Wireless security settings

[Kenyth]

Many of us use wireless for our home connections and some at our jobs, so I thought this would be of interest. There was recently an announcement that WPA encryption had been cracked. Later, it was more specifically narrowed to WPA using the pre-shared key method or WPA-PSK. This is the primary wireless encryption security method available without some type of authentication server or digital certificate method, and is used in most homes and small businesses. The good news is that the "crack" is not as bad as it seems. The crack is aimed at the pre-shared key portion of the authenticating transmission. The PSK is what get's you started in the WPA link, though the actual encryption keys keep changing. It's kind of like a password. The crack is simply a brute force dictionary attack on the PSK, which is user generated. If you use a regular word, or combination of words as your PSK, it will almost certainly be vulnerable. The answer is, like any other password, to make it as long, complex, and random as possible. The maximum length is 32 characters, and 12 ASCII characters using letters, numbers, upper case, and punctuation should be used at a minimum. The computing power and time needed to crack a truly random 32 character ASCII PSK key is phenomenal. So there's no need for the average home user, or even average business to be terribly concerned as long as they use a sufficiently complex PSK along with standard security measures on the PC's, like a properly configured firewall, an NTFS filesystem, limited administrative access, changing or disabling the default "administrator" account, individual accounts with changing passwords, etc.

[LungJian]

Most wireless routers offer MAC address filtering. This is the only security method I've used and it's near impossible to defeat.

Every network connection device, whether it's a USB Wireless connection, built-in wireless, or built-in hardwired LAN port, has a MAC Address. This is a unique code that identifies that specific piece of hardware. If you buy 2 of the same device, each will have a different MAC address.

Just log in to your wireless router (be sure to change the SSID name and most importantly - CHANGE THE PASSWORD), and enable MAC Address filtering. Enter the MAC Address of each device and assign each a name. (The name does not have to match the name you originally assigned the computer.) Be sure to apply or save changes and reboot your router.

To get the MAC address for your network device:

1. In Windows, click "Start", then "Run".
2. Type in cmd , and hit Enter
A black window (DOS box or command prompt) will appear.
3. Type in ipconfig /all (note: there is a space before the slash, but not after)
4. Scroll through the info that appears. You will have one or more entries titled "Ethernet adapter Local Area Connection". There might be a number at the end.
Three lines down will be the "Physical Address". That is the MAC Address. Typically, when you enter it in your router's filter tool, you won't type the dashes or colons.

I even have my router's SSID (name) set to broadcast for maximum compatibility. It's never been hacked, even though I suspect the kids in both houses next door have tried.

[drew_goring]

lol. I remember being bored one night and just driving around town seeing who's wireless network I could access. I think out of the 20 or so connections I had one of the people changed their admin password from the default.

[Kenyth]

lol. I remember being bored one night and just driving around town seeing who's wireless network I could access. I think out of the 20 or so connections I had one of the people changed their admin password from the default.

Most folks have no clue, and don't care to get one either. No amount of talking is going to change things. A year or two back, our auditors were able to crack most of our passwords from the encrpted files with a simple dictionary attack. After all the talk about password security and complexity being important, most people still used simple words and names. They also liked to use the same password for everything, including their online shopping! Talk about begging to be hacked! We had to force password resets and force password complexity on the applications that supported it. Boy did folks ever get annoyed! You could hear the crying for miles!

Linksys has a new function now called SES (Secure Easy Setup). When setting up the router with the CD, it automatically sets up WPA for you if you'd like. This will only allow that one PC access, but for the end users completely ignorant of wireless security technology, it will at least allow them to have a secure network.

[tampacigargirl]

Most folks have no clue, and don't care to get one either. No amount of talking is going to change things. A year or two back, our auditors were able to crack most of our passwords from the encrpted files with a simple dictionary attack. After all the talk about password security and complexity being important, most people still used simple words and names. They also liked to use the same password for everything, including their online shopping! Talk about begging to be hacked! We had to force password resets and force password complexity on the applications that supported it. Boy did folks ever get annoyed! You could hear the crying for miles!

Linksys has a new function now called SES (Secure Easy Setup). When setting up the router with the CD, it automatically sets up WPA for you if you'd like. This will only allow that one PC access, but for the end users completely ignorant of wireless security technology, it will at least allow them to have a secure network.

My neighbor doesn't have his secured and hasn't even changed the default password on his router. I've had to manually block him to keep my laptop from connecting to his network. I usually don't use my wireless unless I'm not going to be working at my desk. I'm not paranoid, just not that lazy. I have to plug everything else in, what's one more cable. :)

[Kenyth]

Most wireless routers offer MAC address filtering. This is the only security method I've used and it's near impossible to defeat.

Every network connection device, whether it's a USB Wireless connection, built-in wireless, or built-in hardwired LAN port, has a MAC Address. This is a unique code that identifies that specific piece of hardware. If you buy 2 of the same device, each will have a different MAC address.

Just log in to your wireless router (be sure to change the SSID name and most importantly - CHANGE THE PASSWORD), and enable MAC Address filtering. Enter the MAC Address of each device and assign each a name. (The name does not have to match the name you originally assigned the computer.) Be sure to apply or save changes and reboot your router.

To get the MAC address for your network device:

1. In Windows, click "Start", then "Run".
2. Type in cmd , and hit Enter
A black window (DOS box or command prompt) will appear.
3. Type in ipconfig /all (note: there is a space before the slash, but not after)
4. Scroll through the info that appears. You will have one or more entries titled "Ethernet adapter Local Area Connection". There might be a number at the end.
Three lines down will be the "Physical Address". That is the MAC Address. Typically, when you enter it in your router's filter tool, you won't type the dashes or colons.

I even have my router's SSID (name) set to broadcast for maximum compatibility. It's never been hacked, even though I suspect the kids in both houses next door have tried.

I hate to break it to you, but MAC address and IP cloning are not difficult. As a matter of fact, most home network equipment now has the capability built in. A linksys wireless router or access point can be set as a wireless bridge or client and it has an option for you to enter the MAC address you wish to use. This is primarily meant to be used in a constructive way.

Packet sniffing is the problem. A packet sniffer will capture every bit of information in a packet and show it to the user. Unencrypted radio transmissions broadcast all your information for anyone with a reciever to hear. Now mind you, it is another lock on the door that someone has to break through, but it's no effective secuirity system.

[tampacigargirl]

True, it's easy enough to clone MAC's. Due to the fact you can't have 2 of the same MAC's addresses on a network, windows has 2 different ways to go in and manually change you MAC. I rely more on securing my computers. Keeping personal information secure and encrypted when possible. Getting past the router should be just the first defense. You should always make sure your PC or MAC is protected.

[Kenyth]

True, it's easy enough to clone MAC's. Due to the fact you can't have 2 of the same MAC's addresses on a network, windows has 2 different ways to go in and manually change you MAC. I rely more on securing my computers. Keeping personal information secure and encrypted when possible. Getting past the router should be just the first defense. You should always make sure your PC or MAC is protected.

Layered security! That's the ticket! Currently, we have wireless access at our branches. After breaching the rotating encryption, hackers will find themselves with absolute unresticted access to our............ inernet connection.

Yes, after all that trouble, they will still be on the public side, completely out of our private network!

[LungJian]

Does anyone really care to packet-sniff your porno downloads or emails to your mother? My main concerns are neighbors jumping on my wireless for free (intentionally or not) and sucking up my bandwidth. If I see duplicate entries for one MAC address, I'll tighten up security. Sounds like I'm already ahead of the game with MAC filtering. AND... I never use the default password!