Just got a new laptop with WiFi. I've heard that it can distro nasty viuses quickly.

What recommendations for virus protection are required/recommended beyond normal Norton Anti-Virus?

Firewall?

Something else?

A firewall would definitely be good. Zonelabs free firewall, ZoneAlarm, is very highly rated and pretty easy to manage. Paying for the updgrade to Pro is even better. However, if you're using wireless in a public place, you almost have to assume that your security is compromised. It doesn't take an enormously competent hacker to "sniff" the traffic and intercept anything you send/receive. It takes a bit more skill to actually get past your firewall into your machine, but it's definitely possible. (these are true of a "plugged in" home computer, too, by the way). I would recommend always keeping the wireless capability turned completely off when you're not using it -- and if you're making purchases online over wireless at the airport or something, keep a good eye on your credit card statement :rolleyes:

I actually tend to be less careful than I should be and haven't noticed any problems yet. However, I'm probably a less desirable "target" than an SF officer.

PC or Apple?


Travis

WM,
http://www.lavasoftusa.com/software/adaware/

is a program you should have and use periodically, it will pick up a lot of the less-malicious spyware/sniffers you will download from the net. Just run it once every two weeks and you're GTG. I still use the free version and get great coverage.

Norton Antivirus 06 is the most important defence your computer has, so as long as that subscription is paid and you have it updating and scanning the computer bi-weekly, you should be fine (knock on wood).

JMO,

Solid

You will also want to turn off Windows file and printer sharing if you are using nets where there may be untrustworthy people. This you do in the control panel under network connections and the properties for your wireless.

I second the firewall proposition.

M

PC or Apple?


Travis


PC. Thanks for the tips guys.

Was hoping Dan and FS would chime in as well...

WEP or WPA/WPA2 encrypted access also.

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

And you might run Ewido to check for malware, free download and trial.

http://www.ewido.net/en/

Wireless security is a topic I have alot of experience with. Let me take this opportunity to get you some of the basics so you can understand what your dealing with.

Wireless -WiFi-(802.11 A/B/G) operates in teh 2.4 GHz spectrum, the same as many older cordless phones. It uses this spectrum because it is an unliscensed spectrum, set aside for consumer use.

The real danger of wifi comes not from Viruses, but from Data or network exploitation. If you leave your network unsecured, anyone within a few hundred feet can hop on your network, and email the whitehouse a nice little bomb threat...and guess who's IP address will show up? Yours! You will have a visit from the FBI if this happens.

In your case, lets think of it as simply a replacement for the Ethernet (cat-5) cable that you would normally use. In order to use it, you need a Wireless Access Point (WAP) or a Wireless router. This is your bridge between your computer and your modem. If you dont plan on using it, the best thing to do is disable the radio on the laptop. Look for something like "Broadcom Chipset" in your windows start menu, under programs. theres also a keyboard short cut, hold down the FN key and press the button with the picture of an antenna on it (looks like a 3 pronged Y with a bar over it).

If you'd like to use it, I reccomend using it with a Linksys product, specifically the linksys WRT54G router. Its a personal preference only, I've had great luck with the Linksys Products.

Your first step when you get the router is once its plugged in an running, and WiFi is turned on on your laptop, from either the laptop or a Desktop that is Hardwired into the router, open a webbrowser and tye 192.168.1.1 into the address bar. This should get you to a password prompt. On the Linksys gear, Username and password are both admin . Then using the tabs on top, go to wireless security, change the SSID from linksys to whatever you like. Everyone with a wireless connection will see what you name it. You can Disable SSID broadcast, but I've run into connection issues doing that. Be sure to click the save button at the bottom. Next you want to change the channel it uses, you'll have a few choices, pick anything but the default one. save again. Next Enable WPA encryption...not WEP! Google "wep cracking" and you can get a piece of software that will break 128 bit wep in few hours.WPA is significantly harder to crack....for now. Follow the instructions in your documentation that came with the router and you will be up and running with relatively few problems.

One of the nice things about the Linksys router is that it has a built in, hardware firewall, its a very handy thing to have! Use this in connection with your favorite Antivirus ( I like AVG ForFree) and you will be Safer than 90% of the people who already use wireless.

I hope this helps you out, its the least I can do for providing me with the Get Selected book. Please feel free to ask me any other questions you have

Great resources (FAQs) for Wireless setup and security from TomsHardware.com (one of the best tech review sites around)

Wireless Setup and Config (http://www.tomsnetworking.com/2006/06/26/wireless_faq_setup_and_configuration/)

Wireless Security (http://www.tomsnetworking.com/2006/06/30/wireless_faq_security/)

And here's one on "sniffing" wireless network traffic that I mentioned above:
Sniffing the Air (http://www.tomsnetworking.com/2005/09/28/how_to_snort/)

PC. Thanks for the tips guys.

Was hoping Dan and FS would chime in as well...


Sir, Folks here have added good info thus far.

#1 Anti-Virus and Firewall for any computer...even one on dial-up

I recommend Symantec's Norton Internet Security (NIS) 2006 because it has added support for malware/adware/etc...you still may want to run something like the Lavasoft Adaware periodically as mentioned earlier.

#2 When using NIS you will be asked if you want to join the wireless network. If your at home then you should be fine with using their preset "Home" profile. If your away on most all other wireless networks, make sure you select a more restrictive profile like "Away" to limit the ports accessible.

#2a Make sure you immediately get any and all NIS updates.

#2b Make sure your OS software is updated.

#3 If you want to setup your own wireless network router you need to secure things. Here's some basic steps to do:

- To protect your privacy buy a router where all wireless transmissions can be encrypted with industrial-strength Wi-Fi Protected Access (WPA/WPA2) security...WPA2 is best. I have setup and used many different brand name of routers, but I have always gravitated back to LinkSys routers for ease of use and quality product. You want 802.11G (this is backwards compatible with 802.11 A and B. The speed booster stuff isn't worth the money they want for it, especially if your a road warrior.
- When you get the router make sure it is flashed with the latest firmware. Login to the router with your browser using a Cat5 cable instead of wireless and check the firmware version # with the router maker's web site (i.e. www.linksys.com look for "support" then "Downloads" then select the exact model to compare. Make sure you have the exact model before flashing the router).
- Once you have the router flashed or if not required then first reset the router login username/password so your neighbor can't change your router settings on you. Relogin and then enable WAP or preferred WAP2. Don't use a simple password phrase...the harder the better.i.e. @#23WErt which incorporates special characters, numbers, upper and lower case letters.
- Turn on router logging.

#4 Periodic checks:
- review your router logs to see what is normal and what isn't. Then watch for abnormalities.
- Subscribe to your router manufacturer's firmware update emails or periodically check your router's web site for new firmware
- Make absolutely sure your AV/Firewall software is current!!!

I could go on and on with security things. I hit the large items you need to know for Wireless and a few router tips. You need to use resources that are available for you and learn more about PC security in general. I recommend you subscribe to email alerts at http://www.us-cert.gov/cas/signup.html and for basic security tips / knowledge read this article: http://www.us-cert.gov/reading_room/home-network-security/

Hope this helps...stay alert stay alive and so will your PC! If you have specific security questions holler, Dan

Thanks for the advice. Had no idea how much was involved. Appreciate pointing me in the right direction. Will dig into the links and get back as I research.
Thanks again,
JM

Or, do what I do: use only hard wire. We can't have WiFi at work, and I won't have it at home. There are only a few locations where I want access at home -- I've run cable to those.

I hardwired every room in my house with CAT5 when I moved in, but do run a wireless router. It's a nice thing to let the wife have Internet connectivity in the back yard while she's doing schoolwork on those beautiful weather days...those nice things help me with things late in the evening ;)

Thanks for the advice. Had no idea how much was involved. Appreciate pointing me in the right direction. Will dig into the links and get back as I research.
Thanks again,
JM

Sir, Your welcome...here's on of those emails you could receive from the subscriptions I mentioned. This one is from this evenings:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-192A


Microsoft Windows, Office, and IIS Vulnerabilities

Original release date: July 11, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Information Services (IIS)
* Microsoft Office
* Microsoft Office for Mac
* Microsoft Access
* Microsoft Excel and Excel Viewer
* Microsoft FrontPage
* Microsoft InfoPath
* Microsoft OneNote
* Microsoft Outlook
* Microsoft PowerPoint
* Microsoft Project
* Microsoft Publisher
* Microsoft Visio
* Microsoft Word and Word Viewer


Overview

Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, IIS, and Office. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.


I. Description

Microsoft Security Bulletin Summary for July 2006 addresses
vulnerabilities in Microsoft products including Windows, IIS, and
Office. Further information is available in the following US-CERT
Vulnerability Notes:


VU#395588 - Microsoft Internet Information Services vulnerable to
remote code execution via specially crafted ASP file

Microsoft Internet Information Services (IIS) contains a buffer
overflow vulnerability. This may allow a remote, authenticated
attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-0026)


VU#189140 - Microsoft Server Service Mailslot vulnerable to heap
overflow

A buffer overflow vulnerability in the Microsoft mailslot server
service may allow a remote attacker to execute arbitrary code on a
vulnerable system.
(CVE-2006-1314)


VU#257164 - Microsoft DHCP Client service contains a buffer overflow

Microsoft DHCP Client service contains a buffer overflow. This
vulnerability may allow a remote attacker to execute arbitrary code on
a vulnerable system.
(CVE-2006-2372)


VU#802324 - Microsoft Excel vulnerability

An unspecified vulnerability in Microsoft Excel could allow an
attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3059)


VU#580036 - Microsoft Office fails to properly handle malformed
strings

Microsoft Office fails to properly handle specially crafted strings.
This vulnerability could allow a remote attacker to execute arbitrary
code.
(CVE-2006-1316)


VU#609868 - Microsoft Office string parsing vulnerability

Microsoft Office fails to properly parse strings. This vulnerability
could allow a remote attacker to execute arbitrary code.
(CVE-2006-1540)


VU#409316 - Microsoft Office fails to properly handle document
properties

Microsoft Office contains a buffer overflow when handling specially
crafted document properties. This vulnerability could allow a remote
attacker to execute arbitrary code.
(CVE-2006-2389)


VU#459388 - Microsoft Office fails to properly handle PNG images

Microsoft Office applications fail to properly handle PNG images. This
vulnerability may allow a remote attacker to execute arbitrary code on
a vulnerable system.
(CVE-2006-0033)


VU#668564 - Microsoft Office fails to properly handle GIF images

Microsoft Office applications fail to properly handle GIF images. This
vulnerability may allow a remote attacker to execute arbitrary code on
a vulnerable system.
(CVE-2006-0007)


In MS06-037, Microsoft has released updates for the Excel
vulnerability (VU#802324) described in Technical Cyber Security Alert
TA06-167A.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.


III. Solution

Apply a patch from your vendor

Microsoft has provided updates for these vulnerabilities in the
Security Bulletins. Updates for Microsoft Windows and Microsoft Office
XP and later are available on the Microsoft Update site. Microsoft
Office 2000 updates are available on the Microsoft Office Update site.
Apple Mac OS X users should obtain updates from the Mactopia web site.

System administrators may wish to consider using Windows Server Update
Services (WSUS).

Workaround

Please see the following Vulnerability Notes for workarounds.


Appendix A. References

* Microsoft Security Bulletin Summary for July 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>

* Technical Cyber Security Alert TA06-167A -
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

* US-CERT Vulnerability Notes for Microsoft July 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>

* US-CERT Vulnerability Note VU#395588 -
<http://www.kb.cert.org/vuls/id/395588>

* US-CERT Vulnerability Note VU#189140 -
<http://www.kb.cert.org/vuls/id/189140>

* US-CERT Vulnerability Note VU#257164 -
<http://www.kb.cert.org/vuls/id/257164>

* US-CERT Vulnerability Note VU#802324 -
<http://www.kb.cert.org/vuls/id/802324>

* US-CERT Vulnerability Note VU#580036 -
<http://www.kb.cert.org/vuls/id/580036>

* US-CERT Vulnerability Note VU#609868 -
<http://www.kb.cert.org/vuls/id/609868>

* US-CERT Vulnerability Note VU#409316 -
<http://www.kb.cert.org/vuls/id/409316>

* US-CERT Vulnerability Note VU#459388 -
<http://www.kb.cert.org/vuls/id/459388>

* US-CERT Vulnerability Note VU#668564 -
<http://www.kb.cert.org/vuls/id/668564>

* CVE-2006-0026 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>

* CVE-2006-1314 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>

* CVE-2006-2372 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>

* CVE-2006-3059 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>

* CVE-2006-1316 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>

* CVE-2006-1540 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>

* CVE-2006-2389 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>

* CVE-2006-0033 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>

* CVE-2006-0007 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>

* Microsoft Update - <https://update.microsoft.com/microsoftupdate>

* Microsoft Office Update - <http://officeupdate.microsoft.com>

* Mactopia - <http://www.microsoft.com/mac>

* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>


__________________________________________________ __________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-192A.html>
__________________________________________________ __________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-192A Feedback VU#802324" in the
subject.
__________________________________________________ __________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ __________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
__________________________________________________ __________________


Revision History

July 11, 2006: Initial release





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRLQsLn0pj593lg50AQLyjQf/blQM+kdtxI5/dQ/Njj99QuR3yBT9ERwJ
QfZgOr8yN4rUhOU1xkXq6go7E1W4kfwuKVwwobLuYXk9Cq6xP4 aVpt0/ws53wNHI
iAvJ1rURSFcVwDAXKvbiv7mmjORA36R5M37JiwR0ny76f20yZa z8LTjMbhwSLyFR
Cj7kPE0o6Fu0uUwI7ETskfcK4iF0PVoVW2mava1YG8zFuby/A+Ps7ddQvu/EcaxP
Y12QXtCP1jsB3+iJKAh7aQAh9h8aV6nuq4NZyFAHmao8iQo7qd 9BMG451xTPDxn3
PoM2y5R0bXko+E4hWudpjel/JABm+nIV3R9il1QDantUI0aCqTDS9A==
=7GPc
-----END PGP SIGNATURE-----