|
Posted by =?Utf-8?B?dW5zdGFibGVtaWNyb3Nv on August 20, 2006, 6:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi. Since I recently have been studying networking in general, I understand
WAN's and LAN's better now.
But I have a question about my own network configuration, about what
something means, particulary with regard to safety/security, but also in a
broader perspective.
I'll outline my configuration briefly: ISP is cable company, from cable/wall
socket a cable goes to the cable modem, from there a cable goes to the
sitecom router, there is a wireless connection, using WPA-PSK encryption,
between that router and the adapter on my computer in a different room. No
other computers or devices in my network.
This morning my computer crashed, and I decided to deinstall and then
reinstall my wireless adapater (Sitecom).
This may not be clear to you or you may not understand it, but I've decided
to omit irrelevant information.
When I reinstalled the software of my wireless adapter, I saw, on the
software panel of the adapter, under profile setting, profile name and
network name, that it said "Sitecom". Just that, nothing else.
Since my router uses wireless encryption, I then instructed my adapter to
connect to the router, and I gave the adapter the WPA-PSK code it needed to
establish a connection with the router.
After having done that, on the adapters software "panel", under profile
setting, profile name and network name, it showed an entry called "sitecom",
and another entry, under profile settings, profile name, name
:"<infra-sitecom>", network name Sitecom. Network type: access point, channel
N/A (although there was an active connection!)
I decided to delete both entries, and to reestablish the connection by
choosing site survey, connect, and then I gave the WPA-PSK code. Vitually
instantly, a connection was established. Now, under profile setting, it shows
profile name <infra sitecom>, network name Sitecom. (Btw, it still stated:
channel N/A, while there was an active connection!)
So only one entry, instead of the two I had previously.
I don't really understand these entries. Please keep my configuration in mind.
I didn't see any point in having two entries, and thought that the plain
"sitecom" entry might pose a security risk, or that it at least was redundant.
So, can anyone shed some light on this ?
Is having <Infra Sitecom> as the only entry safe ?
Or was the other entry, plainly called "sitecom" of some use to me ? Again,
I don't understand this.
With this only entry, the wireless connection seems to work perfectly, and I
have had it configured that way for many months.
Also, I configured my McAfee firewall 7.x as a home network, and instructed
it to NOT trust my home network. Yet, mysteriously, I sometimes get log
entries in the log of incoming traffic (described as "unwanted connection
attempts", sorry, crude translation), although my router SEEMS to have a
firewall, according to several tests. Is there any connection between this
and what I stated in the previous paragraphs ?
Advice/insight appreciated.
Thanks.
|
|
Posted by S. Pidgorny on August 21, 2006, 6:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
If your access point requires WPA-PSK, and your wireless client connects,
then you _are_ using WPA-PSK and therefore your traffic is protected. I
prefer to avoid vendors' utilities and use Windows native client to avoid
issues like yours (and allow configuration with AD group policy ).
As for the client firewall, some details would help. It seems like your
firewall is doing what it is supposed to do (because it's logging traffic
appropriately) but you're unsure about your configuration itself?
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> Hi. Since I recently have been studying networking in general, I
> understand
> WAN's and LAN's better now.
>
> But I have a question about my own network configuration, about what
> something means, particulary with regard to safety/security, but also in a
> broader perspective.
>
> I'll outline my configuration briefly: ISP is cable company, from
> cable/wall
> socket a cable goes to the cable modem, from there a cable goes to the
> sitecom router, there is a wireless connection, using WPA-PSK encryption,
> between that router and the adapter on my computer in a different room. No
> other computers or devices in my network.
>
> This morning my computer crashed, and I decided to deinstall and then
> reinstall my wireless adapater (Sitecom).
> This may not be clear to you or you may not understand it, but I've
> decided
> to omit irrelevant information.
>
> When I reinstalled the software of my wireless adapter, I saw, on the
> software panel of the adapter, under profile setting, profile name and
> network name, that it said "Sitecom". Just that, nothing else.
>
> Since my router uses wireless encryption, I then instructed my adapter to
> connect to the router, and I gave the adapter the WPA-PSK code it needed
> to
> establish a connection with the router.
>
> After having done that, on the adapters software "panel", under profile
> setting, profile name and network name, it showed an entry called
> "sitecom",
> and another entry, under profile settings, profile name, name
> :"<infra-sitecom>", network name Sitecom. Network type: access point,
> channel
> N/A (although there was an active connection!)
>
> I decided to delete both entries, and to reestablish the connection by
> choosing site survey, connect, and then I gave the WPA-PSK code. Vitually
> instantly, a connection was established. Now, under profile setting, it
> shows
> profile name <infra sitecom>, network name Sitecom. (Btw, it still stated:
> channel N/A, while there was an active connection!)
>
> So only one entry, instead of the two I had previously.
>
> I don't really understand these entries. Please keep my configuration in
> mind.
>
> I didn't see any point in having two entries, and thought that the plain
> "sitecom" entry might pose a security risk, or that it at least was
> redundant.
>
> So, can anyone shed some light on this ?
>
> Is having <Infra Sitecom> as the only entry safe ?
> Or was the other entry, plainly called "sitecom" of some use to me ?
> Again,
> I don't understand this.
>
> With this only entry, the wireless connection seems to work perfectly, and
> I
> have had it configured that way for many months.
>
> Also, I configured my McAfee firewall 7.x as a home network, and
> instructed
> it to NOT trust my home network. Yet, mysteriously, I sometimes get log
> entries in the log of incoming traffic (described as "unwanted connection
> attempts", sorry, crude translation), although my router SEEMS to have a
> firewall, according to several tests. Is there any connection between this
> and what I stated in the previous paragraphs ?
>
> Advice/insight appreciated.
>
> Thanks.
|
|
Posted by =?Utf-8?B?dW5zdGFibGVtaWNyb3Nv on August 21, 2006, 1:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
You said: "use Windows native client to avoid
issues like yours (and allow configuration with AD group policy ). "
Btw, I have disabled the Windows client for networking/establishing a
connection with other microsoft computers (sorry, for the fuzzy description)
and the filesharing service of my network connection. (I have no use for
that) It seems that at one time that was advised by Steve Gibson at
www.grc.com, although I cannot seem to locate that advice on his site now. So
I'm not sure if I can do do what you suggest without reinstalling these.
I have Windows XP Home Edition service pack 2.
What native windows client could or should I use ? I don't know what you are
referring to. Btw, To be honest, I'm not sure that would be safer. I have
equipment from Sitecom.
The firewall I have is McAfee firewall 7.x, not the corporate version. Once,
a representative of McAfee claimed that it would be safer to configure my
firewall in such a way as to "trust" my home network. (I have it configured
as home network, which seems to be the appropriate thing to do).
That would be safer than not to trust it ... On another occasion, during a
chat with a McAfee employee I got a more ambiguous statement. I have a router
(connected to my cable modem by wire), wirelessly connected to my computer,
no other computers in that LAN. I would think, that instructing the firewall
to "trust" my home network, would mean that the McAfee firewall would "trust"
any data coming in through my router. That just doesn't seem a sensible thing
to do. My firewall is working more or less, although (don't ask me how !) I
sometimes get "attempts to established an unwanted connection" with IP and
port number in my log of incoming traffic. Usually it seems benign, sometimes
not. I don't understand how it gets through the firewall of my router, it has
some kind of firewall ... (that's about all you can say about that!)
according to several tests.
Maybe I shouldn't have bought the McAfee firewall and antivirus combo, but
the antivirus is still pretty good.
"S. Pidgorny <MVP>" schreef:
> If your access point requires WPA-PSK, and your wireless client connects,
> then you _are_ using WPA-PSK and therefore your traffic is protected. I
> prefer to avoid vendors' utilities and use Windows native client to avoid
> issues like yours (and allow configuration with AD group policy ).
>
> As for the client firewall, some details would help. It seems like your
> firewall is doing what it is supposed to do (because it's logging traffic
> appropriately) but you're unsure about your configuration itself?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> > Hi. Since I recently have been studying networking in general, I
> > understand
> > WAN's and LAN's better now.
> >
> > But I have a question about my own network configuration, about what
> > something means, particulary with regard to safety/security, but also in a
> > broader perspective.
> >
> > I'll outline my configuration briefly: ISP is cable company, from
> > cable/wall
> > socket a cable goes to the cable modem, from there a cable goes to the
> > sitecom router, there is a wireless connection, using WPA-PSK encryption,
> > between that router and the adapter on my computer in a different room. No
> > other computers or devices in my network.
> >
> > This morning my computer crashed, and I decided to deinstall and then
> > reinstall my wireless adapater (Sitecom).
> > This may not be clear to you or you may not understand it, but I've
> > decided
> > to omit irrelevant information.
> >
> > When I reinstalled the software of my wireless adapter, I saw, on the
> > software panel of the adapter, under profile setting, profile name and
> > network name, that it said "Sitecom". Just that, nothing else.
> >
> > Since my router uses wireless encryption, I then instructed my adapter to
> > connect to the router, and I gave the adapter the WPA-PSK code it needed
> > to
> > establish a connection with the router.
> >
> > After having done that, on the adapters software "panel", under profile
> > setting, profile name and network name, it showed an entry called
> > "sitecom",
> > and another entry, under profile settings, profile name, name
> > :"<infra-sitecom>", network name Sitecom. Network type: access point,
> > channel
> > N/A (although there was an active connection!)
> >
> > I decided to delete both entries, and to reestablish the connection by
> > choosing site survey, connect, and then I gave the WPA-PSK code. Vitually
> > instantly, a connection was established. Now, under profile setting, it
> > shows
> > profile name <infra sitecom>, network name Sitecom. (Btw, it still stated:
> > channel N/A, while there was an active connection!)
> >
> > So only one entry, instead of the two I had previously.
> >
> > I don't really understand these entries. Please keep my configuration in
> > mind.
> >
> > I didn't see any point in having two entries, and thought that the plain
> > "sitecom" entry might pose a security risk, or that it at least was
> > redundant.
> >
> > So, can anyone shed some light on this ?
> >
> > Is having <Infra Sitecom> as the only entry safe ?
> > Or was the other entry, plainly called "sitecom" of some use to me ?
> > Again,
> > I don't understand this.
> >
> > With this only entry, the wireless connection seems to work perfectly, and
> > I
> > have had it configured that way for many months.
> >
> > Also, I configured my McAfee firewall 7.x as a home network, and
> > instructed
> > it to NOT trust my home network. Yet, mysteriously, I sometimes get log
> > entries in the log of incoming traffic (described as "unwanted connection
> > attempts", sorry, crude translation), although my router SEEMS to have a
> > firewall, according to several tests. Is there any connection between this
> > and what I stated in the previous paragraphs ?
> >
> > Advice/insight appreciated.
> >
> > Thanks.
>
>
>
|
|
Posted by S. Pidgorny on August 22, 2006, 4:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
long as your access point configuration requires secure connection.
As for the McAfee's advise to trust your home network for better security,
it's wrong. The good practice is to trust no one for starters, and develop
your rule base from there.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
> Hi. Thanks for your answer.
>
> You said: "use Windows native client to avoid
> issues like yours (and allow configuration with AD group policy ). "
>
> Btw, I have disabled the Windows client for networking/establishing a
> connection with other microsoft computers (sorry, for the fuzzy
> description)
> and the filesharing service of my network connection. (I have no use for
> that) It seems that at one time that was advised by Steve Gibson at
> www.grc.com, although I cannot seem to locate that advice on his site now.
> So
> I'm not sure if I can do do what you suggest without reinstalling these.
>
> I have Windows XP Home Edition service pack 2.
>
> What native windows client could or should I use ? I don't know what you
> are
> referring to. Btw, To be honest, I'm not sure that would be safer. I have
> equipment from Sitecom.
>
> The firewall I have is McAfee firewall 7.x, not the corporate version.
> Once,
> a representative of McAfee claimed that it would be safer to configure my
> firewall in such a way as to "trust" my home network. (I have it
> configured
> as home network, which seems to be the appropriate thing to do).
> That would be safer than not to trust it ... On another occasion, during a
> chat with a McAfee employee I got a more ambiguous statement. I have a
> router
> (connected to my cable modem by wire), wirelessly connected to my
> computer,
> no other computers in that LAN. I would think, that instructing the
> firewall
> to "trust" my home network, would mean that the McAfee firewall would
> "trust"
> any data coming in through my router. That just doesn't seem a sensible
> thing
> to do. My firewall is working more or less, although (don't ask me how !)
> I
> sometimes get "attempts to established an unwanted connection" with IP and
> port number in my log of incoming traffic. Usually it seems benign,
> sometimes
> not. I don't understand how it gets through the firewall of my router, it
> has
> some kind of firewall ... (that's about all you can say about that!)
> according to several tests.
>
> Maybe I shouldn't have bought the McAfee firewall and antivirus combo, but
> the antivirus is still pretty good.
>
> "S. Pidgorny <MVP>" schreef:
>
>> If your access point requires WPA-PSK, and your wireless client connects,
>> then you _are_ using WPA-PSK and therefore your traffic is protected. I
>> prefer to avoid vendors' utilities and use Windows native client to avoid
>> issues like yours (and allow configuration with AD group policy ).
>>
>> As for the client firewall, some details would help. It seems like your
>> firewall is doing what it is supposed to do (because it's logging traffic
>> appropriately) but you're unsure about your configuration itself?
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
|
| Similar Threads | Posted | | turning a wireless router on and off | March 26, 2006, 10:11 pm |
| h4150 ipaq wireless card to a netgear router | May 27, 2008, 10:11 pm |
| wireless security | January 3, 2006, 1:20 pm |
| Wireless Security (WZC) | April 28, 2007, 10:12 am |
| Question about Wireless Security | September 20, 2006, 1:01 pm |
| Wireless connection security | October 7, 2006, 10:05 pm |
| Maximizing wireless security | January 26, 2008, 1:39 pm |
| Citrix, VPN, Remote Desktop and Wireless security | November 18, 2005, 4:05 pm |
| wireless driver security: don't work as non-admin | August 5, 2008, 1:54 pm |
| IE URL Security issue maybe? | October 5, 2005, 9:03 pm |
|
XML site map