Wireless Network Security

Okay, I am not computer illiterate but this topic leaves me feeling very :confused:

I have cable broadband that comes into the cable modem. My cable modem connects to my wireless router. My desktop computer is connected the the router via a network cable. My work laptop and iPhone connect wirelessly. I have a Linksys WRT546 wireless router and I’m running Windows XP Pro on both computers. My laptop is a work provided laptop.

How do I secure my wireless? I am most concerned about unauthorized computers using my wireless network to piggy-back onto my internet connection. Secondary concern is someone “hacking” my personal or work computer through the network.

I have done nothing at this point so where do I start? Use small words please. :stuck_out_tongue:

MeanJoe

What you want to do is enable encryption on the wireless network. That way, anybody who doesn’t have the key(ie password) won’t be able to communicate with your network at all.

What’s you’ll want to do is enable WPA2 encryption on your router – the manual should tell you how you can do that(it should be really easy – navigate to a special web page for configuring the router, go to the Encryption setting and enter a password). Make sure that the network is using Shared Key Authentication, not Open Access Authentication(if the router doesn’t give this option, then it will default to Shared Key when WPA2 is enabled).

Once that’s done, you should only have to give your Windows machine the password to connect to the wireless and you’ll be secure.

Reading the router user manual would be a good place to start.

I read the user manual and did the following:

  1. Changed the default network name or SSID.

  2. Changed the default admin password used for accessing the router to a 16 character alpha-numeric case-sensitive password.

  3. Upgraded the router firmware to latest version.

  4. Set up the strongest encryption that came with the router.

  5. Enabled MAC address filtering.

  6. Changed the router internal IP address sequence from the default settings.

As a poor, off campus college student, with ZERO spending money, and no internet access, I hope ignorance prevails with this topic. I really enjoy piggybacking on one of the 3 “linksys” networks that are wide open in my apartment building.

However, It is very easy to secure it, as mentioned above. Point your browser on the physically connected PC to http://xxx.xxx.xxx.xxx (number should be on the back of your router if not in the manual) and login as “admin”. Then just change the settings listed above.

I wouldn’t bother with MAC address filtering - it’s not even slightly effective against a serious hacker (actually, even a determined amateur), who will be shut out by WPA2 encryption anyway. Also, MAC address filtering makes it a pain to add new or authorised guest devices to the network.

A pain it can be for legitimate users, but I am surprised to hear you say that MAC filtering isn’t that effective. Is it easily spoofed?

Many wireless card can easily change the MAC address they use.

Write all of these settings down, and save it somewhere you can find it again in 9 months when something goes sideways.

Ask me how I know this. :smiley:

Yes, and it’s fairly trivial to sniff a few packets and deduce the correct MAC addresses to use.

Turning off SSID broadcast (another common piece of advice) won’t do much for security either, because again, it can be deduced by passively snagging a few packets.

Changing the default SSID is a good idea, because it often identifies the make and model of the router, which might suggest device-specific security holes.

Setting the router so that it can’t be administered wirelessly (only by plugging in a cable) can be a good idea, where practical - changing the default password is absolutely essential if you don’t (and probably a good idea anyway)

But most importantly, WPA encryption - that’s really the thing - way above and beyond the others - that’s going to make it most secure.

Given the choice to do a number of things, however feeble it may be to some, or doing nothing, is akin to not locking the doors to your home. A professional burglar will get in anyway, but at least locked doors will keep out most of the riff-raff.

OTOH, when people change the default SSID, they typically use something that identifies with their home or business, like “SMITH_FAMILY”, which makes hacking a bit easier. If security is the primary concern, maybe using something random like “1G9RW3B” might be more clever?

All of the above are true, but ultimately wireless (at a consumer level, anyway) is not secure. WPA-PSK can be beaten (in most deployments) with a dictionary attack, which is not tough to perform but will usually make you more annoying to break into than a data thief. It’s similar to the task of cryptography - nothing is safe, but make it “computationally infeasible.” That is, make it a whopping pain in the ass. WPA2 is about as good as you can get for now.

Coming soon to a consumer market near you - elliptic crypto for wireless! Well, “soon” is a relative term…

Sure, but MAC address filtering, when you’re also using WPA2 encryption, is like locking the internal doors connecting rooms - inconvenient to the people living inside the house, and unnecessary when you have a secure lock on the external door.

Or just some random word picked from the dictionary.

I don’t see how this helps security. It’s been a long time since I’ve looked at the 802.11 standard but I believe that when a computer first connects with the AP it sends the SSID in plaintext even for Shared Key Authentication. If I’ve recalled correct than anybody with a packet sniffer(read: anybody who’s installed Wireshark on their machine) can easily pick out the SSID so making it something random won’t help.

Choosing a totally random WPA2 key, of course, is totally different and should be done.

I’m curious about the dictionary attack angle - I can see how that would fairly quickly crack a WPA PSK consisting of a single word, but if the passphrase is something like:

moving on the floor now babe youre a bird of paradise cherry ice cream smile i suppose its very nice

How is that going to get cracked easily by a dictionary attack? - it’s not as if the router confirms that any given trial passphrase was partly correct.

You’re absolutely correct; let’s guess how many people actually use a passphrase instead of a password.

First, the platform must allow for spaces in the “password” - many don’t. Looking at my Netgear, for example, it defines “passphrase” as “a word or group of printable characters.” A word - singular, no spaces. That could be a documentation flaw, I’ll admit, but how many people will dick around to find out? Not many. The vast majority of folks out there using WPA varieties thinking they’re getting “secure” are using passwords like “puppy” or some other inanity.

Secondly, with a dictionary attack, there is no cracking “easily” - it’s an automated attack. Software don’t sweat. Sometimes it just takes longer.

RTFM? Nah, I’d rather RTSDMB. :smiley:

Okay, to everyone who posted a reply…

Thank you very much for the tips and instructions. I managed to change the SSID and router name, change the default password, and set WPA encryption.

After making the changes, all my devices connected seamlessly and I was able to “log on” to the network from each device.

This help alone was worth the SDMB membership dues. Much appreciated!

MeanJoe

If you really want to have some fun, use a WPA key like:

S0mEtH1nG vvR1tT3n 1n 133T sTy13 PsYcH0 cH1cK3n sKrYpt!!! ZOMG!11!!

High ASCII is our friend…

Dictionary hack my rosy ass… :smiley: