Wireless Security
Wireless technology is quicly spreading around the world, and lots of wireless devices are used in home or office environments. One of the main problems with wireless connections is security, and here we will attempt to show an overview of the issues regarding wireless security.
Wireless security is doable but difficult to enforce. First of all, anyone with a wireless network card, located within the range of a wireless network, can connect to your wireless network and at least attempt to authenticate. Since there are no plugs and wires that you can keep within your home or office building, and the radio waves escape on other floors and outside the building, there are lots of places where people can try to connect to your network. This range goes from a few meters to a few hundred meters, when using high gain antennas. But there are also security problems with wireless tecnology itself. Modern wireless protocols like WPA are more secure, and there are ways to improve the basic level of security, however a lot of people are still using WEP and many are using 64 bit or 128 bit WEP which is rather easy to crack, so if you are using something like this, do not be so surprised if someone manages to break within your network.
A lot of wireless networks are using the default configurations, or an instant (ad-hoc) configuration, which means that these networks are widely open so anyone can connect. One of the most recent hobbies for a lot of people is the so called war driving, performed by people with laptops and high gain antennas, driving in car near various office buildings and locating unprotected wireless networks where they can hack in. There are plenty of such misconfigured wireless networks that they can easily get into.
If you are setting up your own home or office wireless network, here are a few security tips that you may want to keep in mind:
- It would be best to use WPA instead of WEP because WPA is more secure.
- If you use WEP, try using 256 bits if available. 128 bits is crackable, and 64 bits can be cracked in minutes.
- Make sure you disable SSID broadcast - if you keep it enabled, it is almost like telling everyone that you have a wireless network and inviting them to have a try at it.
- Place your antennas in such a way to minimize the range where people can connect to your network from outside.
- Use very long passphrases - the longer you use, the better will be your wireless network security.
- Use whatever additional protection measures are available. One of the things you should do is to enable MAC access control. Although MAC can be spoofed, it is an additional security measure that can protect you from lots of attempts to break into your network. The only drawback is that it is rather difficult to configure. Use additional IP-based filtering if the wireless device is also a firewall/router, just to make things more difficult for the attacker.
- If your network has only a small range of 11g compatible devices, you may want to disable 11b mode on your access point, as this one will travel on much bigger distance than 11g.
- Always change the default access point usernames and password. Hackers really know them.
- Make sure encryption (WPA or WEP) is actually turned on.
- Change the default SSID to something different, as a default SSID will tell the attackers that your network may not be properly secured and they will feel invited to give it a try.
- Use static IP address assignment to all computers within your network and set up firewall routers for them. Disable DHCP.
- Whenever your wireless network is not needed, turn off your access point - or at least if you leave your home or office for a longer period of time.
Wireless security is doable but difficult to enforce. First of all, anyone with a wireless network card, located within the range of a wireless network, can connect to your wireless network and at least attempt to authenticate. Since there are no plugs and wires that you can keep within your home or office building, and the radio waves escape on other floors and outside the building, there are lots of places where people can try to connect to your network. This range goes from a few meters to a few hundred meters, when using high gain antennas. But there are also security problems with wireless tecnology itself. Modern wireless protocols like WPA are more secure, and there are ways to improve the basic level of security, however a lot of people are still using WEP and many are using 64 bit or 128 bit WEP which is rather easy to crack, so if you are using something like this, do not be so surprised if someone manages to break within your network.
A lot of wireless networks are using the default configurations, or an instant (ad-hoc) configuration, which means that these networks are widely open so anyone can connect. One of the most recent hobbies for a lot of people is the so called war driving, performed by people with laptops and high gain antennas, driving in car near various office buildings and locating unprotected wireless networks where they can hack in. There are plenty of such misconfigured wireless networks that they can easily get into.
If you are setting up your own home or office wireless network, here are a few security tips that you may want to keep in mind:
- It would be best to use WPA instead of WEP because WPA is more secure.
- If you use WEP, try using 256 bits if available. 128 bits is crackable, and 64 bits can be cracked in minutes.
- Make sure you disable SSID broadcast - if you keep it enabled, it is almost like telling everyone that you have a wireless network and inviting them to have a try at it.
- Place your antennas in such a way to minimize the range where people can connect to your network from outside.
- Use very long passphrases - the longer you use, the better will be your wireless network security.
- Use whatever additional protection measures are available. One of the things you should do is to enable MAC access control. Although MAC can be spoofed, it is an additional security measure that can protect you from lots of attempts to break into your network. The only drawback is that it is rather difficult to configure. Use additional IP-based filtering if the wireless device is also a firewall/router, just to make things more difficult for the attacker.
- If your network has only a small range of 11g compatible devices, you may want to disable 11b mode on your access point, as this one will travel on much bigger distance than 11g.
- Always change the default access point usernames and password. Hackers really know them.
- Make sure encryption (WPA or WEP) is actually turned on.
- Change the default SSID to something different, as a default SSID will tell the attackers that your network may not be properly secured and they will feel invited to give it a try.
- Use static IP address assignment to all computers within your network and set up firewall routers for them. Disable DHCP.
- Whenever your wireless network is not needed, turn off your access point - or at least if you leave your home or office for a longer period of time.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions