Guide to Wireless Security
A wireless internet connection can be of huge benefit to the user – allowing you to use the same connection for several PCs or laptops and therefore be able to access the internet as and when you need it.
However, as wireless connections use the airwaves they are more vulnerable to interceptions with other users taking advantage of your connection. This can have a knock-on effect as it can slow down your own download speeds and also make your wireless device more vulnerable to attacks.
That is why we have put together a wireless security guide to help you secure your wireless router.
What are the risks to wireless security?
As wireless services have expanded, the risks have become greater. Gaining unauthorised access to a wireless network is a simple process for a cracker/hacker if the correct methods to negate these risks are not taken by the PC owner. The risks include:
- Accidental association – It is possible for someone to gain access to your wireless connection by accident if they are in an overlapping network. This could expose information, such as emails, to your neighbours.
- Malicious association – This is where crackers actively attempt to connect to a network. This is particularly common in companies where it can be easier to infiltrate a laptop and access information than it is to go directly through the company access point.
- Identity theft – Also known as MAC spoofing, this is when the cracker identifies the MAC address and uses it to gain network privileges.
- Denial of service – If an attacker continually bombards an access point it could cause a legitimate user to be unable to get on to the network; it could even cause the system to crash.
- Man-in-the-middle – Hotspots are particularly vulnerable to these attacks in which a soft access point is set up by a hacker who then reads your traffic.
- Network injection – Used by an attacker to inject bogus commands that can affect your router, switches, hubs and more and ultimately bring down the entire network.
Unfortunately, the risks posed by hackers, crackers and other attackers are constantly changing and as a result it is a challenge for IT enthusiasts to keep one step ahead of those with malicious intentions.
With so many threats to your PC and laptops through the wireless system, you must take strong measures to secure your wireless network.
What you can do to secure your wireless connection
Here is a step by step guide to help you secure your router and PC during set-up:
- Change the factory passwords – When you first set up your router, you must change the administrator password from the default password that is set by the manufacturer. Try and pick something that isn’t obvious – preferably try and combine letters, number and symbols.
- Different names – Ensure that the name you use for the router is not the same as your own name or any of those on the PC. Avoid names that can be easily guessed, such as children’s names, favourite football teams, etc. Also make sure that your router name is different from your password.
- Turn off desktop connections – If you don’t use them, switch them off!
- Do not store personal information – Keep any personal information such as bank account numbers, credit card details, etc, off your PC. That way if a hacker were to access your machine, the information they can use is limited.
Now here are some steps you can take to secure your wireless router:
- Change usernames/passwords – As above, change all manufacturer settings as soon as you turn the router on and don’t make your selections obvious.
- Close all ports on your router – turn off all ping responses if possible.
- Create a wireless DMZ – DMZ stand for de-militarised zone and basically places a firewall between the local area network and the wireless network. This will provide an extra layer of protection as long as you keep it active.
- Ensure your router has a WEP key – WEP stands for wired equivalent privacy and was the original encryption standard for wireless. WEP comes in different sizes – usually ranging from 128- to 256bit - the longer the better to keep out hackers. Change the WEP key frequently and ensure it is set to ‘shared key’ rather than ‘open system’.
Unfortunately, WEP has its limitations. As WEP keys are shared among all clients, a hacker only has to compromise a single key to gain access to the key for all users. There have also been programs released, which outline how to hack into a WEP system and so while WEP is certainly better than nothing you should seek alternatives where possible.
As Wired Equivalent Privacy (WEP) has become outdated and easier to infiltrate, Wi-Fi Protected Access (WPA) has emerged as a stronger method to increase your wireless security. In this section we will examine WPA and further methods of securing your wireless connection.
What you can do to secure your wireless connection continued
To be able to use WPA it must be supported by your router, adaptors and client software (it is available on Windows XP SP2 and above, and is available as an update on SP1). In recent years, this level of encryption has been enhanced with other forms of WPA made available:
- 802.1X – A standard system for wireless and wired LANS according to the Institute of Electrical and Electronics Engineers (IEEE).
- LEAP – Standing for lightweight extensible authentication protocol, this minimises the original security flaws associated with WEP.
- PEAP – From Cisco, Microsoft and RSA Security, PEAP (protected extensible authentication protocol) allows for secure transfer of data, passwords and encryption.
- TKIP – Temporal Key Integrity Protocol helps to avoid the original problems of WEP.
- RADIUS – Remote Authentication Dial In User Service acts as a gateway to verify identities with usernames and passwords that are pre-determined by the user.
- WAPI – WLAN Authentication and Privacy Infrastructure – a security level defined by the Chinese Government.
For personal users you simply need to ensure that whichever level of WPA you have, it is enabled. As a strong tip, turn off your wireless network when it is not in use – therefore limiting the time that you can be attacked.
Here are some more tips to enhancing your wireless security:
- SSID – The SSID is the service set identifier, which basically is the name of your wireless network. If you turn off the broadcasting it makes life more difficult for hackers – as users need to know the SSID to connect. Just ensure you know it yourself – it is possible to change it and this should be encouraged as manufacturers simply provide a default SSID. Again however, as with usernames and passwords, make it difficult and don’t connect it to any personal information.
- MAC filtering – Media access control (MAC) filtering allows you to set up a list of computers that are allowed to access your network. Those not on the list, will be refused access. Of course it’s still possible for a hacker to spoof the address but it does make their job a little more difficult.
- Control the signal – Use a directional antenna to send the signal in only one direction, thus limiting the 300ft range that usually comes as standard on routers.
- Consider alternatives – Most hackers use the 802.11b/g wireless technology. If you pick an alternative such as 802.11a you are limiting the chances of being hacked, but do bear in mind that this can affect your network range.
By employing these methods you should be able to secure your wireless connection and feel confident when using your PC. There is no foolproof method to keep the hackers out, but by following these security measures you should be able to surf with peace of mind.