Jayce said:
I don't mean to jack the thread, but is there any how-to's available so you can have a more detailed walkthrough of how to secure your wireless internet?
The tricky thing here is that it is relatively easy to explain it all but when it comes to the implementation different manufacturers set up their routers differently, different routers have different features and are missing others and different manufacturers refer to some features in a slightly odd way which makes it all a tad confusing for your average user.
This is generally how i would do it. If you look at your router you will probably find similar options somewhere, but perhaps with different names:
Before you start it is often a good idea to get the network together and computers talking to each other - just so you know it did work at some point - even if it was insecure. I'm going to assume you dont have any servers (e.g DHCP, DNS etc... other than those in your router - if you do then you should know how to do this yourself)
---
1) Your router probably has a DHCP server, this is what allocates IP addresses to the computers on the network. If you are only ever going to have a maximum of 5 machines on your network then only let it allocate 5 IP addresses. If the router is at 192.168.0.1 then this would probably be the range 192.168.0.2 - 192.168.0.6. This means that if a sixth machine tries to connect it will be unable to obtain an IP address.
2) If not all of your computers are on all the time then even if you have done as in part 1 there may well be some ip addresses not in use. If you set the lease time of the IP addresses to the maximum you can then even if computer 192.168.0.3 is turned off the router wont lease out its IP address until this time expires. Even better some routers will allow you to assign an ip address to a MAC address - this way only the computer with the specified mac addresses can get an ip address.
A MAC address is a unique address assigned to network cards. They are unique and no two have the same - although it is possible to clone a mac address. Also it is worth mentioning that a mac address is specific to a network card not a computer, so if you have two network cards in a machine each will have a different mac address
3) Now it is often possible to filter computers on your network by only allowing those with certain mac addresses (belkin routers do this). This is an effective way of choosing who can and cant get on your network - but remember you have done it when you want to add another machine to the network!!
4) Change the password on your router - should be 8 characters at least, with letters, digits and special characters - and should not be a dictionary word. Also if possible change the admin username to something else. Admin and administrator are easy to guess!. The worst thing you can do is leave the defailt username and password - a quick google for you routers manual and i'm in.
5) Turn off remote administration. This allows someone to configure your router from outside your network. The only reason you might want to configure your router from outside your network is if you are running a server. in which case you should ssh into the server and then access your router from that.
6) Most routers are configured via a web interface. Often via http. This is insecure as everything (including usernames and passwords is sent via plain text). If you have the option turn on https (linksys routers will let you do this - but dont forget to enter the http
s:// before the ip address when accessing the router from now on. https means everything is encrypted. (this is only protection from people inside your network - you are still safe from people outside if you use http because any traffic when configuring your router does not reach the internte)
-> The above apply to both wired and wireless networks, but obviously a wireless network is easier for a stranger to connect to so the above are a tad more important on a wireless network.
[wireless specific stuff]
On a wireless network data is floating through the air. To listen to it you just need something that listens on that frequency- such as a wireless network card... so right now if i wanted i could listen to my neighbours traffic!...
That is kind of bad... what if they are sending sensitive data? That is where encryption comes in... Now WEP and WPA are the two most commonly used encryption methods for home wireless networks. Now if your computer encrypts data before it sends it even if someone intercepts it during transmission it is no use to them since they cannot decrypt it back to useful data. In order to decrypt it you need a key...
Most routers will ask for a passphrase. this generates a key which the sender and reciever both need to know in order to encrypt/decrypt data and communicate effectively. If they dont know the key then they cannot communicate , so it also has the advantage of password protecting your network (although that is not its main goal).
The key generated is hex, which is a number system, although rather than going from 0-9 it goes from 0-F. Generally you will be using a shared key in which case every computer needs this key entered in it to communicate.
Now as a general rule you want to use WPA if you can, if not then use WEP. WEP sends out weak keys every now and then so someone sniffing your network traffic can probably break it if they want to. use 128bit encryption rather than 64bit (it is more secure).
WPA i more secure, although off the top of my head i cant tell you why, but i believe it is something to do with changing keys.
So...
7) make sure you use the best encryption available to you.
8) turn off your SSID broadcast. this basically tells everyone that your network is there. turning it off this makes it harder (but not impossible) for people to spot your network.
I think that is about it. i know someone will point out that all of that is overkill, perhaps it is? but how much monitoring do you do of your network? would you know if someone hacked it in a couple of minutes. What i am saying is that if someone tries to break into a bank there are alarms, sounds etc... you know it is happening. With a network it is not, especially a wireless one. Think what data could be captured on your network - your computers are no longer secure behind that NAT firewall if someone is on your network. Also all it takes is one unpload of dodgy firmware and your router is dead...
...anyway i'm done, hope it is of some use to someone.