Sometimes when I'm in my car with my laptop, I have a look at the local wifi networks, and at least a few are always WEP encryption; indeed, there's usually one completely unencrypted. The fact that people would go to the bother of buying and installing a wireless router, and not bother to encrypt the signal, is amazing in my opinion. So this post is all about how to increase the security of your wifi.
The very first thing to do is to make the encryption type WPA or WPA2. "Wi-Fi Protected Access" is a good encryption technique that makes your wireless network far far harder to breach than WEP. WEP can be extremely quickly compromised by a linux laptop using "aircrack-ng", - all the software has to do is "sniff" the packets of data flying around in the air, and it can quickly work out how they are encrypted with WEP. WEP has been made officially depreciated for years now.
As a general rule, Linux computers are better for using to crack someone's WEP encryption (or MAC filtering), because the drivers for the wireless cards on them are open-source. Windows wireless drivers don't allow the same piece of hardware to perform the operations required to crack a wifi network.
To enable WPA on your wifi, log into your router's admin panel - from here you can change to WPA or WPA2 if it's supported. Also test that all your mobile devices still work after reconnecting to your now-WPA-encrypted wifi - very old laptops might have problems.
MAC address filtering is not worth bothering with. Plenty of tools freely available online such as Nmap or Macshift can help you with pretending your MAC address is on the router's allow list. There's no point in removing the MAC filtering if you've already implemented it, but if they can break WPA encryption, MAC filtering is only going to slow them down for a few moments.
Another effective technique is to stop your router from broadcasting it's "name" (aka SSID). This prevents people from connecting to your wifi unless they already know it's name - when they scan for wireless networks in the area, yours should not appear on their list. While there is no-doubt ways of detecting hidden wifi networks, this technique will at least allow other people's wifi in the area to present more of a target than yours. This option is probably disabled by default (although I know that the Netgear routers offered by the Post Office do use this by default), and can be activated in your router's admin panel. After making this change, test that your devices can still connect to the network. I don't recommend changing to WPA and hidden network name at the same time, as this will make it hard to diagnose any conflicts if they occur.
Wireless Security
Thursday, 18 February 2010
Posted by
Live-D
Posted by
Live-D
Subscribe to:
Post Comments (Atom)
About Me
- Live-D
- I currently study for a Computer Science degree, and in my limited spare time I like to find out information about computing, hardware, the web, etc. I am also an admin for the popular Counter-Strike Source community "UK:Nemesis", which can be found at http://www.uknemesis-server.net/
Subscribe!
Posts
Comments
2 comments:
Less people have a unencrypted network these days with manufacturers using WPA as default but the problem still exists, bloody useful sometimes if you neighbor doesn't use encryption though.
Indeed, my girlfriend has a post-office wireless router that by default used WPA and did not broadcast it's SSID - it's pleasing to see the manufacturers bothering to improve things. I have a friend who had an unencrypted wifi, and when I was fixing his laptop for him I had a quick view of the network - he had nine spongers!
Post a Comment