|
|
|
 |
|
| Some Wireless Security Basics |
| Wireless networking makes it easy to share Internet access and data but of course you don't want to share your information with everybody. Because your information is traveling through the airwaves and not physical wires, anybody within range can "listen in". Here are the four essential security measures you should take to secure your wireless network. |
|
(1) Change the default SSID.
Your wireless devices have a default SSID set at the factory. The SSID is the name of your wireless network and it can be anything you want. For example, Linksys wireless products use linksys as the default SSID. Hackers know these defaults and will try them in an effort to join your network. Change the network's SSID to something unique and make sure it doesn't relate to the networking products you use. As an added precaution, be sure to change the SSID on a regular basis so any hacker who may have figured out your network's SSID in the past will have to figure out the SSID again and again. This will deter future intrusion attempts. (2) Disable the SSID broadcast option. By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network. Hackers will also be able to connect so unless you're running a public hotspot, disable the SSID broadcast. (3) Change the default password needed to access a wireless device. Wireless products such as access points and routers ask for passwords when you want to change their settings. These devices have default passwords set at the factory. For example the Linksys default password is admin. Hackers know these defaults and will try them to access your wireless device and change your network settings. To stop any unauthorized modifications, change the device's password to something hard to guess. (4) Enable MAC (Media Access Code) address filtering. This has absolutely nothing to do with Apple computers. Instead, the MAC address is a unique series of numbers and letters assigned to every networking device in IEEE® 802 software. If your wireless products such as access points and routers offer it, enable MAC address filtering. Once the MAC address filtering is enabled, wireless network access is provided solely for wireless devices with specific MAC addresses. This makes it harder for a hacker to access your network using a random MAC address. |
| Wi-Fi Protected Access TM (WPA and WPA2) |
|
If you are going to buy a wireless router, make sure that it comes with and that you enable and update the Wi-FiTM Protected Access
(WPA or WPA2) security standard (firmware) in it so that your neighbors and more importantly war drivers or mobile hackers do not have
access to your Internet connection and your computer system. Just look for the
WPA or WPA2 logo on the box. The security and peace of mind are
well worth the extra cost.
WPA and WPA2 are the high security standards for wireless networking and they are forward compatible with the Wi-Fi IEEE 802.11i security standard. WPA2 provides even stronger encryption than WPA, and it is backward-compatible with WPA so there is no reason not to buy it. So what's so great about WPA you wonder? Well, for a start, it keeps unwanted users out by checking for the proper permission and password before allowing network access. Moreover, WPA offers up to 256-bit encryption keys, which are significantly harder to decode than the older Wired Equivalent Privacy (WEP) standard which uses 64 bit or 128 bit encryption keys. Another important feature is the dynamic nature of the WPA encryption key. It will automatically change as often as you want it to and a good example of this is the Linksys default interval of 50 minutes. This means that by the time the hacker has tried to figure out (decode) the WPA encryption key by eavesdropping on your network traffic, your network has already switched to a newer WPA encryption key. The nature of the WEP key on the other hand is static. Finally, WPA Wireless Routers are used both at home and in the office and thus there are two modes of operation: The mode most suitable for home use is called the WPA Personal Mode, but it is also known as the Pre-Shared Key Mode (WPA-PSK). It is very easy to use and one just has to select this mode and enter the same password on every network device to activate WPA security. The corporate mode is called the WPA-Enterprise Mode or the WPA-RADIUS (Remote Authentication Dial-In User Service) Mode. This mode requires each device be authorized according to a master list held in a special authentication server usually called a RADIUS Server. |
| Upgrading to WPA |
|
If you already own a 802.11a-g Wired Equivalent Privacy (WEP or WEP+) router it may be possible to upgrade your
wireless local area network to WPA and there are three very important items that you need to first verify.
(1) Check with your wireless router manufacturer to see if your particular router has free WPA support. (2) Check with your wireless network card manufacturers to see if there are free WPA drivers available. (3) Make sure you can obtain client software (Referred to as a supplicant.) that supports WPA and your operating system. |
| Client or Supplicant Software |
|
With reference to item (3) above, Microsoft® provides a free WPA upgrade but only for Windows XP®. If you are running an operating
system other than Windows XP®, you will need a third-party supplicant. Third-party client software is available from
Funk Software or from
Meetinghouse Data Communications.
The Microsoft® WPA client for Windows XP® is not available as an automatic Windows® update. Go to Microsoft Knowledge Base Article 815485 and download the file into a new directory. Double-click to install the file it as it is self-extracting and self-installing. Once you have updated your operating system, reboot your computer. The software adds additional dialog boxes to the Network Control Panel to support the new authentication and encryption options of WPA. |
| Firmware Updating for the Network Cards and Router |
| You now have to download the upgrades for your router and network cards. We recommend that you download everything before upgrading anything and store the files where you can easily find them again. You must also get the exact information on to how to install and configure the upgrades for all the devices. If the instructions look a little more complicated than you are comfortable with, print out the instructions and take the computer, printed instructions and router to a service technician. Likewise write down the addresses where the upgrade files are stored, the file names, what each upgrade file is for and that you have already installed the WPA supplicant software on your operating system. |
| Wired Equivalent Privacy Is NOT Safe (WEP and WEP+) |
|
If your present wireless router and wireless network cards use the Wired Equivalent Privacy (WEP) software (firmware)
known as the IEEE® 802.11a-g standard or the modified "WEP-Plus" security protocols, please be aware that these security
protocols are not secure. They have well known flaws in them and they can be easily breached by
any dedicated hacker or mobile hacker (war driver) in one minute.
A war drivers is a person who drives around in cities or towns, usually in the evening, looking for open Wi-Fi connections to the Internet. Their software and equipment of choice is from Netstumbler or Cain & Abel and a full Wi-Fi IEEE 802.11b kit for a laptop is only $150.00. If they already have a wireless network card in their laptop computer then all they need is the Netstumbler or Cain & Abel software, both of which are free. That is how easy it is to get at unprotected computers. Not long ago, a "war driver" was caught, nude from the waist down, performing illegal Internet activity one very early morning in front of someone's home in a west Toronto suburb. He was using their open wireless Internet connection for this activity and he actually lived 250 miles away. Don't let this happen to you because you will be charged if illegal Internet activity is traced to your Internet account. To learn more about how an Internet account is traced, press the information window titled What Internet Servers Learn About You once you close this window. |
| Linksys® Model WRT54G Wireless G Broadband Router |
| A (moderately critical) security bypass flaw has been found in the Linksys® model WRT54G wireless G broadband router and this could give malicious hackers administrative access to to your system. Linksys has issued BETA firmware to repair this remote management security vulnerability and it is available here . |
| Free McAfee® WEP to WPA Software |
| If you have an older wireless computer that won't run with WPA encryption, you may be able to use McAfee's® free WPA client in its "Pre-Shared Key" or "Disable Authentication" mode. McAfee® however trying to sell you a dynamic WiFi endpoint authentication service. This is something you don't actually need because your system-wide pre-shared key is adequate. Just be sure to select the Disable Authentication option when installing the client. |
|
