Wireless Networking (Wi-Fi) has made it so easy for you to use the computer, portable media player, mobile phones, video game consoles, and other wireless devices anywhere in the house without the clutter of cables.
Wireless is a great choice for a home network. Physically awkward or nearly impossible connections between computers become easy through a wireless network. But wireless comes with its own brand of security worries.
Wireless computers and routers use radio waves to communicate. Those waves are sometimes strong enough to carry outside your house. If your network is unprotected, your information is begging to be hacked. |
|
With traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighboring building or sitting in a car that's parked outside your apartment.
HOW THE BAD GUYS USE:
There have been quite a few instances where innocent Internet users have been arrested for sending hate emails when in reality, their email accounts where hacked though the unsecured Wi-Fi networks that they had at home. Wireshark is a free packet sniffing tool for Linux, Mac and Windows that can scan traffic flowing though a wireless network including cookies, forms and other HTTP requests.
Making sure that you have a safe and secure Wi-Fi experience is easy and won't cost you anything but a little time. Here are some key tips to follow:
Secure your home network: Many who purchase wireless routers don't realize that their network is open until you enable security - meaning that anyone in the area can gain access to your Wi-Fi signal and the devices logged on to it. Turn on the security features of your network and consider installing a commercially-available firewall.
|
Wi-Fi ROUTER |
MOST IMPORTANT POINTS:
OPEN YOUR ROUTER SETTINGS PAGE:
First, you need to know how to access your wireless router’s settings. Usually you can do this by typing in “192.168.1.1” into your web browser, and then enter the correct user name and password for the router. This is different for each router, so first check your router’s user manual.
You can also use Google to find the manuals for most routers online in case you lost the printed manual that came with your router purchase. For your reference, here are direct links to the manufacturer's site of some popular router brands - Linksys, Cisco, Netgear, Apple AirPort, SMC, D-Link, Buffalo, TP-LINK, 3Com, Belkin.
CHANGE YOUR NETWORK’S SSID NAME:
The SSID (or Wireless Network Name) of your Wireless Router is usually pre-defined as "default" or is set as the brand name of the router (e.g., linksys). Although this will not make your network inherently* more secure, changing the SSID name of your network is a good idea as it will make it more obvious for others to know which network they are connecting to.
CREATE A UNIQUE PASSWORD ON YOUR ROUTER:
Once you have logged into your router, the first thing you should do to secure your network is to change the default password* of the router to something more secure.
This will prevent others from accessing the router and you can easily maintain the security settings that you want. You can change the password from the Administration settings on your router’s settings page. The default values are generally admin / password.
SECURE YOUR WIRELESS ROUTER OR ACCESS POINT ADMINISTRATION INTERFACE:
Almost all routers and access points have an administrator password that's needed to log into the device and modify any configuration settings. Most devices use a weak default password like "password" or the manufacturer's name, and some don't have a default password at all.
As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else.
You may not use this password very often, so be sure to write it down in a safe place so you can refer to it if needed. Without it, the only way to access the router or access point may be to reset it to factory default settings which will wipe away any configuration changes you've made.
DON'T BROADCAST YOUR SSID:
Most WLAN access points and routers automatically (and continually) broadcast the network's name, or SSID (Service Set IDentifier). This makes setting up wireless clients extremely convenient since you can locate a WLAN without having to know what it's called, but it will also make your WLAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by (though it will still be detectible by WLAN "sniffers").
ENABLE WPA ENCRYPTION INSTEAD OF WEP:
802.11's WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren't limited to 0-9 and A-F as they are with WEP.
WPA support is built into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware and operating systems. A more recent version, WPA2, is found in newer hardware and provides even stronger encryption, but you'll probably need to download an XP patch in order to use it.
|
WI-FI WIRELESS RANGE |
REMEMBER THAT WEP IS BETTER THAN NOTHING:
If you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a string of the same or consecutive numbers. Also, although it can be a pain, WEP users should change encryption keys often-- preferably every week
USE MAC FILTERING FOR ACCESS CONTROL:
Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump.
REDUCE YOUR WLAN TRANSMITTER POWER:
You won't find this feature on all wireless routers and access points, but some allow you lower the power of your WLAN transmitter and thus reduce the range of the signal. Although it's usually impossible to fine-tune a signal so precisely that it won't leak outside your home or business, with some trial-and-error you can often limit how far outside your premises the signal reaches, minimizing the opportunity for outsiders to access your WLAN.
DISABLE REMOTE ADMINISTRATION:
Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it's best to keep remote administration turned off. (It's usually turned off by default, but it's always a good idea to check.)
|
USP WIFI RECIVER |
ALSO FOLLOWING A SOME EASY STEPS CAN ENSURE:
Protect yourself when using a public hotspot: Free public hotspots are by nature "open" and unencrypted. To reduce your exposure to unwanted risks:
- Make sure that you are connecting to a legitimate hotspot - those that require a password have more protection than those that do not.
- Use a virtual private network or VPN, which establishes a private connection across the public network. This may be supplied by your employer, or you can purchase one.
- Surfing the web and sending e-mail is fine, but doing your banking for example in a public hotspot is not advised.
Configure for approved connections: Many devices sense and automatically connect to any available wireless signal. To regain control, simply configure your device to not automatically connect to an open network without your approval.
Disable sharing: Your Wi-Fi enabled devices may automatically open themselves to sharing / connecting with other devices. File and printer sharing may be common in business and home networks, but you can avoid this in public networks.
Install anti-virus software: When connecting at home or at work, it's safe to assume that the other computers on those networks are protected against viruses. When using a public hot spot you have no such assurance, which makes it more important to have antivirus software installed.
Use a personal firewall: When connecting to a public hot spot, you are joining a network with other unknown computers, which can increases your exposure to unwanted risks To protect yourself , run a personal firewall program, which are easy to install and in some cases free.
Insist on Wi-Fi CERTIFIED™: Wi-Fi devices have the best chance of working together if they are Wi-Fi CERTIFIED by the Wi-Fi Alliance.
- Is your Wi-Fi device up to snuff? Wi-Fi CERTIFIED products require WPA2™ - the most up to date security standard in the industry. Check your Wi-Fi devices to see if they are certified.
- Wi-Fi Protected Setup™ simplifies Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security.
REDUCE THE RANGE OF THE WIRELESS SIGNAL:
If your wireless router has a high range but you are staying in a small studio apartment, you can consider decreasing the signal range by either changing the mode of your router to 802.11g (instead of 802.11n or 802.11b) or use a different wireless channel.
You can also try placing the router under the bed, inside a shoe box or wrap a foil around the router antennas so that you can somewhat restrict the direction of signals.
Apply the Anti-Wi-Fi Paint - Researchers have developed a special Wi-Fi blocking paint that can help you stop neighbors from accessing your home network without you having to set up encryption at the router level. The paint contains chemicals that blocks radio signals by absorbing them. "By coating an entire room, Wi-Fi signals can't get in and, crucially, can't get out."
UPGRADE YOUR ROUTER'S FIRMWARE:
You should check the manufacturer's site occasionally to make sure that your router is running the latest firmware. You can find the existing firmware version of your router using from the router's dashboard at 192.168.*.
CONNECT TO YOUR SECURE WIRELESS NETWORK:
To conclude, MAC Address filtering with WPA2 (AES) encryption (and a really complex passphrase) is probably the best way to secure your wireless network.
Once you have enabled the various security settings in your wireless router, you need to add the new settings to your computers and other wireless devices so that they all can connect to the Wi-Fi network. You can select to have your computer automatically connect to this network, so you won’t have to enter the SSID, passphrase and other information every time you connect to the Internet.
Your wireless network will now be a lot more secure and intruders may have a tough time intercepting your Wi-Fi signals.
|
PCI WIFI RECIVER |
WHO CAN CONNECTED TO YOUR WIRELESS NETWORK:
If you are worried that an outsider may be connecting to the Internet using your Wireless network, try AirSnare - it's a free utility that will look for unexpected MAC addresses on your Wireless network as well as to DHCP requests. Another option is that you open your router's administration page (using the 192.168.* address) and look for the DHCP Clients Table (it's under Status > Local Network on Linksys routers). Here you will see a list of all computers and wireless devices that are connected to your home network.
*It is also a good idea to turn off the router completely when you are not planning to use the computer for a longer period (like when you are out shopping). You save on electricity and the door remains 100% shut for wireless piggybackers.
NOTE: If you ever want to let a new device connect to your network, you will have to find its MAC address and add it to your router. If you simple want to let a friend connect to your wireless network one time, you can remove his MAC address from the router settings when he or she leaves your place.
This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSA, MCSE, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.
2 comments:
Protect yourself against such attacks?
Firstly don’t use WEP. Most wireless modems and routers these days are capable of what is called WPA2 (A note for Windows users, you will need atleast Service Pack
2 installed and download the WPA update to use WPA2). You may notice that there are a few implementations of WPA2. WPA2-PSK is the preferred one for home networks as it doesn’t require any other authentication servers or anything fancy.
WPA2-PSK (Pre-Shared Key) works in much the same way as a WEP key but uses a much stronger encryption algorythm (AES) which makes it much harder to crack! I would like to explain how to configure this security but there are so many different types of modems out there it would be just impossible to please everyone. A quick read of the manual or a google search on “Configuring WPA2″ should cover you, there are many good configuration articles out there.
A second step in securing your network would be to turn off your SSID (Service Set Identifier) broadcast. Broadcasting your SSID advertises to the world that you have an active wireless connection. By turning this off you obviously stop publically advertising the existence of your network so unless somebody already knows about your wireless network or uses specialised software like NetStumbler, they won’t even know your WLAN exists in the first place. This may cause would-be hackers to bypass your network in favour of an easier target elsewhere. Be careful though, doing this alone will not make your network secure! It should be a secondary step after implementing WPA2 encryption.
Once you have disabled your SSID broadcast all the computers connected to your wireless network must be manually configured to connect to your WLAN.
Thirdly you can implement MAC address filtering which is ok for smaller networks that don’t have new devices connecting to them frequently. The way this filtering works is similar to giving a security guard a list of names and when somebody tries to gain access they compare the person’s name to a name on the list. If they are not on the list they are denied access.
Every network device ever manufactured has it’s own unique ID or MAC address which is hardcoded into it. You can obtain MAC addresses off other routers and modems by looking at the label sticker on the bottom of the device or the MAC address of your network card in Windows by opening a command prompt and typing in ‘ipconfig/all’. Most wireless modems support MAC address filtering however each time a new device needs access to the network it’s MAC address needs to be added to the list. This can be a pain to administer but it does give you an Extra level of security.
A sophisticated hacker may be able to watch your network for authorised MAC addresses and then essentially forge it thus gaining access.
By - Prem.
How To Check If Someone Is Stealing Your WiFi?
WiFi running a bit slow lately? If your router is still using old security methods such as WEP, then there’s a very real possibility that someone has hacked in to steal your WiFi. In my article on Cool WiFi Devices You’ve Probably Never Heard Of, I showed you a $100 commercially available router that would automatically hack your WEP-protected WiFi network in less than half an hour. Apart from the obvious fact that your internet will be slower, the hacker might be using your internet to do nefarious evil things – all of which could easily be traced back to you. So how you can find out if someone is using your WiFi, and perhaps more importantly – what exactly can you do about it?
Check the devices associated with your router
This method is 100% guaranteed to see any devices registered on your network, but not every router contains this valuable info. Log in to your router by typing it’s IP address directly into the browser address bar. In most setups, either http://192.168.0.1 or http://192.168.1.1 should work, or it may be written on the router itself, along with the username and password you need to log in with. If you can’t find a password anywhere, and don’t remember changing it, then check the database of default passwords here, or phone your ISP (assuming they gave you the device).
Once logged in, look around a section called Attached Devices or Device List. On DD-WRT flashed routers, this is under the Status -> Wireless screen. You will find a list of all the IP addresses currently being used .
On my standard Virgin Media router, I found a list under the IP filtering section.
Of course, not all your devices will have helpful names, so you’ll need to figure out the IP address of each computer and WiFi device you own in order to cross-check them against the list.
Track Them Down Physically
This may be taking it a little far, but running the MoocherHunter live CD tracking suite will enable you physically hunt them down by triangulating network signals. Scary stuff, indeed. You’ll a directional antenna for this to work best.
What to do about it Basic Security – Stop using WEP
Any router purchased in the last 5 years or so should be able to support a more secure authentication protocol, so log in to your router again and find the Wireless Settings screen.
Change the security options to either WPA or WPA2. WPA2 is more secure, but I find it’s incompatible with some of the devices on my network so I chose the option that allows for both. Don’t choose the Enterprise option as it is designed for companies with authentication servers. When choosing your password, make sure it is at least 15 characters long, includes upper and lower case letters, numbers, and punctuation.
There are some other methods that people will typically advise you to take, but put simply – they don’t work:
Hiding your SSID: You can hide your network name so it won’t be seen, but freely available hacking tools such as Backtrack will reveal them instantly.
IP filtering: This blocks out a specific IP, but changing IP is as simple as refreshing the connection.
MAC filtering: More secure since it blocks a device via the unique hardware address that is given out when it’s manufactured, but again, anyone trying to steal your WiFi can easily “spoof” their MAC address.
Turn their internet upside down
For anyone with a spare PC or who doesn’t mind messing with the command line, you could create an open WiFi network specifically for these freeloaders, and run everything through a Linux proxy. The proxy can setup to cut directly into their internet stream, and one interesting outcome is that you can turn all their images upside down.
Post a Comment