WiFi Protection

[uzi9mm]

After performing a little expirement with my friends ( some know something about computers and networking, others dont ) I found out the best ways to secure your network.


What you can do......

I highly suggest leaving the SSID enabled, and on its default name, dont change it to anything else because it just attracts attention to wardrivers. Also dont disable it, If you disable it, it is something even more interested to be attacked when attackers find it. Because when you do find something like that, they are thinking that you know a thing or two about networking, and they want to make sure that they prove you wrong in your quest to secure your WiFi network.

Enable MAC filtering. MAC filtering can be bypassed but hey, it is one more barrier that attackers have to get thru.

Change the password on the router. Don't leave it as the default.

Well you can either WEP it, or not. It is up to you to WEP it, but WEP also attacts attention too.

But just remember that if you have a wireless network, IT IS NOT SECURE!!!! No protection will help you.

You can WEP it, MAC filter it, password protect this, firewall that... It is still not secure. So if you are specifically targeted, an attacker with some know-how can get in, and get access to your personal data. So it really comes down to being the less attractive target in this game.

The less attractive your network is, the less of a chance your network will be attacked.

 

[Osiris]

I wouldnt agree with this at all. Broadcasting your SSID is like telling everyone your a murderer when you can have it disabled and keeping your mouth shut. You dont want to attract attention to yourself, keep a low profile. Also, if you live in a residential neighborhood, you should always enable WEP or WAP. The more obsticles someone has to go through, the less determined most get. You could make a dummy wireless connection that wouldnt get them anywhere just to throw them off track. You should also change your key once a month or so, thats like keeping the same password to your email account for years and years.

 

[uzi9mm]

Well, I had 4 people look at my long list of AP's....... And I told them they had to pick ones that look like they would be fun/valuable to to target...........

And it seems that the only way you are not going ot be targeted is if you keep a low profile........ You might say having a SSID disabled gives you a low profile.... Well yes it does, but when somebody does find it, they will want to get in knowing that you might have something to hide. Think about it.

 

[Osiris]

1) Change the Default Settings - The router and wireless access point will come from the factory with a default user name and password. This enables for some fast plug and play but if you use the default settings, chances are anyone could use those names and passwords as well. Your password is your primary defense on all your systems and your wireless appliances are no different.

2) Enable the Encryption – Your wireless device should allow you to encrypt your data and offer some encryption options. WEP has received some bad press, but most devices come with the option for 128-bit WEP and some encryption is always better than none. Using encryption ensures that the data sent on your network is not plain text and cannot be read as easily. Try to use the highest strength encryption that ALL of your devices can support.

3) Secure the SSID – The Service Set Identifier or SSID is what uniquely identifies your network. You want to create a SSID that is strong and difficult to guess. Use numbers and special characters to increase this difficulty. Also, you want to disable the SSID broadcast. This ensures that you must know the SSID and cannot randomly find it. As mentioned in the beginning, the wireless networks you see when your card looks for any available networks are broadcasted. By hiding your SSID you have hidden that network from the public’s view.

4) Position the Devices Properly – To minimize the amount of wireless leakage outside of your home, try installing the devices in a central, interior area and not on the perimeter or near any window to limit the area that the wireless signal reaches.

5) Assign Static IPs – Most network devices are set to allow automatic IP assignment or DHCP. This simplifies the effort to set up, but a possible attacker can easily steal an IP from the DHCP pool and access your network. Create private static IPs and configure your devices to only allow those addresses access.
----------------------------------------------------------------------------------

 

[uzi9mm]

1) Change the Default Settings - The router and wireless access point will come from the factory with a default user name and password. This enables for some fast plug and play but if you use the default settings, chances are anyone could use those names and passwords as well. Your password is your primary defense on all your systems and your wireless appliances are no different.

2) Enable the Encryption – Your wireless device should allow you to encrypt your data and offer some encryption options. WEP has received some bad press, but most devices come with the option for 128-bit WEP and some encryption is always better than none. Using encryption ensures that the data sent on your network is not plain text and cannot be read as easily. Try to use the highest strength encryption that ALL of your devices can support.

3) Secure the SSID – The Service Set Identifier or SSID is what uniquely identifies your network. You want to create a SSID that is strong and difficult to guess. Use numbers and special characters to increase this difficulty. Also, you want to disable the SSID broadcast. This ensures that you must know the SSID and cannot randomly find it. As mentioned in the beginning, the wireless networks you see when your card looks for any available networks are broadcasted. By hiding your SSID you have hidden that network from the public’s view.

4) Position the Devices Properly – To minimize the amount of wireless leakage outside of your home, try installing the devices in a central, interior area and not on the perimeter or near any window to limit the area that the wireless signal reaches.

5) Assign Static IPs – Most network devices are set to allow automatic IP assignment or DHCP. This simplifies the effort to set up, but a possible attacker can easily steal an IP from the DHCP pool and access your network. Create private static IPs and configure your devices to only allow those addresses access.
----------------------------------------------------------------------------------

Ok...

I agree with number 2. But there is really no point on changing it once a month, unless you were going to change it like every 2 hours...........

I disagree with number 3. You can find disabled SSID WAP's with certain tools. Very Very Easy. So why disable SSID in the first place? When a WAP has all of that protection on it, it just redflags it for a more detailed look into that particular one.

I agree with number 4 in a way.. It really wont matter where you have your devices.... A semi decent omni directional antenna will cut right thru the house, let alone a directional one.

 

[Osiris]

Well then why lock it down at all if it can be hacked? I posted how to crack wep.

 

[uzi9mm]

Well you can still lock it down without being "locked down"

You just want to keep a low profile. Because no matter what protection you have, it can be broken into.

 

[raross]

After performing a little expirement with my friends ( some know something about computers and networking, others dont ) I found out the best ways to secure your network.


What you can do......

I highly suggest leaving the SSID enabled, and on its default name, dont change it to anything else because it just attracts attention to wardrivers. Also dont disable it, If you disable it, it is something even more interested to be attacked when attackers find it. Because when you do find something like that, they are thinking that you know a thing or two about networking, and they want to make sure that they prove you wrong in your quest to secure your WiFi network.

Enable MAC filtering. MAC filtering can be bypassed but hey, it is one more barrier that attackers have to get thru.

Change the password on the router. Don't leave it as the default.

Well you can either WEP it, or not. It is up to you to WEP it, but WEP also attacts attention too.

But just remember that if you have a wireless network, IT IS NOT SECURE!!!! No protection will help you.

You can WEP it, MAC filter it, password protect this, firewall that... It is still not secure. So if you are specifically targeted, an attacker with some know-how can get in, and get access to your personal data. So it really comes down to being the less attractive target in this game.

The less attractive your network is, the less of a chance your network will be attacked.

Wireless Internet is secure, just not the wireless node. Meaning you can use wireless internet and someone could be outside probing you, and they could not do anything. The security is a breach that doesnt go beyond wireless.

BTW: An encryption is good enough for 99% of the time. I dont think anyone has the TIME to break a 128bit, 256bit etc encryption before you would notice it. Specially on a laptop.

 

[uzi9mm]

Let me give you some info......

WEP can be cracked in under 1 hour on a laptop, maybe a little more or less depending on the WiFi network's bandwidth being used.....

MAC filtering really wont help you either....... Encoded pieces of your MAC are in those packets.

After the WEP is cracked, you decrypt the packets and look at the raw data. This raw data could contain anything....

So technically, it is a breach...... And you can get into other peoples computers by cracking their password hash, and logging into their computer remotely.

 

[raross]

Let me give you some info......

WEP can be cracked in under 1 hour on a laptop, maybe a little more or less depending on the WiFi network's bandwidth being used.....

MAC filtering really wont help you either....... Encoded pieces of your MAC are in those packets.

After the WEP is cracked, you decrypt the packets and look at the raw data. This raw data could contain anything....

So technically, it is a breach...... And you can get into other peoples computers by cracking their password hash, and logging into their computer remotely.

lol, you have no clue what you're talking about. But thats ok. There are some WEP exploits, but they are still very time consuming, and breaking a 128bit encryption or higher is basically unthinkable on a PC. If you get into the network, yes you could get packets that are sent from other PC's connected to the wireless internet. Big deal?