Monday, November 1, 2010

Wireless Security

Today I am going to talk about wireless security.  Right now I am looking at 3 different networks from around my house, basically all my neighbors since I am currently out in BFE.  Two of the routers are named after the family they belong to and the 3rd is a default lynksys.  If I was up to no good i could very easily get on these networks and do numerous things with these people identities basically.  The chances of someone actually doing something life changing to you are somewhat slim but still possible.  You could have someone mooching off your connection right now and have no idea.

If anyone wants to know how to look on their router and see who all is connected to them currently it is very easy to do. Just log on your router and look at the DHCP log. On my lynksys it is located in the Wireless MAC Filter tab. After that take a inventory of all your wireless devices and compare.  There are many other ways and programs to do this also but this is the easiest for an everyday user.

I got some easy tips for everyone to make their network more secure and a fairly good video about how easy it really is to get on someones network and learn everything about them.  You should note that these will not stop someone who knows how and really wants to get on your network from doing so but will keep most ppl off and give headaches to others.

---------------------------------------





1) Change Your Router Default Password - A must in the first line of defense. Create a strong password with a mix of numeric, alpha and symbolic characters. Also change the username.


2) Rename and Disable SSID Broadcast on your Wireless Router - SSID (Service Set Identifier) is the network name or identifier for the wireless router. SSID's broadcast a beacon signal (usually about 10 times each second) which announces to the world that the network is live and ready to go.
With broadcasting off, wireless clients must first know the SSID before they can connect. If you have multiple PC's on your home network simply type the new name in your wireless client's setup to connect to your router when SSID is disabled.
Change the default name to something else!
3) Use MAC Addressing Filter On Your Wireless Router - Many routers let you restrict access to known MAC (Media Access Control) addresses. Each network device, such as a computer network card (NIC) has a unique MAC address. By allowing access only to pre-defined MAC addresses you can reduce the risk of rogue clients connecting to your home network.
4) Change the Default Router IP Address Setting – Router manufacturers set every router with an IP address. For example, Linksys routers are configured with an IP address of 192.168.1.1. These address settings are well known and published, and can be easily discover by hackers if they know the router manufacturer and type.
5) Use WPA or WPA2 PSK (Wi-Fi Protected Access with Pre Shared Key) Encryption – When possible use WPA or WPA2 PSK over WEP (Wired Equivalent Privacy). Both Windows XP and Mac OS X support them, along with any access point manufactured within the past few years. WPA and WPA2 both have a mode called the PSK mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.
6) HTTPS, Firewall and Remote Access Settings On Your Wireless Router – Make sure HTTPS is enable for connecting to the router administration setup over your local network. Verify the firewall is enabled and all incoming ports are blocked. Disable remote access over the Internet setting.
7) Enable And Monitor Your Wireless Access Logs – Check your logs frequently for rogue access points (AP) or clients attached to the network. If you spot unknown clients or AP's connected to your network, change your WEP or WPA code, and do a little detective work in identifying unknown connections to your network.
8) Backup Your Router Configuration Settings - Although, not considered a security setting, backing up the router configuration before making changes will allow you to easily restore the settings in the event you make a mistake. This will prevent your router from being vulnerable if you are unsure about any changes you have made
9) Turn off Your Wireless Router When Not In Use – Why would you want to do this? When your router is powered off, your network cannot be compromised.
10) Get in the habit - of changing your router password every 30 to 60 days. Also change your PSK several times a year. Changing these two settings may just kick that un-detected guest off your network.

24 comments:

  1. Thanks for the information, will have too pass it on to some of the people in my family...

    ReplyDelete
  2. It's good to be safe you never know what's going to happen :)

    ReplyDelete
  3. Number 9 is the easiest and everyone should try it

    ReplyDelete
  4. Everyone in my neighborhood uses WEP encryption, some WPAs.

    ReplyDelete
  5. Turning it off when it's not in use is actually the best thing you can do. Hiding your SSID doesn't really help you at all... AND NEVER USE WEP.

    ReplyDelete
  6. Hidding SSID helps with the random person who doesn't know wtf they are doing trying to get a connection. WEP is terrible, easiest thing for people to crack!

    ReplyDelete
  7. This comment has been removed by a blog administrator.

    ReplyDelete
  8. Great advice, better safe than sorry.

    ReplyDelete
  9. great info. Nice blog, you got a new follower!

    ReplyDelete
  10. This comment has been removed by a blog administrator.

    ReplyDelete
  11. thanks for this great and useful advices :)

    ReplyDelete
  12. hell yeah, it's so easy to hack someone's wireless network

    ReplyDelete
  13. Thanks! The step by step tips are nice

    ReplyDelete
  14. Nice post!
    WPA should be number one in that list I think. Even if you have a weak password, WAP encryption will make it virtually impossible to decipher.

    ReplyDelete
  15. Very handy! thanks for another AWESOME post Dawg!

    ReplyDelete
  16. those are all really good tips man. especially now that firesheep is out. dunno if you heard of that, i did a few posts on it. your advice is spot on though.

    ReplyDelete