Skip navigation

Security UPDATE--Tweaking Wi-Fi APs for Better Security--September 21, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Download Free: Patch & Spyware Management in one easy-to-use GUI

The Impact of Disk Defragmentation


1. In Focus: Tweaking Wi-Fi APs for Better Security

2. Security News and Features

- Recent Security Vulnerabilities

- Update Rollup 1 for Windows 2000 SP4 Re-released

- Critical Bug in Firefox, Mozilla, and Netscape Browser

- Take a Closer Look at EFS

3. Instant Poll

4. Security Toolkit

- Security Matters Blog


5. New and Improved

- Management and Security Appliance


==== Sponsor: Shavlik ====

Download Free: Patch & Spyware Management in one easy-to-use GUI.

Is your network really secure? The first step to securing your network is to remove spyware, adware, and malware. Next, patch your systems to stop re-infestation. Introducing Shavlik NetChk Protect--Patch & Spyware Management in one easy-to-use GUI. Shavlik NetChk Protect is an automated solution designed for the enterprise that boasts accurate detection/remediation and prevents spyware installation, maximizing network security against such threats. Remediate spyware and install patches with Shavlik NetChk Protect for a complete security solution.

To download free software visit:


==== 1. In Focus: Tweaking Wi-Fi APs for Better Security ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Security has become even more important due to the spread of wireless networking. As a result, we've seen several new wireless security companies spring to life and subsequently grow by leaps and bounds. These companies make specialized solutions that consist of proprietary hardware and software that guard wireless networks against a wide range of potential intrusions.

Even if you have one or more of these specialized tools in place, you can improve your wireless security, particularly by adjusting the operation of your Access Points (APs). For example, you can manage AP transmission output power and shape the pattern and direction of signal transmission.

Although I don't know of any APs that ship from the manufacturer with built-in configuration settings that let you adjust transmission power levels, they might exist. If so, you could turn down the transmission power output level to reduce the distance that the signals will propagate. This helps limit the vicinity in which potential intruders can operate.

If your AP doesn't include such a feature, you could possibly install third-party firmware for your AP that does provide such support. Several third-party firmware solutions are available for hardware based on Broadcom chipsets, such as Cisco Systems, Linksys, Buffalo Technology, ASUS, Motorola, Siemens, U.S. Robotics, and NETGEAR APs.

Last week I downloaded a third-party firmware package, installed it to an AP, and configured it according to my needs in under 30 minutes. Like most AP firmware, the third-party solution has an intuitive interface, so I didn't need to read any detailed documentation to make it work right.

As a result of installing the third-party firmware, I was able to configure that AP to reduce transmission output from 20 milliwatts (mW) to about 3 mW, which is all that I need for that particular office space. As a result, any would-be intruders would have to be physically in the office before they could get a usable connection to that wireless network. The end result is stronger security for only a few dollars.

Using third-party firmware offers other benefits. For example, the firmware I installed supports a custom desktop client that interacts with the AP. Using that client, I can see all the AP's connections; view all broadcasting clients on the wireless network, including those not connected to that AP; measure bandwidth usage; and more.

Other benefits include the ability to run Secure Shell (SSH) server directly on the AP for remote access and administration. Doing so means that I don't have to expose a Web interface. I could also establish a PPTP VPN server, Quality of Service (QoS) and bandwidth management parameters, and virtual LANs; quickly block peer-to-peer (P2P) clients; configure IPv6; use a remote syslog server; force the use of Wi-Fi Protected Access (WPA) and WPA2 authentication; and even configure a way for guests to easily use the wireless network to surf the Internet when visiting the office. Third-party firmware also offers many other features that I don't have room to discuss here.

The bottom line is that third-party firmware is easy to install and use, doesn't require any specialized skills or knowledge for everyday use, is incredibly cheap to obtain and administer, and strengthens your overall wireless security. If you do have advanced skills, you can easily add on to third-party firmware solutions to extend the capabilities even further. For example, you could add a mini-Web server, a controlled access public hotspot interface, Voice over IP (VoIP) capabilities, Remote Authentication Dial-In User Service (RADIUS) authentication, and more.

If you're interested in more information about third-party AP firmware, please send me a quick email message (send to mark at ntshop dot net -- even an anonymous message is all right) to express your interest. Use "AP Firmware" as the subject of your email so that I can quickly locate your message in my inbox. If there's enough interest, I could write about how to decide which firmware might be best for your needs, where to find it, how to quickly and easily get it working for better security in your environment, and how to extend its functionality even further.


==== Sponsor: Diskeeper ====

The Impact of Disk Defragmentation

Nearly every IT professional has a fragmentation horror story--in which fragmentation severely degraded performance such that systems were unusable. In this free white paper, learn what impact fragmentation has on users and system activities and discover how quickly fragmentation accumulates as a result of these activities. Plus get the recommendations you need to manage the frequency of defragmentation across your infrastructure.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Update Rollup 1 for Windows 2000 SP4 Re-released

Microsoft didn't release any security bulletins this month as part of its regular release schedule. Microsoft had previously indicated that it would release one security bulletin, but the company discovered problems in the patch and decided not to release it until it meets quality control standards. However, the company did re-release Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) to address numerous problems.

Critical Bug in Firefox, Mozilla, and Netscape Browsers

Last week, Tom Ferris reported a buffer overflow vulnerability in Mozilla Firefox Web browsers. The vulnerability exists due to faulty processing of URLs and could lead to the execution of remote code. Netscape and other Mozilla browsers are also affected by the problem because they share the same code base as Firefox.

Take a Closer Look at EFS

Contrary to popular opinion, Microsoft's Encryption File System (EFS) is a reliable, easy-to-use, and secure encryption solution, and it can trump even the network administrator's rights. EFS is great for protecting confidential files on the network and on often-stolen laptop computers. In this article, Roger Grimes discusses the basics of EFS, talks about its purpose and functionality, and discusses basic administrative tasks and pitfalls.


==== Resources and Events ====

Cut Your Windows XP Migration Time by 60% or More!

If your organization is considering--or has already begun migrating your operating system to Windows XP, then this Web seminar is for you. Sign up for this free event and you'll learn how to efficiently migrate your applications into the Windows Installer (MSI) format, to prepare them for error-free deployment, what steps you need to follow to package your applications quickly and correctly, and more!

Discover SQL Server 2005 for the Enterprise. Are you prepared?

In this free half-day event, you'll learn how the top new features of SQL Server 2005 will help you create and manage large-scale, mission-critical enterprise database applications--making your job easier. Find out how to leverage SQL Server 2005's new capabilities to best support your business initiatives. Register today!

Get Ready for the SQL Server 2005 Roadshow in Europe

Back By Popular Demand--Get the facts about migrating to SQL Server 2005!

SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database-computing environment. Receive a one-year membership to PASS and a one-year subscription to SQL Server Magazine. Register now.

Are You Walking the Tightrope Between Recovery and Continuity?

There's a big difference between the ability to quickly recover lost or damaged data and the ability to keep your messaging operations running normally before, during, and after an outage. In this free Web seminar, you'll learn what the technical differences are between recovery and continuity, when each is important, and what you can do to make sure that you're hitting the right balance between them.

High Risk Internet Access: Are You in Control?

Defending against Internet criminals, spyware and phishing and addressing the points of risk that Internet-enabled applications expose your organization to can seem like an epic battle with Medusa. So how do you take control of these valuable resources? This free Web seminar will give you the tools you need to help you analyze the impact Internet-based threats have on your organization and tools to aid you in the construction of acceptable use policies (AUPs).


==== 3. Instant Poll ====

Results of Previous Poll: Does your company use an encryption product to protect files and folders on Windows systems?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 12 votes.

- 17% Yes, we use Microsoft Windows Encrypting File System (EFS).

- 33% Yes, we use a third-party product.

- 0% We haven't used encryption in the past, but we're considering it now.

- 50% No, we don't see any need to encrypt data.

New Instant Poll: Have you, your company, or someone you know been a victim of online fraud?

Go to the Security Hot Topic and submit your vote for

- Yes

- No

- Not sure


==== Featured White Paper ====

Software Packaging Workflow Best Practices

Managing desktop software configurations doesn't have to be a manual process, resulting in unplanned costs, deployment delays, and client confusion. In this free white paper, you'll learn how to manage the software package preparation process and increase your desktop reliability, user satisfaction, and IT cost effectiveness. Download your copy now and discover the value of standardizing the software packaging process.


==== Hot Release ====

Consolidate Your SQL Server Infrastructure

Shared data clustering is the breakthrough consolidation solution for Microsoft Windows servers. Find out how you can reduce the overall Total Cost of Ownership (TCO) for SQL Server cluster deployments by as much as 60 percent over three years! Download your free copy now.


==== 4. Security Toolkit ====

Security Matters Blog: Your Inbox Is Open to the World

by Mark Joseph Edwards,

Heard of Mailinator? Get a mailbox at this throw-away service and anybody can read your inbox. But that's OK. A Mailinator mailbox address is just to give out to someone from whom you want to receive one message--someone you suspect might follow up with spam. You get the desired message, then Mailinator deletes your temporary account.


by John Savill,

Q: How can I use a script to generate a list of all IP addresses on a machine?

Find the answer at


==== Announcements ====

(from Windows IT Pro and its partners)

Get All the Exchange Tips You Need

If you haven't subscribed to Exchange & Outlook Administrator, you're missing out on key information that will go a long way toward preventing serious messaging problems and downtime. Order now and discover tools and solutions you won't find anywhere else to help you migrate, optimize, administer, back up, recover, and secure Exchange and Outlook. Subscribe today:

Windows IT Pro Has What IT Professionals Need

Get Windows IT Pro and get answers. Subscribe today and get an entire year for just $39.95--that's 44% off the cover price! You'll also gain exclusive access to the entire Windows IT Pro article database (over 9000 articles) and get the Top Windows Tips handbook (over 50 helpful tips) FREE. This is a limited-time, risk-free offer, so click here now:


==== 5. New and Improved ====

by Renee Munshi, [email protected]

Management and Security Appliance

KACE announced KBOX IT Management Suite 2.0, a server appliance for midsized businesses that manages and monitors inventory, distribution, patching, security, compliance, messaging, licensing, and performance for the systems on their networks. When you add the KBOX Security Enforcement and Audit Module, the KBOX appliance scans for and reports on known security vulnerabilities based on the Open Vulnerability and Assessment Language (OVAL) standard, which covers almost 1000 vulnerabilities and is sponsored by the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security. KBOX also lets you deploy security policies with support for automatic remediation, repair, and if necessary, network node isolation (quarantine). For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Argent Versus MOM 2005

Download Argent Versus Microsoft Operations Manager 2005

Is Your Office Truly Fax Integrated?

Download this free whitepaper from Faxback and find out!


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.