Monday, November 09, 2009

How to secure your wireless network

Note: The following is a repost of how-to of the same name I wrote tonight at my IT notes site.

Intro

Do you have a wireless router and a wireless device and want to make sure your neighbours aren't freeloading your internet connection or snooping through your network? Follow these instructions to lock down your wi-fi.

Get what you need

  1. A router that has both wired ports and wireless capability.
  2. A computer with a wired connection to the router.
  3. A computer with a wireless network connection (it could be the same computer as in #2).
  4. A piece of paper large enough to write 5 lines of text on it. You will be filling in the following template:
    IP Address


    User Name


    Password


    SSID


    Passphrase

  5. A pen.
  6. Some adhesive if the paper in #4 did not have its own.

Let's get started!

  1. Plug your computer into the router (and switch off or unplug the wireless network adapter if your computer has both). This makes sure you're configuring the right router (and not your neighbour's) as well as gives you a way to fix it if you accidentally lock yourself out. Some routers only allow you to configure them through a wired connection anyway.

  2. Find out what your gateway's IP Address is. It will be something like 192.168.0.1 but it depends on the manufacturer and model, as well as the initial set-up.

    • Windows XP:
      1. Start > Control Panel
      2. Double-click on Network Connections
      3. Double-click on the Local Area Connection icon
      4. Click on the Support tab
      5. Write down the numbers that are next to Default Gateway as the IP Address.

    • Windows Vista and 7:
      1. Show the Start menu
      2. Type network connections in the search box and select View network connections
      3. Double-click on the Local Area Connection icon
      4. Click on the Details... button
      5. Write down the numbers that are next to IPv4 Default Gateway as the IP Address.

  3. Open your web browser and in the address bar, type http:// followed immediately by the gateway's IP address. For example: http://192.168.0.1

  4. You should be prompted for a user name and password. If you have never set this, then you have a few options for figuring out what the default user name and password are:

    • Find the little user's manual that came with the device. It should have a section on administration or remote access. Worst case, you flip through the 10-20 pages looking for either an image similar to what's on your screen right now or some mention of any of the following words: admin, login, password or user name.

    • Find a digital version of the user's manual:

      1. Go to the manufacturer's website. If it's not printed on the router anywhere, search the web.
      2. Navigate to their Support section of the website.
      3. Look for a Product or Model Search and type in the model number of your router.
      4. One of the links for your router's page (when you eventually find it) should be for the manual, usually as a PDF file.

    • Guess! Here are some common combinations:

      1. user name admin and no password
      2. no user name and admin as the password
      3. user name admin and password admin
      4. no user name and no password

    • Now that you have found the default user name and password, you should change them as soon as possible. Look under Tools, Advanced or Maintenance. Invent a password you don't use for anything else and write both the User Name and the Password on your piece of paper.

  5. Look for a Wireless or WLAN menu. You will know you have found the right page when you see words like SSID, WEP, WPA, Passphrase and Channel.

  6. Your Network Name is commonly called SSID. You change this from its default of default (or sometimes it's the manufacturer's name) and set it to something that's easy for you and your guests to know it's your router. Keep it simple and a single word if possible, like the name of a pet. Whatever you choose, write it down on your piece of paper.

  7. The next part is a little trickier. You usually need to select what kind of security you want. If you're reading this, you want to change it from None or Disabled to WPA.

    • Side note: Avoid WEP at all costs as it is too easy to break in. Protecting your wireless network with WEP is like putting a sign in front of a pool, kindly asking people not to go swimming. Protecting your wireless network with WPA is like building a fence around your pool. The most determined swimmers can still climb your fence, but casual swimmers that would not have been deterred by the "please don't swim" sign will go look for easier pools to break into.

    • Side note number 2: Your router might allow you to select WPA2. In my experience, this protocol is not as compatible with as many devices, so I would not recommend it.

  8. Now you get to pick a Passphrase (also known as a shared key). A passphrase is like a password, but it's longer and it can contain spaces. Pick an easy to spell one-liner that you and your guests can easily type, something like I am one with everything. It usually needs to be at least 8 characters long and, just like a password, it will be case-sensitive. When you have typed it twice, click whatever Save button there is and you're almost done!

  9. At this point, your router might want to think for a few seconds or maybe it will automatically reboot. In any case, wait 10-30 seconds and then try connecting to your router using a wireless-capable device. If you are using the same computer, unplug the network cable and then switch on (or plug in) your wireless network adapter. After another 10-15 seconds, you should get a message saying some wireless networks were detected and to click to see a list. You should see your newly-named wireless network in that list with a little padlock indicating it needs a key. If your network is not listed, you can wait another minute or two and then start over in case you got something wrong along the way.

  10. It works! Yeehaw! Now attach your piece of paper under your router using some light adhesive so that the next time you need to fix something, you will be able to skip steps 2 and 4. It will also be useful when you want to give your guests access to your wireless network; you won't have to try to remember anything, you can just lift up your router and read off the SSID and Passphrase to them.

Wednesday, August 19, 2009

HOWTO: Shop for a laptop

Note: The following is taken verbatim from an e-mail I sent a relative who was interested in purchasing a laptop. It's reposted here so I can share it with the world and subsequently link to it the next time I'm asked about it. That and some feedback from the public at large couldn't hurt!

The best way I found to shop for laptops is to find as many flyers as possible and cut them apart so you have playing-card sized pieces with the picture of the laptop, its price and its specs. The Future Shop and Best Buy flyers are great for this and sometimes the Dell, The Source and Staples flyers are useful too.

You then start to whittle it down by eliminating obviously too-expensive laptops and too-low end laptops. (i.e. those in the $3000 range and those with less than 2 GB of RAM) You just toss the pieces in the garbage. For the next iteration, you start looking more carefully at the specifications, pictures, etc. and tossing out those that don't fit your wants and needs. Repeat until you have about two or three left.

What you do next is you go to the stores, find where the two or three you have left are, and play with them for 5-10 minutes to see if there's a clear winner. If you can't tell the difference between the them, well, the least expensive wins. I recommend you sleep on it at this point.

Laptops usually come with a one-year warranty and you can purchase a few more years after that for up to 3 or 4, depending on the store. That can easily add $300 to the cost of the laptop, so you may want to decide on that before you even step into the store, otherwise you'll be asked to decide at check-out and making a decision about something that's almost 1/3 the cost of the product is not something you want to do quickly.

I would not recommend purchasing a laptop (over a desktop) unless the computer needs to be mobile and moved around a lot. You'll pay more for the privilege of having small pieces that fit inside a portable package and thus the same money could be spent on something more powerful with a bigger screen, etc.

Wednesday, April 22, 2009

On uninstalling Google Chrome

I finally gave up with Google Chrome on my laptop. Here's what popped up when I completed the uninstallation process, with my answers:

Google Chrome has been uninstalled.

Thanks for trying out Google Chrome. Please help us improve Google Chrome by telling us why you uninstalled it. Your feedback is much appreciated.

Which of the following best describes you?
I am uninstalling Google Chrome for now, but I may try it again in the future
I am permanently uninstalling Google Chrome
I am only uninstalling briefly. I am going to reinstall straight away (e.g. changing computer, upgrading operating system)

Why are you uninstalling Google Chrome? Please check all that apply
It doesn't load some web pages properly (please list any examples below)
It's missing some features that I use (please provide detail in the box below)
I'm concerned about privacy (please provide detail in the box below)
It seems to slow down my computer
It crashes too often
Other (please provide more details in the text box below)

Please provide any additional detail on your reason for uninstalling:

There are too many Firefox add-ons that I have come to rely on and using Chrome just leaves me "naked" in comparison. I blogged about this potential problem when Chrome initially came out: http://oliiscool.blogspot.com/2008/09/world-in-verdana.html

I first installed Chrome when I heard Gmail and Google Reader had exceptionally good performance in Chrome. This was true, but as soon as I clicked a 3rd-party link from within either, I felt I was abandoned and frequently would end up copy/pasting the URL into Firefox and continue from there.

I definitely appreciate the engineering skills and value of having a process-per-tab kind of browser, but that functionality alone is not sufficient for a heavy add-on user such as myself. In fact, I have checked the "slow down" checkbox since that model seems to in fact be a liability when viewing YouTube videos: I definitely notice much higher CPU usage from Chrome when visiting a site containing an embedded video than visiting the same page with Firefox.

Perhaps not all is lost: the process-per-tab model could still be applied to Firefox and a "Chromium Tab" Firefox add-on that worked similarly to the "IE Tab" add-on (in that it would enable the Webkit/Chromium engine on a per-tab basis) would be fantastic in my books.



So maybe I'll eventually re-install it. There's definitely value in the "application mode" as well, which hides the address bar and makes a "tab" its own window using the site/application's "favico" as the application window's icon, but that breaks quickly - as I described above - when you need to go outside that site/application. That "application mode" would also be a neat add-on/extension for Firefox. :)

Friday, April 03, 2009

Do you still not use a router?

I was helping out an extended family member over the phone the other night when I realized he would connect one of his two computers directly to the cable modem, in turn, depending on which computer he was going to use to get internet access.

This struck me as being very odd. Ten years ago, I was using hubs and later migrated to switches and then router/switch combinations to network computers. I just can't imagine what life would be like to have more than one computer in a house and not some sort of network between them.

More scary was that he called me on April 1st, the day the Conficker author(s) decided to freak everyone out. Since Conficker's primary infection mechanism was to exploit a vulnerability in a Windows service and he had just reinstalled Windows on that computer, I was worried he could get infected and warned him about the dangers of doing so.

In this case, a router would have not only removed the "unplug this computer, plug that computer" inconvenience but also have acted as a firewall between his computer(s) and the internet, therefore making it difficult to get infected by worms like Conficker just because your computer is connected to a [hostile] network.

Thankfully, I have an extra router lying around that I'll give him the next time I see him, but seriously, if you don't have a router, go spend $50 on a networking device that doubles as a firewall. Most internet software is NAT-aware these days, so you're no longer trading off convenience for security.

Monday, February 02, 2009

Ego-driven software development

(or "How M.C. Escher Would Have Packaged His Software")

This was too "good" to not blog about. I heard about IronPython Studio, a Visual Studio-based IDE for writing Python code for/with .NET tools. In order to install this interesting gem, you first need to install its pre-requisites, which is one of flavors of the "Visual Studio 2008 Shell": Isolated Mode or Integrated Mode. Sounds easy, right? Wrong!

The actual downloads seem innocent enough (I got both, just to be safe -- as an aside it was hard to tell which one would suit me best): they arrive as executables. Here's how many levels of "packaging" there are:
  1. Running either of vs_AppEnvRedist.exe or vs_ideredist.exe will create a temporary directory where the EXE's files are extracted and an "installer" is launched

  2. You accept the EULA and click next a few times and what do you end up with? "The redistributable package has been installed". That's right, you ran an installer that installed another installer. Total disk space needed for this (at apogee): 400 MB for the original download, 400 MB for the temporary files and 400 MB for the "redistributable package" = 1200 MB

  3. As you finish the first "installer", the temporary files are cleaned up, so we're back to consuming 800 MB. You run the second installer and the first thing it does is check its signature, which consumes 400 MB of RAM. It then proceeds to extract files to another temporary directory (400 MB again, although this time it's in a bunch of smaller files - 286 MB of which is various versions of the .NET framework), thus bringing our used disk space back up to 1200 MB. Those of you following at home will notice that I haven't actually installed anything useful yet. Accept another EULA, select the only feature (wut?), pick the destination folder and go (again)! At apogee: 400 MB + 400 MB + 400 MB + whatever installed size it was (I didn't check)

  4. Oh, it looks like we're actually done! What was I installing, again?

I'm reminded of Adobe Acrobat Reader installers from, oh, I don't know, ten years ago, before one-file installers were even invented. IronPython itself is available in a single MSI file, while IronPython Studio's download options are both available as an MSI file in a ZIP file.

There is no technical reason for this. There simply is no excuse for these fractal installers except that someone (or an entire team of someones) at Microsoft decided they needed to be involved in the supply chain that brings us internauts this bare Eclipse-wannabe that does not even include a text editor. I mean, seriously, the only thing that could have been worse would have been to wrap the whole thing in a "downloader" (like Visual Studio Express) or in an ISO 9660 file (like Visual Studio 2008 Service Pack 1).

I have a special offer for the person in charge of the Visual Studio team: I will personally come over and deliver atomic wedgies to everyone responsible for these shenanigans! Just give me a call; you know how to find me.

There is some good news after all this: IronPython Studio not only just works, but so does its debugger. Kudos to that team.