[Masthead] Fog/Mist ~ 36°F  
High: 32°F ~ Low: 27°F
Friday, Feb. 10, 2012
Email link Read comments (20) Blog archive

How Secure Is Your Wireless Network?

Posted Wednesday, January 2, 2008, at 5:42 PM

(Photo)
Wireless Hacking Action Shot
If you own a wireless router then this is for you. Have a professional inspect and secure it or call the manufacturer's tech support line to get help securing it if you don't know how. If your network is unsecured, people will use it. Here are some tips that will help make your network less desirable:

1. Use WPA encryption to lock the network down. A large percentage of the networks I have inspected (more than 90%) have either WEP encryption (more on why this is bad below) or zero security at all. You are exposing yourself to a number of different risks unnecessarily by leaving your network unsecured. People that use the internet for evil (child pornography, terrorism, fraud) do not want to get caught. Why would they use their internet connection when they could easily use yours?

2. Change the admin password on your wireless router from the default password to something only you know. Your wireless router by default can only be accessed from inside, but if I hack your wireless network and join the network I am on the inside. After changing a few settings I can easily host a web page, launch spam attacks, or spoof other websites like PayPal. By changing your password you can ensure that even if someone hacks your wireless network you have an extra layer of protection against certain attacks.

3. Don't let anyone tell you that MAC filtering or disabling the SSID is all the protection you need. A novice hacker can detect internal MAC addresses and then configure their own wireless adapter to spoof the internal MAC address. The SSID is easily sniffed also. Encryption, encryption, encryption.

4. If you don't need wireless, disable it. The best way to secure a wireless network is to not have one. Many wireless routers come with the wireless enabled by default whether it is being used or not. Check your router settings and see if you can disable it altogether if it is not being utilized.

5. If unsure, seek help. Better safe than sorry. Many companies in the area feel the need to share their server's entire hard drive. Some companies need to share their Quickbooks file so others can access it. If you are sharing folders, especially in the case of Quickbooks company data, you should pay the money and get a Windows domain so that you can control who accesses the folders and when. If you don't take this step then a malicious hacker may take pleasure in deleting your company's data. You've been warned.

Ok... why is WEP encryption bad? First of all, there are different wireless encryption standards available. Most routers today have WEP and WPA. WEP is older and obsolete. It is included on newer routers for compatibility with older wireless cards. If your router only has WEP encryption available, throw it in the trash. Recently I got curious about WEP hacking because of all the media attention that it has been getting lately, so I thought I would give it a shot. I researched it for half an hour, downloaded and tried several different hacking programs, bought a used USB wireless adapter that can be placed in monitor mode, and proceeded to cracking my wireless routers at home. Took ten minutes to crack my first WEP encrypted wireless router. Ten minutes after that I cracked the second wireless router. Armed with the passwords I could join the network and do as I please. Secure your wireless networks properly or you may be cracked yourself.

Comments
Showing most recent comments first
[Show in chronological order instead]

No wonder you were so excited about off-site backup options. Pouring chicken soup on your CPU, I bet you could use that quite often. :)

-- Posted by Thom on Tue, Jan 8, 2008, at 2:19 PM

This information is a lot of help.

My idea of virus protection was pouring chicken soup and echinacea down my CPU.

I bet these precautions would work even better.

-- Posted by quantumcat on Tue, Jan 8, 2008, at 9:09 AM

ANYONE: Is there somewhere you can take unwanted computer accessories and maybe get alittle money out of them? The things I have would be usable and they are in good condition. I really hate to just throw them away or give them away. Thanks anyone!

-- Posted by jkelley on Mon, Jan 7, 2008, at 11:16 AM

Excellent article! I posted a way scaled down version of something very similar a couple of days ago. Wireless security for home networks is essential.

That said, don't forget the other basics for keeping your computer free of viruses: Keep your operating system up to date; clear your browser cache frequently (especially when using hot-spots at your favorite coffee house); and make sure to install a decent anti-virus application and keep it up to date.

Basics, yes! But I'm amazed at how many computer users don't do any of them--at least 50% of my service calls.

-- Posted by KernTechSupport on Sat, Jan 5, 2008, at 1:53 AM

I'll volunteer to help out any of you in the Bell Buckle area. Of course, it'll have to be at night or on the weekend since I work so far from home, and generally don't get back in town until 6:30 or so. If you need help setting up your wireless, shoot an e-mail at thoms_blog@yahoo.com and we'll see if we can set something up.

-- Posted by Thom on Thu, Jan 3, 2008, at 7:50 PM

OK, I might have to get back with you on that!

-- Posted by Disgusted on Thu, Jan 3, 2008, at 2:32 PM

After you get your router configured you will need to change the wireless security settings on each computer.

-- Posted by nathan.evans on Thu, Jan 3, 2008, at 1:53 PM

Its the netgear Farmer Bill has above!

-- Posted by Disgusted on Thu, Jan 3, 2008, at 1:31 PM

Post the model number and manufacturer of your router and I will post a link to the instructions for you Disgusted.

-- Posted by nathan.evans on Thu, Jan 3, 2008, at 1:16 PM

All this can be very confusing… I happen to have a Netgear wireless router and there is a good description of how to set up either WEP or WPA encryption on their website. Other brands have similar information available their sites. See website link below…

http://kbserver.netgear.com/kb_web_files...

-- Posted by Farmer Bill on Thu, Jan 3, 2008, at 1:02 PM

Clear as mud...LOL

-- Posted by Disgusted on Thu, Jan 3, 2008, at 11:21 AM

What is the typical distance that a wireless network will project? The closest access point to my network is about a quarter of a mile.

-- Posted by stevemills on Thu, Jan 3, 2008, at 7:36 AM

Steve, I can install antennas that will extend a wireless network reliably up to a mile if a good line of sight is available. Without special equipment wireless networks don't go very far. A small $35 directional antenna will allow you pick up signals a couple of houses down reliably.

-- Posted by nathan.evans on Thu, Jan 3, 2008, at 10:00 AM

Evil Monkey, just because you used your MAC address to generate a hex key does not mean that only your wireless adapter can access it. When you enter your MAC address in that password field the program encodes it into a hex key, nothing more. You have not enabled any kind of MAC filtering or made your wireless network accessible only from a specific wireless adapter. Your adapter's MAC address is viewable in every packet that is transmitted from it. Even if you did enable MAC filtering, I could spoof your adapter's MAC address so that your router sees my card as your. Your network is not nearly as safe as WPA or WPA2 protected network. A brute force attack (against a good password) like benjithegreat98 described takes a lot more time to pull off compared to the minutes of packet gathering and decrypting required to crack your network.

-- Posted by nathan.evans on Thu, Jan 3, 2008, at 9:51 AM

Also a little note, WPA/WPA2 is vulnerable to being cracked. Especially if you are using PSK (Pre-Shared Key). There are tutorials on the web on how to crack it.

However, the method used to crack it is "brute force" which means if you use a good password then you will be safe. You can use up to 63 characters and using special symbols (!@$%&, etc), lower case, caps and numbers is a good idea.

-- Posted by benjithegreat98 on Thu, Jan 3, 2008, at 9:00 AM

I am not using the MAC address as my password. The MAC address is associated with individual network cards, each card has a different MAC Address. That means ONLY THAT card can access that wireless router.

By placing that Mac address into whatever router is being used, Produces a Hex Key that ecrypts the data only from that network card/adapter. So I believe you are confusing what is secure and what isn't.

-- Posted by Evil Monkey on Thu, Jan 3, 2008, at 8:54 AM

What is the typical distance that a wireless network will project? The closest access point to my network is about a quarter of a mile.

-- Posted by stevemills on Thu, Jan 3, 2008, at 7:36 AM

Even 256 bit WEP can be cracked. Takes a little while longer (104 bit WEP takes less than 2 minutes to gather enough packets) but that's it. Using your MAC address as the source of the password is also not a good idea because in the process of hacking your 256 bit key a hacker is going to enter your adapter's MAC address a couple of times. Most people will notice that the pattern being cracked is your MAC address, and will simply fill in the blanks. You are entering more characters than just your MAC address to generate a 256 bit key however. Also a 256 bit key (64 hex characters) is not easy to remember and can be a bit of a pain to enter every time you want to add a new computer to the network. Stick to WPA, it is safer.

-- Posted by nathan.evans on Wed, Jan 2, 2008, at 8:41 PM

Depending on your wireless routers brand, you can log into their administration via your web browser, most of the time it will be 192.168.1.1 or 192.168.0.1.

What I do is I use WEP, 256bit, you input the Mac address of the laptop card, or wireless pci/usb adapter into your admin panel under the wireless tab.

You will generate a encrypted key for each MAC address, you take the key and inputting it into Windows Wireless Setup thingie and Hit connect. Now you have wireless and no-one can access it.

-- Posted by Evil Monkey on Wed, Jan 2, 2008, at 7:03 PM

You have to secure the wireless router using the admin application built into the wireless router. Once you change the security settings on the wireless router, you will need to change the settings on all the computers that connect to the network via wireless. All wireless routers are different so you may try a Google search for your specific wireless router model number for instructions. You can also call Charter tech support and see if they are willing to help or call a computer person like me.

-- Posted by nathan.evans on Wed, Jan 2, 2008, at 6:40 PM

OK this is way over my head! I have 3 home computers and a laptop all wireless through Charter. Do you have step by step instructions on how to do this and do you have to do every computer?

-- Posted by Disgusted on Wed, Jan 2, 2008, at 6:19 PM

Respond to this blog

Posting a comment requires free registration. If you already have an account, enter your username and password below. Otherwise, click here to register.

Username:

Password:  (Forgot your password?)

Your comments:
Please be respectful of others and try to stay on topic.
Nathan Evans
Recent posts
Archives
Blog RSS feed [Feed icon]
Comments RSS feed [Feed icon]
Login
Hot topics
What I Love About Windows 7
(32 ~ 10:08 AM, Jun 26)

Who Has the Answer??
(30 ~ 12:14 AM, Feb 6)

The Church of Karl Marx
(74 ~ 11:17 AM, Dec 30)

99 Weeks
(44 ~ 3:23 PM, Nov 7)

Safari 5 and Reader
(7 ~ 3:50 AM, Jun 16)