Posted by Vince on 11/3/2009, 9:56 pm, in reply to "Re: Firewalls"
68.144.14.16
As I explained in other posts, a router is a sorting machine, allowing multiple computers to connect to the internet through a single IP address.
There are 4 wired ports on the router, permitting the connection of 4 separate computers -connected with cables- to the back of the router.
Additionally, on a "wireless router" there is a transmitter/receiver which allows up to 249 extra computers to be connected to the router through the air. (I previously said 253 I think but that was a mistake. There are a total of 255 addresses available but one of those addresses is used by the router backside itself and one is used for doing "intercom" work between all addresses).
It is THIS wireless connection which presents a considerable amount of "concern" for security.
Note, this wireless connection goes ONLY to the LAN side ...... the "local area connection" side and should not be confused with wireless internet service like Clearwire.
The router wireless is a concern for security because it doesn't care about walls. While it serves wireless home computers just beautifully, it can also easily service others nearby as well. If anyone is sitting in the house next door or out on the street with a wireless laptop ....... they can easily connect to YOUR router on wireless and become part of your "family." That's something you DON'T want to allow.
Why don't you want to allow it?
Because ........ the backside of the router with the 4 ports and wireless, allows ALL computers connected ..... to communicate with EACH OTHER! That is a bonus to owning a router because .... on TOP of providing individual connections to the internet for multiple computers, using the same IP address, a router also permits all of those individual computers to talk to each other "directly".
That means you can easily share files and folders between computers connected to the router ....directly. Supposing you have valuable files stored on your computer. You KNOW that hard drives ultimately fail and then you will LOSE those files. Well, if you store them on another computer too, you will always have a backup if ONE of the computer hard drives fails. Additionally, sometimes you just want to share some files with other members of the household. And ....... you may even want to be able to CONTROL some other computer in the household remotely. (I do that from time to time with my wife's computer. She sits upstairs in front of her machine and doesn't know what to do about something. I temporarily take over her machine with mine and then do stuff right in front of her eyes so she can see what I'm doing. It's a great learning method without hanging over shoulders).
All of this is just great in a family setting but ......... you DON'T want a stranger coming onto your local network by wireless and being able to do the same thing! For that reason, you want to LOCK OUT your wireless access to anyone outside of your known, trusted membership.
How do you manage to do that? If YOU can connect wirelessly, how can you stop anyone else from doing the same?
What you do is ENCRYPT the signal so it can only be read and sent by machines using the same encryption.
Encryption is a method of scrambling the communication so mercilessly, it looks like pure noise to anyone NOT having the encryption key. Whoever DOESN'T have the key to your own encryption system simply can't communicate with and through your wireless "access point" of your router.
Well, ok .......... ALL routers have encryption ability and they have a number of different methods or types of encryption methods available ...... when you buy them from the store. But ....... BECAUSE they want to make it easy for customers to just hook up and go, they have encryption turned OFF in the units. So you need to take a little time and set up the encryption in the router and then use the same password and method in each wireless-enabled computer, so that each machine can communicate freely with the router wireless.
In the early days of home routing, routers and computer wireless cards and game consoles etc. connected by the encrypting protocol of WEP (which stands for Wired Equivalency Protection). While this was a very good, solid encryption system, it was designed by engineers and not by security experts and ..... the engineers overlooked some obvious exploit possibilities on the system. Routers STILL have the WEP function available (for those still running old game machines etc.) but ...... it's now more of a standing joke than anything else. It can be cracked in a matter of seconds by anyone having the software to do it.
The improved system is called WPA (which stands for Wi-Fi Protected Access).
Within WPA are a number of possibilities, including TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard).
WPA - AES is the most advanced and least crackable of all. WPA -TKIP is still AWFULLY GOOD though!~
Whatever you can manage for the very best is best but some older wireless cards don't support AES and so TKIP is quite sufficient. All you REALLY need to be concerned about though, is that you choose WPA and NOT WEP.
How is the encryption created so that it's unique to your own household? You use your own password. The password creates the scrambling pattern for encryption. The longer and more complicated your password is, the harder it will be for anyone to guess it and also, the more sophisticated the encryption itself will be.
A good password contains upper and lower case letters as well as numbers. You might create it something like this:
Your name
Your birthdate
Your favorite drink
Intersperse ......
G29pL03iO19lR4sI6nAer
So that's GLORIA in upper case, birthdate, 29th day of the third month 1946 and favorite drink is Pilsner beer!~ Who would EVER guess that password in a 100 million years? And the encryption, oh my, how absolutely stupendous it WILL be!!
Problem is ........ you have to enter that same password on all wireless machines too! So it's good to put it onto a thumb drive and then just copy and paste it into the right spots.
(By the way, don't you DARE use that password up there! Once it's been seen it's never safe to use again).
-Vince
Message Thread:
« Back to thread
