Got the kids a laptop for Xmas, so we have a total of 3 laptops and 2 desktops now. One of the desktops is physically connected to a wireless router and the rest of the computers connect to the internet via this router.
Road Runner provides free virus protection and a firewall, which I have downloaded to the main desktop. However, since this computer is rarely used, the virus definitions are frequently out of date. I periodically go in and download the updates but it’s very slow and laborious.
Questions:
Does RR’s virus protection and firewall programs cover the laptops which connect via the router? Currently I have Norton Anti-Virus and Firewall protection installed on each of the laptops, but I’m not sure if this is redundant.
Is there any way to have a router that is not connected to a desktop? I’d love to get rid of both desktops as they are dinosaurs that take up a lot of space, but I’m not sure of how/where I’d connect my router.
These desktops have a lot of personal information on them. Is there a safe way to recycle these where I wouldn’t have to worry about someone accessing my banking account files, etc.?
I’m pretty sure that your RR virus protection is only working on the machine where it is installed. They would be able to answer this firmly, but your Norton is quite fine. Check your Norton license – often they allow you to install it on 3 machines in your house or something like that.
You can definitely run your wireless router without a machine physically attached to it. You usually only need to attach to it with a wire for the initial setup out of the box. Don’t throw away your network cables, however. It’s pretty nice to be able to plug right into it to fix up something you messed up in the wireless config.
Your router is most likely functioning as three things: a NAT router (gives you internal IP addresses for your machines), a hardware firewall, and a network switch (those extra ethernet ports it has).
Though there is debate about whether the hardware firewall in your router obviates the need for a software firewall, it does mean that you don’t need to lose sleep at night if you don’t have a software firewall going.
No good answer for 3 since I usually turn spare machines into Linux servers. You should be able to find HD wiping software out there that can do a proper job of it.
Let me just throw some gasoline on this spark by saying that, in my neighborhood at least, I would lose a LOT of sleep if I wasn’t encrypting my wireless.
PunditLisa, are you using WEP or WPA? If not, then it’s trivial for anyone within a few hundred feet of your house to connect to your home network. The risks from this range from not such a big deal (e.g. someone freely mooching off your internet) to fairly serious (e.g. bored high school kids cracking your passwords and sifting through your documents). Neither WEP or WPA are flawless, but using either will at least provide a deterrant.
The drawback to WEP and WPA is that you need to set it up on the router and all the computers, but once you’ve gone through it once it’s not a terribly complicated task. If you want to set this up and have questions, please feel free to ask.
Subway Prophet, we’ve secured our router by only allowing specified MAC addresses to access it. For instance, the new laptop could “see” our wifi, but could not access it until I manually typed in its physical address at an internet address. Is that secure enough or should I also be encrypting the data from each laptop somehow?
Assuming that your router isn’t badly implemented or otherwise buggy, MAC address filtering is probably the best security you can muster reasonably – it simply forbids any system other than the listed ones from getting an address wirelessly (if you’ve got strangers able to physically connect to the router with an ethernet cable, you’ve got other problems.)
Most people go with WEP or WPA or somesuch just because it’s easier, but if you’re willing to type in the MAC addresses of every machine you want to access the router, you’re better off. If you’re excessively paranoid, you can do both, but I don’t think it’s necessary unless you live in a high-computer-crime area with skilled hackers carrying wireless packet sniffers hanging around outside your door.
MAC filtering is a very good first step. However, some wireless network adapters have the ability to spoof someone else’s MAC address, and since you can pluck MACs out of the air, it’s not a long stretch to see how someone could still access your network.
At home, I use both WEP* and MAC filtering, and every computer has a software firewall and decent antivirus. My level of paranoia may be higher than what is warranted in most situations, but I developed my attitudes seeing what the kids got away with on the high school network I maintain. Case in point - we had a student who was sniffing packets, looking for POP3 email traffic (usernames and passwords are broadcast more or less in plaintext), using his Windows handheld.
In your case, MAC filtering is likely to be enough of a deterrant for the casual cracker, especially if there are other full-time & unprotected wireless networks in your area to attract their attention. It all depends on what level of security you’re comfortable with.
*WEP and not WPA, but for no good reason. I really should be using WPA since it’s theoretically more secure.
What constitutes a high-computer-crime area these days? I envision a ramshackle neighborhood with skanky hard drives offering cheap porn from the curb, dim dirty LED displays barely visible in the depths of an alley, and an old dead Commodore 64 lying keyboard-down in the street festering in a puddle of its own memory leaks. (And you know it was the floppy drive that did it.)
If you live within a mile of a high school, then odds are there’s at least one kid on your block who is (a) smart, (b) bored, and (c) in posession of a wireless-networking computer that can run wardriving software. It’s not like it isn’t difficult to download and use - there’s a huge selection, and large support communities. It’s also not a “crime” to most kids, it’s just a curiousity to experiment with.
But like I said, it all comes down to what risks you are willing to put up with. You could run an open network for years and never be troubled because of it.
