Protect Your Wi-Fi (Wireless) Network from Intruders

During the recent terror attacks  in India, the Police says that, the terrorists had hacked the Internet connectivity of unsecured WiFi connection in the neighbourhood for their communication. As always, technology is being used for the negative activities, including the Taliban Using Skype for communication.

What is Wi-Fi or Wireless Network?

Wi-Fi technologies make access to information easier, eliminate cabling and wiring, eliminate switches, adapters, plugs, pins and connectors. Using Wi-FI, you can deploy LANs (Local Area Networks) without cabling for client devices. This reduces the costs of network deployment and expansion, and provides mobility of the devices within the range.

Wi-Fi is most suited for home networks. A typical Wi-FI home router with the default antenna might have a range of 32 meters indoors and 95 meters outdoors. Range varies with frequency band; Wi-Fi in the 2.4 GHz frequency block performs slightly better than Wi-Fi in the 5 GHz frequency block.

It is very important to keep the Wi-Fi connection secured to the maximum. Here are some steps to assist you with tightening your Wi-Fi network.

[advt]

Switch Off Your Wi-FI Router When Not Using It

Follow this simple advice and save your network. When you are not using the network, simply turn the router off. It saves your network from attacks (and saves your money and electricity)! Switch off your home Wi-FI router when you go to office and when you go to bed, or you are travelling away from your home.

Configuring Wireless Router / Access Point

You will be configuring the router for setting up wireless network at your place. The router comes with a default IP address, username and password. The router can be configured using a web browser and the routers IP. In most cases, the router IP is 192.168.1.1 or 192.168.0.1. Some routers even allow you to set its IP to something else.  In most cases, the administrator username is admin, and the default password is admin, password, or password the model number of the router or leave blank.

The first thing you should do is to change the default password.

Update Router Firmware

After you setup the router / access point, get the latest firmware for the hardware. Some routers comes with built in logic in the router admin control panel to check for latest. Otherwise, you will have to go to the wireless router homepage or their support website and look for the latest firmware updates if any.

Update SSID Information

SSID stands for Service Set IDentifier. An SSID is a name used to identify the particular wireless LANs to which a user wants to attach. A client device such as your laptop will receive broadcast messages from all access points within range advertising their name. You can either choose one to connect always based on pre-configuration, or by displaying a list of names in range and asking the user to select one.

Most routers comes with default SSID names, which are easy to guess. You need to choose a new SSID, preferably combination of letters and numbers.

Disable guest SSID if defined in the wireless router. Guest SSIDs are open and insecure. It enables anyone to connect to the network.

Wireless Routers by default transmits /broadcasts the SSID to everyone. Wireless clients such as laptops and mobile phones searching for a network connection can discover it automatically. If you broadcast your wireless network’s SSID, you are telling the world that  you have a wireless network and come hack it!

For better security, disable the SSID Broadcasting. You will find the option in most of the wireless router’s admin control panel. Instead of the device discovering the name automatically, you can manually configure your device and be secure.

Suppressed SSID is not a very effective security method; the SSID is broadcast in the open as clear text in response to a client SSID query.

You may change your SSID frequently, or when you have a doubt that it is compromised.

MAC Address Filtering

A MAC address (Media Access Control) is a quasi-unique identifier assigned to most network adapters or network interface cards (NIC) by the manufacturer for identification.

The router can be configured to only accept connections from the list of MAC addresses specified by the network administrator. To find your computer’s MAC address, open the command prompt in Windows, and enter the command ipconfig /all. The Physical Address is your MAC Address. For other devices, the MAC address will be written in the label itself or somewhere like that.

Although MAC address is intended to be a permanent and globally unique identification, it is possible to change the MAC address on most of today’s hardware, with MAC spoofing. So the Wi-Fi hacker can spoof the MAC with an authorized and get into the network.

Use Static IP Address, Disable DHCP and Reduce Subnet Size

If you want to go one more level further in machine level security, disable the automatic IP Address assignment functionality, which is called DHCP function. Instead manually assign static IP addresses for various devices on the network through the admin control panel.

This makes it difficult for a casual or unsophisticated intruder to log onto the network. You can as well reduce the size of the subnet to what is absolutely necessary.

Remote Management

Wireless routers provide Remote management functionality to access, modify and configuration the wireless router from any client machines,  by using the admin login id and password. Disable this functionality, and make sure that configuration can only be done from a physically connected machine. It’s usually turned off by default.

Use Latest Wireless Encryption Standards

WEP (Wired Equivalency Privacy) was the original encryption standard for wireless. There are several utilities that can be used by crackers to break in by examining packets and looking for patterns in the encryption.

WEP is now being considered outdated and seriously flawed. But WEP protection is better than nothing, though generally not as secure as the more sophisticated WPA-PSK encryption.

WPA (Wi-Fi Protected Access) was developed by the Wi-Fi Alliance to replace WEP. WPA Personal (also known as WPA-PSK)uses a pre-shared Shared Key (PSK) to establish the security using an 8 to 63 character passphrase. You might also see the security method called WPA-Enterprise. Setup for WPA-Enterprise is complex and requires special network infrastructure.

WPA support is built into the latest Windows XP Service Pack 2 and virtually all modern wireless hardware and operating systems.

If you have wireless devices that don’t support WPA, such as PDAs, DVRs, or wireless cameras, you’ll have to use WEP.

WPA2 is the newest type of wireless encryption, WPA2 provides the highest level of encryption available. it is an enhancement over the WPA. WPA2 encryption should be your first choice if your wireless router and all of your wireless computers and devices support it.

Go through the instructions provided by Microsoft to set up a wireless network in Windows XP and Windows Vista.

Cracking Wireless Encryption

We have been discussing how to protect the wireless network. Now let us ask this question: Is it possible to crack the wireless encryption?

Yes, any encryption can be cracked. An individual with knowledge of computers and networking, and who is willing to spend a few hours researching free “hacking” tools, can crack encryption in a few hours.

There are several utilities such as aircrack-ng, weplab, WEPCrack or airsnort that can be used to break in to the wireless networks by examining packets and looking for patterns in the encryption. In 2005 a group from the FBI held a demonstration where they used publicly available tools to break a WEP encrypted network in three minutes.

Most users who want to connect without authorization lack the expertise to crack wireless encryption. Anyone looking for a free connection will likely choose the unprotected network rather than spend hours to crack your wireless encryption. Therefore, even WEP encryption offers better protection than not having encryption enabled at all.

Do you have a wireless network? What are the security procedures you have implemented?

Be the first to comment

Leave a Reply