WiFi Security

Reply

  #1  
Old 09-21-20, 07:04 AM
4
Member
Thread Starter
Join Date: Sep 2008
Location: Richmond,Va
Posts: 49
Received 0 Votes on 0 Posts
WiFi Security

I have a neighbor who is still using dial up internet on a Win95 computer. I want to let her use my wifi network by putting my router in a window facing her house ( I've stood outside her house with my Ipad and have a good signal) and give her my ssid and password on a old laptop I no longer use.
What security measures should I make to my computer and wifi settings to make this safe. I have known this woman for 25 years but don't want her to have access to my files or anything, but let her use internet. Just in the planning stage and won't do it if unsafe. Both our computers will be running Win10 pro.
 
  #2  
Old 09-21-20, 08:45 AM
C
Member
Join Date: Oct 2018
Posts: 112
Received 6 Votes on 5 Posts
See if your router allows you to set up a guest network for her to access and you can set restrictions for it.
 
  #3  
Old 09-21-20, 08:55 AM
J
Member
Join Date: Sep 2002
Location: welland ontario
Posts: 7,717
Received 294 Votes on 253 Posts
Turn off file and printer sharing for all the drives on your PCs.
 
  #4  
Old 09-21-20, 09:37 AM
H
Member
Join Date: Nov 2012
Location: USA
Posts: 1,933
Received 136 Votes on 118 Posts
SETTING UP WIFI
1A) Use the router's "guest network" setting, make it a hidden SSID and strong password.
or
1B) Get a thrift shop "smart router" and run ethernet to it to create a "bridge" network with an entirely separate set of firewalled IP addresses, which you can administer remotely. I use a Linksys router.

SETTING UP ACCOUNTS
2A) Spend $30 and get a new SSD for the laptop. Keep the hard drive with all of your programs, accounts and passwords as a backup. Do a clean Win10 install on the new drive.
2B) Set up both your computer and the laptop with separate admin accounts with strong passwords, and separate user accounts, also with strong passwords. Consider using the laptop camera's face recognition for her login.

SETTING UP OPERATING SYSTEMS
3) Use Macrium Reflect or an equivalent to make a total disk backup of the laptop with your information, of her Win95 computer with HER information (email passwords - which should run as a virtual machine on the laptop to keep the same "experience"). After an older co-worker had her computer sys-keyed after a scam, I was able to recover and restore everything, EXCEPT the email accounts- because they didn't remember passwords. By making a VM of the Win95 setup, you SHOULD be able to make porting over much easier.)
4) I might even go with a dual-boot setup with Win95 and Win10 on the loaned laptop.
 
  #5  
Old 09-21-20, 11:25 AM
Z
Forum Topic Moderator
Join Date: Sep 2005
Location: USA
Posts: 5,544
Received 153 Votes on 136 Posts
I agree with Crashandburn, once another user is on your network, securing it becomes much more difficult. If you post your router make/model, the folks here can help you set up a guest network - basically a separate wifi network that doesn't allow any access to your network devices. This is by far the safest and easiest process.

If you can't do that, you'll have to potentially better secure your Win 10 computer. That includes applying a decent password and ensuring your file and print sharing services are disabled.
 
  #6  
Old 09-23-20, 06:49 AM
4
Member
Thread Starter
Join Date: Sep 2008
Location: Richmond,Va
Posts: 49
Received 0 Votes on 0 Posts
Thanks for the suggestions. I'll let you know what I come up with, it might take a few days.
 
  #7  
Old 09-27-20, 12:47 PM
4
Member
Thread Starter
Join Date: Sep 2008
Location: Richmond,Va
Posts: 49
Received 0 Votes on 0 Posts
update

I found a Linksys EA7500 on FB marketplace for $20. I have set it up with Linksys smart wifi program and have changed the SSID and passwords to get in. Using a LAN to WAN setup I have the ethernet cable from my Fios router plugged into the internet port on the back of the new unit, Since I get to the Fios router with a 192.168------- and the new router with 10.130-------- will this setup keep anyone connected to the Linksys network seperate from my home network? This is a little above my knowledge and just want an opinion from others. Thanks, Mark My next goal is to wipe the files off my wifes old laptop and get it setup for my neighbor without overwhelming her with all the changes to Windows. Kind of that way for me.
 
  #8  
Old 09-27-20, 02:38 PM
H
Member
Join Date: Nov 2012
Location: USA
Posts: 1,933
Received 136 Votes on 118 Posts
What size and type of drive does the laptop take? With 120 GB SSD SATA drives at $25, I'd get a new SSD, clone and swap, then do a refresh, then put the old laptop drive in a desktop.

To clone, you'll want to create an Admin use profile and link it to a Microsoft Account and then "register" the laptop as authorized for Win10.
Then use Macrium Reflect or similar software to clone the existing laptop drive to the SSD drive.
Swap the old Laptop drive for the SSD, and reboot. By logging in as Admin with a MS account, you should automatically reauthorize Win10 on the new SSD.
You'll have a faster running exact copy of your Laptop OS. Next, refresh the Win10 installation on the Laptop & SSD. Choose "remove personal information.

You will now have a valid Win10 running on the laptop. You might want to clone the HD on HER Win95 computer, which you can run as a Virtual Machine.
 

Last edited by Hal_S; 09-27-20 at 03:02 PM.
  #9  
Old 09-30-20, 03:13 PM
Z
Member
Join Date: Jan 2008
Location: Southeastern Pennsylvania
Posts: 3,258
Received 33 Votes on 32 Posts
Hi 4135V Ė

See who has too much time on their hands Ė lol. I try to keep the elderly brain from losing more neurons than it already has. Anyway, you asked about security. I found this diagram, which, if I understand, would represent your setup, and I added some words below and a few marks on the diagram which I think may address the problem. The IPs donít match your IPs but it doesnít matter to get the points across. Bottom line - I donít think that setup is what you want. That could be wrong. Here is how Iím pretty sure it works:

(1) When Router 2 comes online it will send out a DHCP request on its WAN port asking for an IP it can use for the WAN Ė and this request is intercepted and handled by Router 1 because Router 1 is set as ďDHCP EnabledĒ.

(2) Router 1 treats Router 2 like any other device (PC, Laptop, etc.) that requests an IP via DHCP, and so gives Router 2 an IP it can use - in this case 10.0.0.2 .

(3) So now from the Router 1 viewpoint, Router 2 looks just like any other device on the 10.0.0 network (there are 6 devices in the 10.0.0 network in the diagram - including Router 2).

(4) When Computer F (say your neighbors laptop) comes online, it performs the standard procedure to send out a DHCP request asking for an IP it can use. In this case Router 2 is also set as ďDHCP EnabledĒ, so Router 2 intercepts the Computer F DHCP request and gives Computer F an IP it can use. Router 2 is set to give out IPís in the 198.168.2.0-xx range, and so it happens to give Computer F the IP 192.168.2.10 in this case.

(5) The Routers are set to do NAT (Network Address Translation) which means the devices behind the routers are not visible to the outside world. The router basically replaces the real sender IP with its own IP so to the outside world everything behind the router looks like it is coming from that router itself.

So for example, if Computer F wants to send to send to some IP on the internet, say for example 104.24.190.25, the packet passes through Router 2:

(a) Router 2 replaces the sender address 192.168.2.10 (which is Computer F) with its own WAN address, 10.0.0.2 in this case Ė and records that is was really 192.168.2.10 (Computer F) who wanted to talk to IP 104.24.190.25. Router 2 then passes the packet up to Router 1 who in turn passes the packet out to the internet.

(b) Now later when IP 104.24.190.25 on the internet answers back with a return packet to 10.0.0.2 Ė Router 2, who is 10.0.0.2, does a table lookup and sees that it was really 192.168.2.10 (Computer F) who sent the packet to 104.24.190.25, and so Router 2 sends that return packet from 104.24.190.25 back to 192.168.2.10 (i.e. , back to Computer F).

So nobody in the outside world knows there is a Computer F. Even Router 1 doesnít know that there is a Computer F.

If you run through this same kind of scenario, but only this time where Computer F wants to talk to a device connected to Router 1 instead of the internet, it all works the same way, except Router 1 doesnít send the packet out on the internet, it just sends the packet out to another device connected to Router 1 - and thus it turns out Computer F can communicate with any device connected to the internet or any device connected to Router 1 (or to Router 2 obviously).

ButÖ it canít work in the other direction. If a device on Router 1 tries to send to Computer F, that is, it tries to send to 192.168.2.10, Router 1 has no idea that device is behind Router 2. It has no record whatsoever of the address 192.168.2.10. So the communication canít work.

So in other words, Computer F is actually the secure PC in this configuration. But I donít think thatís what you wanted. If you are connecting your neighbors laptop via Router 2 (the Linksys router) I think things would work the way described above with your neighbors laptop acting as Computer F in the scenarios, and I doní think thatís what you wanted. Iím pretty sure thatís correct. Hopefully others will chime in if thatís wrong.

 
  #10  
Old 10-04-20, 07:19 PM
4
Member
Thread Starter
Join Date: Sep 2008
Location: Richmond,Va
Posts: 49
Received 0 Votes on 0 Posts
Yes, the diagram helped a lot.
If you are correct my neighbor would be computer H. So she could possibly be able to connect to any hardwired things I plugged into that router #2 and any Wifi ( Ipad, iphone, laptop, etc.) connected to it.
I haven't given her the laptop yet so I'll try to see what I can do.
She has some kind of computer degree, just poor (income disadvantaged) not stupid. So you can see why I asked about security.
I saw something about "cascading and bridging" in the Linksys site and will look into that with giving her the Guest password. I only want to give her access to the internet, nothing else.
 
  #11  
Old 10-05-20, 12:22 PM
Z
Member
Join Date: Jan 2008
Location: Southeastern Pennsylvania
Posts: 3,258
Received 33 Votes on 32 Posts
Hi 4135V -

Iím not an expert on this stuff; Iíve been retired and so out of the field for decades. But as others mentioned the Guest Network is designed for your purpose. I think I see what you were thinking: you would put the Linksys Router near the window instead of putting the Fios Router on the windowsill Ė which was your first thought, and it seems like you could then have 2 separated networks Ė one on each router.

But I canít think of any way in the Fios router you could force internet-only access for traffic from the Linksys router. I think on the Fios router you could selectively block traffic from an internal source from accessing the internet Ė but thatís exactly the opposite of what you want.

There is such a thing as Virtual LAN (VLAN) which would allow 2 separate networks to be defined on a router and those networks could not communicate with each other, but I donít think Fios routers have that feature. Not sure though.

I think bridge node for the Linksys router would just turn it into a Wi-Fi Access Point. That turns off all of its router functions, so it doesnít do Firewall, or give out IP addresses, etc. But I donít think any of that would change the fact that traffic from devices connected to the Linksys router, would NOT be stopped - by the Fios router - from access to any devices connected to the Fios router (assuming the Fios router canít do VLAN).

Maybe as others have said, you could just set up access rules and passwords on your network computers and block unwanted access that way and use the Fios-Linksys setup. Or you could do the Guest Network thing and just donít use the Linksys router (youíre only out 20 bucks Ėlol).

Maybe someone else will see a way to do it.



 
  #12  
Old 10-05-20, 06:29 PM
4
Member
Thread Starter
Join Date: Sep 2008
Location: Richmond,Va
Posts: 49
Received 0 Votes on 0 Posts
Had a nice online chat with Linksys support and they walked me thru setting up the secondary router LAN to LAN. Even though they let me know I was 2 years out of factory support, they helped anyway. A 5 star rating for the person on the other end of the chat.
I then moved the Fios router into my window and moved the secondary to the other end of the house. Same SSID and password for the secondary so I don't drop wifi calling signals. Will use guest network with a good password for my neighbor.
Thanks for everyones help.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: