Bits and Bytes: Wireless Networking (Part 2)
By Steve Staves
In a previous article I highlighted the need to be cautious when setting up a wireless network as it can open a large hacker’s portal into your system. With this article I am going to offer some practical advice that should help you secure your wireless network.
- Put your Wireless Router at the center of the area that you want to cover.
- Place the wireless router at the lowest point of the house – Preferably in the basement because then the signal will be weak for your neighbors. This may pose some issues for your receivers but does offer more security.
- Don’t setup wireless devices directly under a Wireless Router – The chances of maintaining a good connection are slim.
- Setup the Wireless Router’s antenna vertically and Point wireless adapter’s antenna toward the Wireless Router.
- Keep antenna(s) away from radio/TV antenna(s), Wireless phones, microwaves and metal fixtures.
A web site that I have found to be very useful is http://www.cirt.net/.
This site contains all the default user names and passwords for all routers etc. Why am I giving you this site? To show how easy it is for someone to gain complete control of your network if the proper precautions are not taken. I would like to raise the awareness level that the default setup, default password etc are not enough – Leaving the defaults in place is akin to giving everyone complete control over your systems. Change the defaults and incase I have not mentioned it before – CHANGE THE DEFAULTS.
There are two primary methods in play to secure your wireless routers – WEP and WPA.
1. (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. Its authentication method was extremely weak and even helped an attacker decipher the secret encryption key. As a result, WEP authentication was dropped from the Wi-Fi specification. WEP uses preshared keys (PSK) that are entered manually at both ends. Using the RC4 encryption algorithm, WEP originally specified a 40-bit key, but was later boosted to 104 bits. Combined with a 24-bit initialization vector, WEP is often touted as having a 128-bit key. *It takes less than three minutes to crack a 128bit encrypted pass-phrase. Roughly 100Mb of data is needed. Basically, do not even consider using WEP as the security method – It is too weak.
2. (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks from the Wi-Fi Alliance that was developed to provide a migration from WEP. The WPA logo certifies that devices are compliant with a subset of the IEEE 802.11i protocol. WPA2 certifies full support for 802.11i. WPA and WPA2 use a sophisticated key hierarchy that generates new encryption keys each time a mobile device establishes itself with an access point. Protocols including 802.1X, EAP and RADIUS are used for strong authentication. Like WEP, keys can still be entered manually (preshared keys); however, using a RADIUS authentication server provides automatic key generation and enterprise-wide authentication. *Use a passphrase of at least 21 characters.
There are other security options on higher end routers that offer even more security but all wireless devices need to be able to handle that level of security. Be sure to check compatibility before turning on some of the security options as you might not be able to authenticate against your router.
The following helps deter the “Kiddie” Hackers but are only temporary road blocks to the experts …
- Change the SSID – Frequently
- Change the WPA pass phrase - Frequently
- Use MAC Address filtering
- Disable DHCP
- Antenna Placement
- Change the default IP Range e.g. 192.168.132.1
- Change the default user and password
- Turn off the wireless capability when not being used
Previous Story - Next Story
Email
Print
Facebook
Twitter
Digg
Del.icio.usReturn to Home
