Wireless Security

Operating System help, tips and tricks.
Post Reply
User avatar
ADF-Deano
ADF Member
ADF Member
Posts: 1490
Joined: Wed Aug 16, 2006 12:00 am
Location: QLD, Australia

Wireless Security

Post by ADF-Deano »

It's amazing how many people use a wireless router/Access Point and don't use the included security.Today was the 8th person i have come across who has had there internet connection shared and/or hacked and people have downloaded from there system.So for anyone with wireless who is unsure here is a quick tutorial to help you enable security.

Secure The Administration Interface

Most routers and access points have a password you use to log into the device and modify any configuration settings. Most of these devices use a weak default password like "password" (see here) or the manufacturer's name, and some don't have a default password at all.  

Changing Your Password

As soon as your new wireless router or access point is set up, your first step should be to change the default password.So make sure you change it!

Figure 1 shows the Change Password box.

Image


Turn Off SSID Broadcasting

Most wireless access points and routers automatically broadcast the network's name, or SSID (Service Set IDentifier).

Figure 2 shows the SSID Broadcast as disabled.
Image

This allows wireless clients setup extremely convenient since you can locate a wireless network without having to know what it's called. I guess you can already see the potential problems here.It will make your wireless network visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and will obstruct a Netstumbler scan.

Enable WPA encryption instead of WEP

Wireless network's should run the strongest type of encryption available to them. Your choices will be dictated by the capabilities of your router and your options are WEP, WPA and WPA2.

WEP (Wireless Equivalent Privacy) is the weakest wireless security technology. Without getting to technical WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.In 2005, the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.

WPA (Wi-Fi Protected Access) or WPA2 provide good wireless security, because of their stronger encryption technology and improved key management. The main difference between the two is that WPA2 supports stronger AES (Advanced Encryption Standard) encryption. But to further confuse users, Most consumer wireless hardware support only the "Personal" version of WPA or WPA2, which is also referred to as WPA-PSK (Pre-Shared Key). WPA2 or WPA "Enterprise" (also known as WPA "RADIUS") is also supported by some wireless gear, but needs and additional RADIUS server to implement it.

Figure 3: Encrypting traffic on a wireless router
Image

For most personal wireless networks, using WPA-PSK will provide adequate protection, but it is essential to use a key that is sufficiently long and random. Do not use a number, or a word from the dictionary, since programs such as cowpatty are already available to perform dictionary-based attacks against WPA-PSK.

Note: There are many password generators available on the Internet that can be found by a quick search. This one (click Here) has lots of bells and whistles and even provides an estimation of how long it would take to crack the password it generates.

Use MAC filtering for access control

Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems. In order to use MAC filtering you need to find the 12-character MAC address (of your network adapter) of every system that will connect to the network.

Figure 4: MAC Address filtering on a wireless router
Image

but MAC addresses are easily captured by more skilled attackers and wireless adapter MAC addresses easily changed to match a captured address.

Disable remote administration

Most wireless routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router.

Figure 5: Remote Administration Setup
Image

As a rule, unless you absolutely need this capability, it's best to keep remote administration turned off. (It's usually turned off by default, but it's always a good idea to check.)
Image

User avatar
Doom
X-Member
X-Member
Posts: 302
Joined: Sun Sep 24, 2006 12:00 am
Location: Adelaide
Contact:

Post by Doom »

Cage will probably be interested in that his got wireless

Post Reply