Computing and the Internet is full of terms that novices of the web may find confusing. This is a glossary with a basic description of some terms relating to the computer and internet world.

Bandwidth

Bandwidth is measured in bits per second and is the amount of data that can be sent through a network or modem connection. The higher than bandwidth, the more data that can be transferred. If the bandwidth is high it can cope with more visitors and more downloads. It also affects the speed at which the site loads.

Dashboard

A dashboard is a user interface used on many different types of software. From the dashboard you may get the options and see basic information about your account. The word is taken from a dashboard on a car, where you will see basic information like speed and mileage and reach option such as the gears and radio.

Desktop Publishing

Desktop publishing is where a computer is used to create a document. If words and images are created and combined in designing something, it is called desktop publishing. The creation of a poster using a computer is a good example of desktop publishing.

Encryption

When data is scrambled so it can only be decoded and understood by someone who it should be, it is called encryption. It is effectively a way of enhancing the security of confidential information so if someone who shouldn’t manages to access it, they won’t be able to understand it.

Facebook

Facebook is the name of a social networking website (see below for social networking) where users can create a profile of themselves and share information and photographs with other users who they have specified as a friend. Friends being able to post messages to each other is a popular feature of Facebook.

Firewall

This is software that prevents viruses (see below for virus) and other malicious programs from accessing a computer system. Its job is to spot programs and websites that could be dangerous, and they can prevent traffic from certain IP addresses.

Hard Disk

A hard disk is the internal memory (see below for memory) of a computer and somewhere you can save documents and other files to.

JavaScript

This is a programming language. It is used in the creation of web pages and is used for the dynamic and interactive parts of sites, such as rollovers and image rotation.

LAN

LAN stands for local area network, a computer network that is limited to a small area, such as an office or school. With a LAN, users (who will usually have a user name and password) will be able to access the same files and information from shared areas of the network. It also means users can access the same files from different computers.

Memory

Computers need memory to store data. A hard drive is an example. Memory can also come in the form of external devices plugged into a computer, such as the almost obsolete floppy disk, CD’s and USB drives.

Open Source

If a piece of software’s code is open for the use of any member of the public, it is called open source software. The code can be modified where necessary, so users are effectively taking a program created by someone else and modifying it how they please. Examples include some web development software. This can be used by different web development companies who can modify it to suit their needs.

Page Views

The number of times a webpage has been viewed is called the number of page views. It is a statistic that is regularly used by website owners to see how many times each page has been viewed. This can help them to establish visitor behaviour, and is one metric of measuring the success or failure of a webpage, and a website in general.

Screenshot

A screenshot is effectively an image taken of what is seen on a computer screen, using the computer. It is also sometimes called a screen grab.

Script

A computer script is a set of commands. These are instructions to a computer. They are used to run processes on computers and computer systems.

SEO

SEO stands for Search Engine Optimisation and refers to optimising a website for the search engines to give it the best chance possible of appearing towards the top of the search engines. On-page and off-page techniques can be used. On-page SEO are things carried out on the website itself. Off-page SEO is generating links from other websites to yours.

Social Networking

Social networking websites are sites where people can share information about themselves with others. Basically, they are online networks of people or online communities.

WAN

WAN stands for Wide Area Network, as opposed to a local area network (see above). It essentially does the same thing but over a larger distance. Whereas a LAN may be only within an office, a WAN can connect people from different towns, or even different countries.

Web Host

For a website to be viewed by others, it needs to be hosted on a server. Web hosts (or web hosting companies) lease servers to website owners, where their sites can be uploaded for the world to see.

Virus

A computer virus is a malicious script or piece of software that can infect a computer. This can cause havoc by destroying the computer. Some viruses will allow the virus’s creator to view confidential information contained on a computer.

source: http://ezinearticles.com/?Computer-and-Internet-Glossary&id=5903819

Advanced Encryption Standard (AES) is a symmetric key cipher technique used to secure and encrypt operating systems, hard drives, networking systems, files, e-mails, and other similar data. In cryptography, AES consist of three block ciphers taken from a larger collection published originally as Rijndael. Each cipher has a 128-bit block size with three different key sizes of 128, 192, and 256 bits.

The AES cipher does a number of transformation rounds repetitiously, which converts the input plain text into an output of cipher text. There are several processing steps for each round with one round that relies exclusively on the encryption key. Then, a set of reverse rounds are applied to convert the cipher text back into plain text. The AES encryption only uses one 128-bit key to encrypt and decrypt data.

In the United States (US), the National Institute of Standards and Technology (NIST) made a request for encryption algorithms for the AES standard. Joan Daemen and Vincent Rijmen worked together to create the Rijndael cipher. They submitted their cipher to the AES selection process from which Rijndael was selected.

The US government accepted the AES encryption standard and implemented it into its systems to help secure classified and non-classified information. In November 2001, AES was chosen by NIST as the Federal Information Processing Standard (FIPS), also known as FIPS197. In July 2003, the National Security Agency (NSA) stated that AES was secure enough to protect its information at the secret and top-secret levels.

AES encryption is used around the world to secure some of the most protected systems for both governmental groups and business. AES encryption is even used by individuals to protect private computers and networking systems. It is now the standard set by the US government and individuals worldwide.

One of the reasons why AES encryption works so well is that it works on multiple network layers at the same time. Although AES and Rijndael are used interchangeably, there are some differences that should be noted. While AES uses a fixed 128-bit block cipher and three key sizes of 128, 192 and 256 bits, Rijndael can be used with any size block cipher and key in multiples of 32-bits. Rijndael ranges from 128-bit to 256 bits for its key and block cipher sizes.

While AES encryption is not unbreakable, it is generally considered highly secure. Until 2009, it was believed that only a side-channel attack could get through an AES-protected system. In 2009, related key attacks and known-key distinguishing attacks were reported. Some of the attacks on AES systems are difficult to complete; for example, attacks typically require a user to be on the same system as the AES encryption software to break the cipher.

source: http://www.wisegeek.com/what-is-aes-encryption.htm

A passphrase is a series of letters, characters, or words that can be combined like a password. They are used for many computer programs, to gain access to systems, data, or messages. It is similar to shorter passwords in use, but a passphrase can be as long as 100 characters and offer extra protection when needed. They can be used as a digital signature or to encrypt messages, and are often employed by important systems vulnerable to outside hackers.

Whereas a password is generally 4-16 characters, a passphrase is typically at least 20-40. The common passphrase should be known only to the user, should be long enough to remain difficult, hard to guess, easy to remember, and easy to type quickly and accurately. The passphrase should not be a common phrase or one from literature or culture. It should not be something with obvious meaning to the user or something that can be easily identified, even by people who know the user.

Different passphrases, just like different passwords, possess varying passphrase strengths. This is determined by the length of the phrase, the randomness of the phrase, and its use of characters available in the common lexicon. A phrase such as “IAmTheKingOfTheWorld” would not be good because it is not particularly original or uncommon. Replace the vowels with numbers, or a word with an anagram or a nonsensical string of words, and the phrase becomes more difficult. “I4m7heK1ng0fTheW0r1d,” for example, would be much more difficult.

A passphrase can be easy or difficult to remember, and can be written down. Certain passphrase are made of random groupings of numbers and letters, though a sense of structure makes them easier to remember. One method of formulating a passphrase is called Diceware. This tool is comprised of a list of 7776 short English words, and is determined by rolling dice. With a certain number of corresponding letters for each number on the die, different combinations of letters make different words. These different words can be combined into a phrase with more than 2,000,000,000,000,000,000 possibilities.

The modern idea of the passphrase was invented by Sigmund N. Porter in 1982 as a means of extra protection as computer systems began to enter mainstream culture. Pretty Good Privacy, a popular passphrase method, revolutionized the practice in 1991. Created by Phil Zimmerman in the United States, it was used to encrypt e-mails, and features a public and a private passphrase encryption key. A private key is used to open and send messages personally, and the public key of someone else is used to receive or send messages to them.

source: http://www.wisegeek.com/what-is-a-passphrase.htm

If you’re like most IT professionals, your work life is an ongoing balancing act in which you aim to adopt the latest technological innovations while keeping your enterprise secure. So you welcome any software that makes the whole process easier. Fortunately, security features in IIS, ISA Server, and secure sockets layer (SSL) can all be applied to your Web transactions to improve your Web security. In this article, I’ll show you how to take advantages of these technologies painlessly.

Define Your Needs
Whether you’re a home user or architecting a solution for a large enterprise, the first step towards security nirvana is a survey of your landscape. You need to take a look at what information assets you have that must be protected, how information flows into and out of your infrastructure, and how customers can be sure that they are really dealing with your actual Web site and not that of an impostor. In addition, you must find a way to make sure that the customers’ Personally Identifiable Information (PII) remains confidential as mandated by legal regulations such as Sarbanes-Oxley (SOX) and European Privacy legislation. But all legalities aside, the fact is that poor security practices put your company’s reputation at risk. Let’s take a look at some strategies you can employ to beef up your security.

The SSL Solution
The majority of transactional Web sites implement server-side SSL, whereby the server authenticates itself to the browser (client), although SSL can also authenticate the client if a prior relationship has been established.

To employ SSL Authentication, each entity to be authenticated must obtain a certificate (and associated private key) whose issuer is trusted by the system. You can get IIS ready to use certificates by following the steps outlined in the “Enabling Certificates in IIS” sidebar. After you have completed that process, you need to obtain your certificate from a trusted certificate authority (CA) such as VeriSign, Valicert, or others.

Once you have the certificate, you must activate it in the IIS Manager console by going into the Website Properties and selecting the Directory Security tab. Select Server Certificate, click the Next button, and in the resulting dialog click Next again. The default action will be to process the pending request and install the certificate. Enter the name of the file you received from the CA and click Next to complete the wizard.

Be aware, though, that it can be dangerous to allow even inbound SSL traffic to pass directly to your Web servers. Attackers are now starting to use SSL to encrypt their attack traffic, and uninspected SSL traffic can present a threat. How, then, do you inspect this traffic while simultaneously maintaining wire privacy? Through the use of an application-layer firewall.

ISA Server Basics
HTTPS (the “S” indicates secure through the use of SSL) provides the means to authenticate the Web server to the client and encrypt the traffic in transit. Unfortunately, HTTPS is not a silver bullet, so an application layer firewall such as Microsoft® Internet Security and Acceleration Server (ISA) 2004 should be considered to address the remaining requirements. ISA provides a wide range of firewall, Virtual Private Networking (VPN), and cache capabilities. ISA can be purchased in the form of software to be installed on Windows Server™ 2003 (and Windows® 2000 Server) or in the form of a dedicated hardware appliance. Full details of ISA Server are located at ISA Server.

The following actions taken by ISA provide the means to secure the Web server above and beyond HTTPS. ISA inspects the content to ensure it is RFC-compliant HTTP as opposed to malicious traffic. Contrast the behavior of ISA to most firewalls which simply operate on the premise that incoming traffic bound for port 80 (in the case of HTTP) and port 443 (for HTTPS) must be valid.
ISA decrypts incoming SSL traffic, inspects the content, and in the recommended configuration, reestablishes an encrypted communication link (via SSL) between the ISA Server and the actual Web server. The ISA term for this is SSL-bridging.

ISA reverses incoming proxy traffic by accepting incoming page requests and serving the pages on behalf of the internal Web server. Incidentally, ISA can also act as a forward proxy, sending page requests from internal machines to those on the external network. In both proxy scenarios ISA can improve network performance by caching popular content and then serving it from a local store.

ISA also authenticates incoming traffic and forwards the credentials together with the traffic to the Web server, which ensures that only valid users are able to communicate with the Web server. The ISA term for this is preauthentication and the result is a single authentication for the user.

Finally, ISA also performs Fully Qualified Domain Name (FQDN) validation. Incoming requests are assessed to make sure that requests for specific IP addresses are rejected. Many Internet worms are blocked by this feature as such automated tools tend to use ranges of IP addresses as opposed to resolved domain names.

An additional feature of ISA is known as Link Translation. ISA translates the addresses used in page requests to alternatives based on a find-and-replace approach. Link Translation is handy in many situations, including those in which you have an existing Web site that you want to upgrade to use HTTPS. When URLs are hardcoded in a third-party application, you can use Link Translation to translate HTTP requests to HTTPS requests.

Application Layer Firewalling
Traditional firewalls inspect packet headers and ignore the payload (data) contained within each packet. An application layer firewall inspects the entire packet and thus is able to detect attacks contained deep within the packet. This is absolutely necessary these days, as the majority of modern attacks occur at the application layer.

The text in Figure 1 was taken from a network trace via Microsoft Network Monitor, which is an optional component of Windows Server 2003. Note that I show only a portion of the trace in Figure 1. I have used RFC1918 (private) addresses as the example was taken from a test system.

Figure 1 Network Trace
ETHERNET
ETHERNET: Destination address = 0003FF4249BC
ETHERNET: Source address = 0003FF7C49BC
ETHERNET: Ethernet Type : 0×0800 (Internet IP (IPv4))
IP
IP:Protocol = TCP
IP:Checksum = 44571 (0xAE1B)
IP:Source Address = 172.16.101.101
IP:Destination Address = 172.16.101.10
TCP
TCP: Source Port = 0x05DB
TCP: Destination Port = World Wide Web HTTP
TCP: Checksum = 0x167B
HTTP: GET Request from client
HTTP: Request Method = GET
HTTP: Uniform Resource Identifier =/
HTTP: Protocol Version =HTTP/1.1
HTTP: Host=172.16.101.10

The packet in question was produced by a Web browser issuing an HTTP Get Request when connecting to the Web server via HTTPS. The packet flow resulting from the equivalent HTTPS connection request would be more complex due to the server authentication and data encryption.

Figure 1 shows the layered nature of the packet. In particular it is worth noting that the items are listed in the opposite order to the Open System Interconnection (OSI) stack and therefore the application layer is presented last. The Ethernet component refers to hardware-specific media access control (MAC) addresses. The IP layer refers to IP addresses. The TCP layer deals with ports—the tool has port 80 set to be World Wide Web HTTP. All of the information can be spoofed by the sender (even when HTTPS is being used)—the checksum entries in the IP layer and TCP layer do not mitigate this threat as the entries are not cryptographically signed. The HTTP component is the application layer. Another way of looking at the illustration is that HTTP is being carried over TCP, which itself is being carried over IP (hence TCP/IP) which is using Ethernet.

The Web Publishing feature of ISA allows ISA to respond to Web requests on behalf of the Web server. ISA inspects the traffic to ensure that it contains only valid HTTP methods (such as GET) and appropriate syntax. Valid requests are forwarded to the internal Web server that is located behind the ISA Server computer.

ISA provides the facility to block specific methods as defined by the administrator. Say, for example, that your Web server contains purely read-only pages—you could configure ISA to block the “POST” method and hence protect against malicious changes to the configuration of the Web server or source HTML.

Decrypting Incoming HTTPS Traffic
So how does ISA decrypt incoming HTTPS traffic? ISA is placed between the external (untrusted) network and the Web server. To keep the description simple I have assumed one ISA Server and one IIS Web server. Production environments typically operate additional servers to provide fault tolerance and increased performance.

The ability to inspect incoming SSL traffic is one of the most important security features of ISA Server. The incoming HTTP traffic is encrypted via SSL, so you must configure ISA to be the SSL termination point. This is achieved by exporting the server certificate and associated private key from the Web server and importing it onto the ISA Server computer. Once the certificate (and private key) is available to ISA, you can configure the Web publishing rule to use it to impersonate the Web server and hence decrypt the content.

Let’s recap where we are. The client browser has established an SSL connection to ISA Server in the belief that it is actually the Web server. ISA will inspect the traffic and, assuming it is valid, will communicate with the Web server on behalf of the client. Some people would argue that this approach invalidates the protection of SSL as the client is not aware that the traffic is being inspected. In order to safeguard the security of the traffic I recommend configuring ISA to use an SSL connection between itself and the target Web server (using SSL-bridging) as well.

As you may have guessed, the Web server will require a server certificate and an associated private key so that ISA can establish an SSL connection to it. The least complicated way to accomplish this is to use the same certificate (and private key) on both ISA and the Web server though you should make sure that this does not breach the terms of the issuing certification authority. An alternative approach would be to either request an additional server certificate from a third-party CA or request one from your own CA if you have one. The certificate only has to be trusted by the ISA Server so you may consider installing a CA purely to issue the Web server certificate and therefore avoid the cost of having to purchase an additional third-party certificate.

Preauthentication
Native Web server authentication can be dangerous as all users are able to perform an initial unauthenticated connection for the purpose of providing their credentials. The initial connection can provide the opportunity for a malicious user to attack the Web server itself.

Preauthentication (also known as delegated authentication) is, as I mentioned earlier, the mechanism by which ISA authenticates the user on behalf of the Web server. In this scheme, the user is only prompted to authenticate once. And because only authenticated users are able to communicate with the Web server, anonymous hacking attacks (including denial of service) do not reach the Web server.
ISA supports delegation for both Basic authentication and forms-based authentication. With both forms of authentication, you should use SSL to encrypt the traffic because by default data will be transmitted in clear text.

Microsoft Windows Server 2003 (and Windows 2000 Server) includes the optional installation of a RADIUS server, also referred to as the Internet Authentication Server (IAS). The use of RADIUS allows for integrated authentication with an existing directory structure, such as Active Directory®. Microsoft IAS complies with the RADIUS standard protocol definition described in RFC 2865.
The delegated Basic Authentication process takes place as follows:

1. The client browser issues an HTTP Get request for the required URL
2. The ISA Server computer receives the request
3. ISA responds with a 401 error (indicating unauthorized access)
4. The browser resends the request together with the credentials of the user.

ISA validates the credentials either by sending an access-request to a RADIUS server or by attempting a WinLogon to Active Directory. The benefit of using RADIUS is that the ISA Server does not need to be a member of the domain and therefore there is greater separation between internal and perimeter servers. If RADIUS is used then the RADIUS server authenticates the credentials against Active Directory. If the credentials are valid then the RADIUS server sends an access-accept message along with a RADIUS attribute containing the security groups of the user, back to the ISA Server.

If the authentication request fails then the ISA Server will decline the access request. If the credentials are valid then both the HTTP Get request and user credentials will be forwarded to the Web server. The Web server will use the credentials to perform a WinLogon as it is not aware that ISA has already authenticated the user.

As you can see, the combination of IIS, SSL, and ISA Server offer several options for helping to secure your Web site and keep prying eyes away from your customers’ personal data. By following these and other security best practices, you will help to ensure that your customers feel safe using your Web applications and help protect your most important assets—your company’s reputation and bottom line.

Enabling Certificates in IIS

1. To get IIS ready for a certificate, log into the Web Server computer with Administrative privelages.
2. Run the IIS Manager from Start | All Programs | Administrative Tools | IIS Manager.
3. Select the Web site (, Web Sites, default Web site).
4. Click the right mouse button, then choose Properties from the menu. You’ll get the dialog shown in Figure A.
5. In the Properties dialog, select the Directory Security tab, then select the Server Certificate button on the resulting dialog (see Figure B).
6. The Web server certificate wizard shown in Figure C will guide you through the process of administering the certificate.
7. Click on the Next button and the Server Certificate panel will be displayed.
8. If you don’t already have a Web Server certificate, then the Create a new certificate option will be selected by default.
9. Click on the Next button and the Delayed or Immediate Request panel will be displayed, as you can see in Figure D.
10. If you have your own CA, select Send the request immediately to an online certification authority, otherwise select the Prepare the request now, but send it later option (See Figure D).
11. Click the Next button and the Name and Security Settings panel will be displayed.
12. Enter a descriptive name for the Web site, as Figure E illustrates.
13. Click on the Next button—the Organization Information panel will be displayed.
14. Enter the appropriate Organization and Organizational unit details (see Figure F).
15. Click the Next button and the Your Site’s Common Name panel will be displayed, as shown in Figure G.
16. Enter the fully qualified name of your server. It’s important to enter the correct details for this field otherwise the browser user will receive an error stating that the certificate doesn’t match the URL of the Web site.
17. Click the Next button and the Geographical Information panel will be displayed. Enter the appropriate Country, State and City details, as I did in Figure H.
18. Enter the appropriate Country, State, and City details, as I did in Figure H.
19. Click the Next button, then enter a file name in the Certificate Request File Name panel.
20. Click Next and the Request File Summary button will be displayed.
21. Now, click Next again—the Completing the Web Server Certificate Wizard panel will be displayed.
22. Click Finish.

Figure A

Figure B

Figure C

Figure D

Figure E

Figure F

Figure G

Figure H

source:
http://technet.microsoft.com/en-us/magazine/2005.11.improvesecurity.aspx

Everyone has a different system for keeping their home networks secure. And by “secure” I mean “safe from cheapskate neighbors looking to poach some free Internet.”

Some users rely on their router’s WPA encryption capabilities, while others employ MAC address filtering. Some do both. I’m not wild about either approach, as they involve a lot of hoop-jumping when I need to add new PCs and devices to the network.

Instead, I’m a fan of invisibility. I’ve taken the simple step of turning off my router’s SSID broadcasting, effectively making my network invisible to the neighbors. Hey, they can’t steal what they don’t know is there, right?

If you’ve ever detected an unfamiliar network in your own home or, say, the local coffee shop, you know what I mean. Stray Wi-Fi router signals are bouncing all over the place. But a PC can see these networks only because of SSID broadcasting. Turn it off, and it’s like the router isn’t even there.

Of course, it’s there for your PCs and Internet-connected devices. So how do you connect them to an invisible network? Just enter the network name manually. In Vista, for example, head to the Network and Sharing Center, click Set up a connection or network, and then choose Manually connect to a wireless network. Enter your network’s name (as designated in the router) and you’re good to go. You should also check Start this connection automatically so you don’t have to repeat this process, and Connect even if the network is not broadcasting to overcome Vista’s natural resistance to invisible networks.

If you don’t know how to turn off your router’s SSID broadcasting, check the manual. In my D-Link router, the setting is actually called Visibility Status; your mileage may vary.

This is by no means a bulletproof security solution. I’m sure many users will call me foolish, reckless, and other choice words. But because I have suburbia-oriented security needs, I don’t feel the need for encryption, filtering, and other heavy-handed measures.

source: http://www.pcworld.com/article/158356/stop_internet_poachers_from_stealing_your_wifi.html

It wasn’t too long ago that computers were a luxury rather than a necessity. Only the lucky and the wealthy had even one in their home and a network was something reserved for large corporations.

Fast forward a decade or so and everyone has to have their own computer. There is one for the parents (sometimes two if the parents can’t share nice) and one or more for the kids to use for homework and games. Home users have gone from no Internet access to 9600 kbps dial-up Internet access beyond 56 kbps dial-up access and are moving on to broadband connections to rival or match the T1 connections they relish at work.

As the Internet and the World Wide Web have exploded into our culture and are replacing other media forms for people to find news, weather, sports, recipes, yellow pages and a million other things, the new struggle is not only for time on the computer at home, but for time on the Internet connection.

The hardware and software vendors have come forth with a variety of solutions allowing home users to share one Internet connection among two or more computers. They all have one thing in common though- the computers must somehow be networked.

To connect your computers together has traditionally involved having some physical medium running between them. It could be phone wire, coaxial cable or the ubiquitous CAT5 cable. Recently hardware has been introduced that even lets home users network computers through the electrical wiring. But, one of the easiest and least messy ways to network computers throughout your home is to use wireless technology.

It is a fairly simple setup. The Internet connection comes in from your provider and is connected to a wireless access point or router which broadcasts the signal. You connect wireless antenna network cards to your computers to receive that signal and talk back to the wireless access point and you are in business.

The problem with having the signal broadcast though is that it is difficult to contain where that signal may travel. If it can get from upstairs to your office in the basement then it can also go that same 100 feet to your neighbors living room. Or, a hacker searching for insecure wireless connections can get into your systems from a car parked on the street.

That doesn’t mean you shouldn’t use wireless networking. You just have to be smart about it and take some basic precautions to make it more difficult for curiosity seekers to get into your personal information. The next section contains some simple steps you can take to secure your wireless network.

1. Change the System ID: Devices come with a default system ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). It is easy for a hacker to find out what the default identifier is for each manufacturer of wireless equipment so you need to change this to something else. Use something unique- not your name or something easily guessed.

2. Disable Identifier Broadcasting: Announcing that you have a wireless connection to the world is an invitation for hackers. You already know you have one so you don’t need to broadcast it. Check the manual for your hardware and figure out how to disable broadcasting.

3. Enable Encryption: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) encrypt your data so that only the intended recipient is supposed to be able to read it. WEP has many holes and is easily cracked. 128-bit keys impact performance slightly without a significant increase in security so 40-bit (or 64-bit on some equipment) encryption is just as well. As with all security measures there are ways around it, but by using encryption you will keep the casual hackers out of your systems. If possible, you should use WPA encryption (most older equipment can be upgraded to be WPA compatible). WPA fixes the security flaws in WEP but it is still subject to DOS (denial-of-service) attacks.

4. Restrict Unnecessary Traffic: Many wired and wireless routers have built-in firewalls. They are not the most technically advanced firewalls, but they help create one more line of defense. Read the manual for your hardware and learn how to configure your router to only allow incoming or outgoing traffic that you have approved.

5. Change the Default Administrator Password: This is just good practice for ALL hardware and software. The default passwords are easily obtained and because so many people don’t bother to take the simple step of changing them they are usually what hackers try first. Make sure you change the default password on your wireless router / access point to something that is not easily guessed like your last name.

6. Patch and Protect Your PC’s: As a last line of defense you should have personal firewall software such as Zone Alarm Pro and anti-virus software installed on your computer. As important as installing the anti-virus software, you must keep it up to date. New viruses are discovered daily and anti-virus software vendors generally release updates at least once a week. You also must keep up to date with patches for known security vulnerabilities. For Microsoft operating systems you can use Windows Update to try and help keep you current with patches.

source: http://netsecurity.about.com/od/hackertools/a/aa072004b.htm

“I have a wireless network at home, which lets me get an internet connection on my laptop all over the house. But I’m concerned that neighbors or people driving by can hack into my computer. A friend said that hiding my SSID will solve the problem. What’s a wireless SSID, how do I hide it, and will it help?”

Does Hiding the SSID Make Wireless Secure?

wireless router – disable SSID If you have high-speed internet service, chances are you have a wireless router. If that’s true, you may be sharing your internet connection (and possibly your hard drive) with strangers. Your friend who mentioned hiding the SSID meant well, but that’s not the best solution to securing your wireless network.

Let’s take a step back… If your internet router/modem has an antenna, you’ve got a wireless network. Wireless routers send out a beacon called the SSID (or Service Set IDentifier) so wireless devices (such as a laptop) can identify and connect to the wireless network. The purpose of the SSID is to broadcast the availability of the wireless network and invite devices within range of the signal to connect.

If a device doesn’t know the wireless network’s SSID, it cannot connect. So that’s why some people recommend that you change the settings on your router to keep it from broadcasting the SSID. This allows only the people who already know the SSID to connect to the wireless network.
It’s true that hiding or turning off the SSID beacon will effectively hide your wireless network… but only from casual users. Determined hackers with the right software can still detect the SSID of a wireless network, and gain access. It’s also possible that hiding your SSID will result in slower network performance, or at least increase the initial connect time.

disable SSID If you understand that hiding the SSID gives only minimal protection from intruders, and you still want to do so, you can change this setting by logging into your router from a web browser. In most cases, you’ll need to connect to http://192.168.0.1 then enter the router’s login and password. If the person who installed the router didn’t change the factory settings, there’s a good chance the login is admin and the password is password.

Refer to the owner’s manual for your wireless router (or ask your internet service provider) for details on how to login to the router and change the SSID or other security settings.

Secure Wireless Networking

Given that hiding the SSID doesn’t do a whole lot to secure a wireless network, here are some steps you can take that WILL help. For each of the steps that follow, I’m assuming you have logged into your router…

* STEP 1: Change the router’s login and password from the default. If your wireless router still has the factory default login and password, then ANYONE could connect to the router, change the settings and lock YOU out!

* STEP 2: Change the SSID from the default setting to something meaningful. Most routers are configured with an SSID name of default. It won’t do much good to turn off the SSID beacon if the SSID can be so easily guessed. Set the SSID to something unique and memorable like FLUFFY2 or FIDO7.

* STEP 3: Turn on encryption. This is the most important step by far. If you turn on WEP or WPA encryption, the router will not give access to wireless devices unless they provide the password you specify. This will also encrypt all communication between your wireless computer and the router. If your router supports WPA (or WPA/PSK) use that instead of WEP, which is an older technology.

source: http://askbobrankin.com/hide_your_ssid.html