Ask Experts Questions for FREE Help !
Ask
    ITstudent2006's Avatar
    ITstudent2006 Posts: 2,243, Reputation: 329
    Networking Expert
     
    #1

    Oct 22, 2010, 05:35 PM
    Wireless Security: The Breakdown
    Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's wireless networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The questions below and more will be answered in hope that the importance of securing your home network will be understood.

    Many people question the wireless security or encryption of their home networks with questions like...

    1. What is encryption?
    2. What are the different types?
    3. Whats the best encryption?
    4. Why encrypt my home network?


    Questions like the above ones and more are answered in Wireless Security: The Breakdown.

    What is encryption?
    Simply put encryption is the activity of converting data or information into code so as not be viewed by those not intended to view it. Encyption dates back for beyond the years of any computer, thousands of years before in fact. Julius Caesar used encryption, he wrote letters to his men with instructions, locations, names, etc...

    The following is an example of some early encryption utilized by Caesar and his men.

    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    If Julius Caesar wanted to write a letter to his men he would move each letter 5 spots to the right. If his letter wanted to say "attack" it would read "FYYFHP". Now, I realize that this is not a very hard algorithm to break but none-the-less it is an example of encryption in some of it's earliest days.

    Now, pretty much all Wi-Fi equipment supports some form of encryption. Several encryption technologies exist for Wi-Fi today (which I go over below). Naturally you will want to pick the strongest form of encryption for your wireless network (the stronger the encryption, the harder to crack n' hack). However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Some devices on your network may support one kind but some other devices may not. Therefore you may need to find a "lowest common demoninator" setting or the type that is supported by all devices connecting to the network.

    What are the different types of encryption?


    There a few different types of encryption methods and some options that go with some of these. The following are the most common and are the ones I will be discussing, I will also discuss the MAC Filter option.

    1) WEP
    2) WPA 1/2
    3) MAC Filtering

    WEP (Wired Equivalent Privacy)
    WEP was an early attempt to secure wireless networks. WEP has three settings:
    Off (no security), 64-bit (weak security), 128-bit (a bit better security). The WEP concept of shared key passphrase is introduced so that you do not have to enter complicated strings for keys by hand. The passphrase you enter is converted into complicated keys. Choose passphrases with the same care you would important passwords.
    • You need to enter a passphrase to generate each key.
    • To access your network all device must use the same passphrases (i.e., the same keys).


    I won't go into the cipher stream and checksums utilized by WEP but needless to say it is now considered a "depreciated" protocol as it only takes minutes to crack a WEP key with the correct tools (ie: software). However, it is still used by many as it's usually the first option offered to the user when setting up security on their devices.

    WPA and WPA2(Wi-Fi Protected Access)
    WPA is another wireless security option created in response to several serious weaknesses researchers had found in the previous system, WEP.

    WPA addresses the shortcomings of WEP and is much far more difficult to hack. WPA came out around 2002. The geek next door may take 10 minutes to hack your WEP, but may take a day or two to hack WPA. WPA was the interim format while WPA2 is the final, more secure, version.

    You also may see the following when setting up your security.
    • TKIP
    • AES


    TKIP (Temporary Key Integrity Protocol) is used within WPA above. This solution is very hard to hack but there is a flaw in the encryption which presents a slight vulnerability. The great thing about TKIP is it is compatible with older hardware (pre 2003 wireless network cards).

    AES is not compatible with pre 2003 hardware but is almost impossible to hack if a good key/passphrase is chosen. AES has been adopted by the US government as their standard encryption. It is the used in WPA2.

    One thing to remember is that all of the above use PSK (Pre Shared Key) which just means you have chosen a passphrase or key that will be known by the router and the computer to connect each other. To give access to someone to connect to your network they must have this key (unless they hack in).

    MAC Filtering
    Each device has a unique identifier or MAC (Media Access Control) Address that can be used to identify device A from device B.

    Mac Filtering is a router function that can be set to only allow certain MAC addresses to communicate on that network. If MAC filtering is on, then a computer's MAC address will need to be manually entered on that router in order for the computer to access the network.

    Now this seems nice and I myself have used this briefly. However, with certain tools (ie: software) a "culprit" can mimic MAC Address' and connect to your network. Well you may ask, how does he know my MAC Address? Below will answer that:

    So, let's say a somewhat knowledgeable hacker is interested in accessing your WiFi hotspot - the one on which you have MAC address filtering turned on. He need only do two things:
    • Sniff the network and look at the MAC addresses which are allowed access to the network.
    • Configure his network interface to use one of those MAC addresses using certain software.


    You can however use MAC Filtering in conjunction with WEP or WPA1/2 if you're feeling vulnerable :)

    Whats the best encryption to use?
    WPA2 with AES is the best encryption option to use for your home network. It is the newest thus most kinks worked out from previous versions and previous options.

    Like I stated above all the options use PSK (pre-shared key) therefore you must create a passphrase or password, to gain access to the network. The important thing to remember is to make your passphrase difficult. You don't want it to be as simple as your address or phone number. Choose carefully.


    Why encrypt my home network?
    Encryption is not only used to prevent unauthorized connections to your network. But also to encrypt your data that you're transferring. If your network is unsecure then any "joe blow" of the street can connect and get personal information. This can also happen if your security is weak (ie: weak passphrase)

    Not only is perosnal information at risk but the more people connected to your network the slower it will run. I don't know about any of you but I pay for my internet so I can use it, not some humbum down the street.



    I hope you enjoyed reading my excerpt on Wireless Security. So what we've learned is:

    1. What encryption is.
    2. What the different types are.
    3. What are the pros and cons of each.
    4. Why you should secure your home network




    HAPPY SECURING!

    RICK

    REFERENCES
    http://wordnetweb.princeton.edu
    http://www.ehow.com
    http://windows.microsoft.com
    Microsoft Certified Desktop Support Tech Equivalancy books.
    Knowledge of OP
    cdad's Avatar
    cdad Posts: 12,700, Reputation: 1438
    Internet Research Expert
     
    #2

    Oct 22, 2010, 06:06 PM

    Id like to add something to this that wasn't mentioned. First let me say. Very nice. Thank you for taking the time.

    Next another thing that wasn't addressed is something you can do without any fancy goings on. Even after you set everything up as perscribed. Be sure to look at your modem and keep it in an obvious location where you can keep an eye on it. If for some reason someone does gat past what you have put in their way, you will know it by knowing what your modem is doing. If your computer is off then it really shouldn't be doing anything. When your online get used to how it blinks so you have a reference. If your reading an article and its blinking like crazy it might be time to change that password. Stay on top of your system and happy computing.
    ITstudent2006's Avatar
    ITstudent2006 Posts: 2,243, Reputation: 329
    Networking Expert
     
    #3

    Oct 22, 2010, 06:14 PM

    Another thing I was going to add but I forgot is that disabling SSID broadcast won't help. I mean it might against everyday users but even if an SSID isn't prodcasting any sniffing tool
    Ie: aircrack-ng can still pick it up.

    Thanks for the addition califdadof3. Feel free to add or critique.

    Rick
    cdad's Avatar
    cdad Posts: 12,700, Reputation: 1438
    Internet Research Expert
     
    #4

    Oct 22, 2010, 06:20 PM
    Quote Originally Posted by ITstudent2006 View Post
    Another thing I was going to add but I forgot is that disabling SSID broadcast won't help. I mean it might against everyday users but even if an SSID isn't prodcasting any sniffing tool
    ie: aircrack-ng can still pick it up.

    Thanks for the addition califdadof3. Feel free to add or critique.

    Rick
    It looks really good to me. You did a good job. Its just a pet peeve of mine to add the human factor. Many times people trust technology too much and that's when people get burned. If someone gets too comfotable they get a "this can't happen to me attitude". So best to play it safe.
    ITstudent2006's Avatar
    ITstudent2006 Posts: 2,243, Reputation: 329
    Networking Expert
     
    #5

    Oct 22, 2010, 06:22 PM

    I agree completely.

    Rick


    Still waiting for this to turn to a sticky. If it's approved
    cdad's Avatar
    cdad Posts: 12,700, Reputation: 1438
    Internet Research Expert
     
    #6

    Oct 22, 2010, 06:29 PM
    Quote Originally Posted by ITstudent2006 View Post
    I agree completely.

    Rick


    Still waiting for this to turn to a sticky. If it's approved
    Did you ask? It looks like one to me ;)
    Fr_Chuck's Avatar
    Fr_Chuck Posts: 81,301, Reputation: 7692
    Expert
     
    #7

    Oct 22, 2010, 06:38 PM

    Well I can make it a sticky but have a question, did you write this yourself, or is it from another article that needs the credit given first.
    ITstudent2006's Avatar
    ITstudent2006 Posts: 2,243, Reputation: 329
    Networking Expert
     
    #8

    Oct 22, 2010, 09:46 PM

    Not from any one article, just bits and pieces from my University books, articles previously written by myself and from specific websites which I did add a reference list.

    Rick
    darkvision's Avatar
    darkvision Posts: 232, Reputation: 15
    Full Member
     
    #9

    Sep 28, 2011, 08:09 AM
    Good stuff but you missed a few things that I feel need to be mentioned/added.

    Firstly: changing your default admin account name/password/IP If you don't change these things then all the greatest encryption in the world are absolutely useless.

    On that note most newer wifi access points(especially from cisco) have two very great features that should be enabled. One is that in order to log into the router you must have a physical connection(ethernet). This gives you a very big advantage in keeping your router and network secure as they now have to be inside your house connected to the router in order to even attempt to gain access to your network. Secondly on that same thread is that newer modems have the option of having a security button pushed in order for a new device to even attempt to connect to it. If these two things are available and made use of it makes your overall network security MUCH better. :) great article by the way :)

    Oh side note, I know I'm not the greatest at breaking things down for the average user. So if you wish to re-purpose this into your article no hard feelings :)

Not your question? Ask your question View similar questions

 

Question Tools Search this Question
Search this Question:

Advanced Search


Check out some similar questions!

Wireless Router Security [ 7 Answers ]

I have an unprotected dlink wireless router. Is there an easy way to set up a password that would block access by my neighbors?

Wireless security [ 3 Answers ]

I have a wireless internet connection and would like to know how can I tell if it is secure. I am bothered about outsiders getting access to my details e.g. bank stuff etc. Thanks in advance to anybody who can help.

Wireless Security [ 2 Answers ]

I have recently installed a Linksys WRT54GX2 router. Connected to two (2) PCs running Windows XP SP2 and one (1) running Windows 2000. I have set up MAC filtering but nothing in addition. I have read where Windows 2000 is not compatible with WPA. Do I just set-up with WEP and MAC filtering...

Wireless network security [ 4 Answers ]

I have just gotten a router and set up a wireless net environment in my home. As I live in an apartment, I think it can be easily picked up by anyone. Therefore, I was wondering if there was any way or program I could use to make it secure. Also, I rather not use the WEP provided because it...


View more questions Search