IT Pro Innovators!
Have you developed a solution that uses Windows technology to solve a business problem in an innovative way? Enter your solution in the 2006 Windows IT Pro Innovators Contest! Grand-prize winners will receive airfare and a conference pass to Windows and Exchange Connections in Las Vegas, November 6-9, 2006, plus more great prizes and a feature article about the winning solutions in the December 2006 issue of Windows IT Pro. Contest runs through August 1, 2006.
To enter, go to this URL:
==== Sponsor: Thawte ====
Discover how to ensure efficient ongoing management of your digital certificates, how your business will benefit by addressing unique online security issues and more!
==== 2. Reader Challenge ====
by Kathy Ivens, firstname.lastname@example.org
May 2006 Reader Challenge Winners
Congratulations to the winners of our May 2006 Reader Challenge. A copy of "Running QuickBooks in Nonprofits" (CPA911 Publishing) goes to first-prize winner Meg Leviston, of New Jersey. Second prize, a copy of "Windows XP Annoyances for Geeks, Second Edition" (O'Reilly & Associates Publishing), goes to Phil Dalton of Hartlepool, UK.
June 2006 Reader Challenge
Solve this month's Windows Client challenge, and you might win a prize! Email your solution (don't use an attachment) to email@example.com by June 13, 2006. You MUST include your full name, and street mailing address (without that information, we can't send you a prize if you win, so your answer is eliminated, even if it’s correct).
I choose winners at random from the pool of correct entries. I’m a sucker for humor and originality, and a cleverly written correct answer gets an extra chance. Because I receive so many entries each month, I can't reply to respondents, and I never respond to a request for a receipt.
Look for the solution to this month's problem at http://www.windowsitpro.com/articles/index.cfm?articleid=50406 on June 16, 2006 or in the June 22 issue of this newsletter.
The June 2006 Challenge:
A reader wrote to say she was trying to keep up with the "language" of computing. Her message included this long sentence: "How can you have a disk Zero, in English zero means nothing or non-existing, and on computers running Windows what's the boot partition supposed to do and what's the system partition supposed to do, because we have some computers with separate boot and system partitions and the files they hold don't match the names, how am I supposed to keep this stuff straight?"
I won't ask you to answer or explain the language "Disk0" since the only real answer is "because." It's just one of those things. But your challenge for June is to explain the difference between a boot partition and a system partition.
==== 3. News & Views ====
by Paul Thurrott, firstname.lastname@example.org
WinHEC 2006: AMD Ships 64-Bit, Dual Core Mobile Processor
Microprocessor maker AMD recently plugged the final 64-bit hole in its lines of microprocessors by releasing a dual-core version of its 64-bit Turion processor for mobile PCs. AMD now offers 64-bit dual-core microprocessors for server, desktop, and mobile computers, a feat that even Intel has yet to accomplish. Additionally, AMD shipped a new version of its Athlon 64 desktop processor, which comes with a new socket connector, support for faster DDR2 memory, and AMD's virtualization technology.
To read more, go to the URL below.
==== Events and Resources ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )
Consolidate Windows Event Log and Unix Syslog to save money and ensure continuous compliance. Also identify 50 critical events you should be monitoring for!
Live Web Seminar: Tuesday, June 6, 2006.
Win a new iPod (for Mac or PC)
Download a Windows IT Pro podcast on Windows IT Pro Radio by your favorite author, editor, or industry figure. You'll automatically be entered to win!
Industry expert Mike Otey explains how to design high availability options for your SQL Server 2005 environment. He'll also cover Windows clustering, database mirroring, and online operations.
Live Event: Wednesday, May 31, 2006; 12 noon Eastern time.
Learn to gather evidence of compliance across multiple systems and link the data to regulatory and framework control objectives. On-demand Web seminar.
Learn all you need to know about code signing technology, including the goals and benefits of code signing, how code signing works, and the underlying cryptographic and security concepts and building blocks.
===== Featured Whitepaper ====
How much are you spending on IT compliance? Streamline and automate the compliance life cycle with this FREE white paper, and reduce your costs today! http://www.windowsitpro.com/go/whitepapers/scalable/compliance?code=0524featwp
==== 4. Resources ====
Tip--Download Wi-Fi Protected Access Support
Wi-Fi Protected Access (WPA) support is included in the Windows XP SP2 release. For complete details on using this capability check out http://support.microsoft.com/?kbid=815485
If you aren’t using SP2 with XP, you can download the WPA support patch at http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=009d8425-ce2b-47a4-abec-274845dc9e91
Windows 2000 users can download a free version of McAfee Wireless Security that supports WPA at http://www.wirelesssecuritycorp.com/wsc/public/WPAAssistant.do Microsoft doesn't offer WPA support for OSs earlier than XP. --David Chernicoff
"8866 2288 6600 8800 9966 7700." What are these numbers and why is security expert, Mark Joseph Edwards, watching them? Read his post at the Security Matters blog.
==== Hot Release ====
Discover how virtualization solutions help you increase the ROI on your IT investments and be more agile at the same time.
==== Announcements ====
(from Windows IT Pro and its partners)
Memorial Day Special--Save 58% off Windows IT Pro
Subscribe to Windows IT Pro today and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful articles. This is a limited-time offer, so order now:
Access to 26,000 IT Articles
Become a VIP subscriber and get continuous access to ALL the content ever published in Windows IT Pro, SQL Server Magazine, and the Exchange & Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters. That's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and biannual VIP CD-ROMs that contain the entire article database. Order now:
==== 5. New and Improved ====
by Caroline Marwitz, email@example.com
A recent release from uvSoftium, uvScreenCamera 2.1 is a screen-capture application that lets you create animated presentations, tutorials, and movies. You can capture images, text, graphics, and mouse movements and mouse clicks and turn them into Adobe Macromedia Flash movies, as well as AVI and other movie files. The uvScreenCamera Notes Management system lets you annotate what you capture with titles, notes, and comments and choose what font, color, and style to incorporate. You can also add sounds to your captures, including voice and music. After you create presentation segments, you can combine and recombine them by dragging and dropping screenshots. The UVF playback format lets you play back movies without needing DirectX. The program runs on Windows 2003/XP/2000/NT/9x. A free download is available for preview at the uvSoftium Web site. A single-user license is $29.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows IT Pro T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you: firstname.lastname@example.org.
==== Contact Us ====
About the newsletter -- email@example.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- firstname.lastname@example.org
About your subscription -- email@example.com
About sponsoring an UPDATE -- firstname.lastname@example.org
This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!
Windows IT Pro is a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media Inc. All Rights Reserved.