Saturday, January 21, 2012

Wireless Network Security

Wireless Networks did spread rapidly with the introduction of cheap and Easy configurable devices (Routers and Access Points).

Other than being inexpensive and "easy to setup", this wireless access provides convenience, mobility, productivity, expandability, and most importantly if governed correctly, it provides security.

How does a Wireless router work?
Wireless networks use high frequency radio waves to link devices such as laptops, PDA, Smart-phones to the Internet.

Understanding the setup and workflow of a wireless network is fairly simple. The internet connection comes from your ISP (internet service provider) and is connected to a small device called a wireless router, now this device has the ability of transmitting and receiving data wirelessly by the use of radio signals. And so the wireless network card in your laptop will communicate with this wireless router and provide you internet access.

Tips for Securing a Wireless Network
Change the Administrator password
The default administrator password for a certain router model is usually the same for all the manufactured quantity of that router. And it is very easy to google the password since it is already written in the device manual and posted over the internet. Therefore the Default administrator password should be changed prior to changing any other configuration on the router.
Change the Default SSID
Your wireless network should have a name; this name is called the SSID. Usually manufacturers ship their products with their brand name being the SSID for example "linksys" or "Blink91802" etc….,when someone finds a default SSID, they automatically think that it is a poorly configured network and are much more likely easier to attack.

Encryption Type
·  WEP (Wired Equivalent Privacy): WEP provides a very low level of security, (it took me about 40 minutes to crack a WEP encryption protected wireless network router) (And I have to say: it was my wireless network – and I was testing its vulnerability). WEP also comes in WEP2 and WEP+, which are not as common and still as vulnerable as the standard WEP encryption.
·  WPA (Wi-Fi Protected Access): comes in WPA and WPA2, and was created to resolve several issues found in WEP. Both provide you with good security (I haven't been able to crack a WPA2 encryption protected wireless router….... YET!)

I definitely advise to use WPA2, but since some old wireless router models don't support WPA2, WPA remains far better than choosing WEP encryption.

Password usage
Whether you use WEP, WPA or WPA2 your SSID password is your first line of defense. When you configure your wireless router password keep in mind that usage of complex passwords is the best way to protect your password from being guessed.
·  Do not use numbers only especially: "0123456789" or "your phone number"
·  Do not use guessable combinations and Dictionary words, for example : "your name" or "birth date" or "iLoveMykid"
·  Do not leave the vendor's SSID and password unchanged: I found a database that vendors use in assigning default passwords for their default SSID specially created for common wireless devices such as Thomson, SpeedTouch and others.
 
Use MAC Address Filtering

Every Wi-Fi device has a unique identifier called the physical address or "Media Access Control) aka: MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Utilizing your router "MAC Address Filter" option will only allow your predefined Wi-Fi device to connect to your router.
Using MAC filtering will surely increase your wireless network security, but it is definitely not enough because hackers has a way of changing (spoofing) their devices MAC address and clone a legitimate one that is identified by your router to gain access.

SSID broadcasting
Modern Wireless devices give the user option of hiding the name of the network (SSID). Although hackers could still sniff around and see your traffic / SSID many security reviewers believe that turning this option ON adds a little bit of security to your network. Well I don't think so, if I was hacker and I find a network with a hidden SSID I would definitely choose it over any other visible one.

Assign Static IPs to your Devices
Your wireless router, by default will assign an IP for every device that connects successfully to it using the DHCP technology. You can stop this technology and assign a static IP for every device you want to connect to the wireless network. But every time you wish to add a new device to your network, you will have to access the GUI interface, add this device and assign a fixed IP for it.

If you want to use your own IP range, go for unconventional IP Range (e.g. 139.136.122.1)

Control the wireless network range
Some wireless manufacturers brag that their devices range is larger than other manufacturers. This sometimes is not the ideal option to get. You should try to position / configure your wireless router to cover only the needed perimeter. Position your wireless device in the center of your home and test its range to best suit your needs and minimizing leakage to the outside perimeter.

Odds of being targeted by a hacker will increase if your wireless device broadcast exceeds your place and reaches remote neighbors with good signal strength.

Turn Off your Wireless Router when not using.
The best method to insure that your wireless network security doesn't get compromised is to turn your device off when you are not using it.

Current wireless devices boot up really fast (mine takes around 30 seconds) allowing you to consider the option of turning it off and on. Moreover some wireless routers are already equipped with an external button toggles wireless option off and on.

Finally, although it is hard to insure that your wireless network is secure and un-hack-able, following the above mentioned tips will make it very hard to a perpetrator to compromise your wireless network security.

3 comments:

  1. Because of you I changed my wireless router password. Thanks for the good info and updates :)

    Rachad.

    ReplyDelete
    Replies
    1. Welcome Mr.
      Im glad that you changed your password, and i hope you chose a more complex one. it is nice to know that some people do care about thier information security.
      My next post will intrest you as well !
      see you soon.

      Ahmed Saleh

      Delete
  2. Some sensible suggestions here, but this:

    "If you want to use your own IP range, go for unconventional IP Range (e.g. 139.136.122.1) "

    is a terrible idea, there are reserved network ranges for a reason.

    ReplyDelete