TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security

Keeping Your Wireless Network Secure

Computer Security

 
Reply
Thread Tools Display Modes
Unread 28-12-2008, 08:15 AM   #1
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Lightbulb Keeping Your Wireless Network Secure

Summary

Running a wireless lan is great, but there are risks. You can use a computer anywhere in the house and sometimes further. Sadly with this flexibility comes some risk. You can never secure your home network 100% but you can make it harder for people to use the network or monitor your traffic. The highest risk for home users is going to be from people living nearby with wireless networks.

More Information

When I moved into my new home 8 months ago and set up my wireless network someone nearby was running a wireless network. With two or three clicks of the mouse I was able to browse the Internet and see the persons computers. I managed to alert this person via net send and he then secured the network.

There are several steps you can take to make it harder for nearby users to break into your network. These are listed bellow.

WEP or Wired Equivalent Privacy.

WEP is a system that encodes packets going to and from your wireless card and router/access point. It is not fool proof. There are several WEP modes available on most routers/access points. The higher the WEP level the more protection you have. The type of web that your cards and router will support will be detailed in the products user guide. Be aware that WEP has now been very badly broken and anyone with software that’s free on the internet can gain access to your wireless traffic. It should be considered not as security but as making your connection resistant to a casual user that switches his or her wireless card on near your router.


The SSID or Service Set Identifier.

The SSID is like the workgroup on your home network. It is the name of the wireless network. You need to have the SSID to connect to a wireless LAN. Do not leave the SSID on its default name. There are tables commonly known as rainbow tables of all the most well known SSID’s and these can be used to help a hacker. Most cards or wireless lan scanners can still pick up the SSID so the system is by no means infallible. It will stop casual computer users from joining your network though. I recommend that you make a note of the SSID as your cards will no longer be able to detect the SSID name and you will need to input this information. You also need to be aware that switching off your SSID broadcast may create problems, for example if your neighbour gets a wireless router and scans the area he wont see your network so may well use your wireless channel causing major problems.


MAC filtering. or Media Access Control filtering.

The MAC address is a unique string of information in hexadecimal format. Every network card has a different MAC address. Its like a fingerprint for the network card and allows the network to identify the card. One way of making life difficult for unauthorised users is to enable the MAC filter on your router or access point. This will only allow listed MAC addresses access the network. It will not however stop people from sniffing the network traffic. For this you need to use WPA. The mac address can usually be found on the underside of a wireless network card. If you cant find it you can discover the address from windows. For windows 95/98/ME click on start then run. In the box type winipcfg in the box that appears click the more info button and ensure that the network card is selected from the drop down menu in the middle of the box. The hexadecimal string next to physical address is your MAC address. For 2000/XP/NT click on start then run. In the box type cmd and press enter. In the black box that appears type ipconfig /all in the lines of text that apears you will see an entry called physical address. This is your mac address. You should be aware that no matter what level of security you employ your mac address is always sent in the clear so it’s trivial to fake the mac and join the network if you don’t have decent encryption employed. Again like WEP it’s a way of deterring casual use by neighbours.


Using IPSEC To Further Protect The network.

If you have windows 2000 or XP pro then you may be able to use IPSEC. IPSEC is a encryption system that windows uses to send encoded data to other computers or a server. This method will only work if your pc is talking to another pc and not if your pc is talking to a router. Windows 9x based operating systems do not fully support IPSEC.

If you need any further information or you are stuck with a problem then please read the user guide that was dispatched with the product. If you are still stuck then read it again. If that does not help then please post and I will be happy to offer advice and help.


Using WPA (Also Known As: Wi-Fi Protected Access)

WPA is a security technology for wireless networks. WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP. WPA has two main types, WPA and WPA2. These are not encryption types they are standards set by the wifi alliance. The two encryption types used are TKIP and CCMP or AES as it’s often known. There have been some recent exploits found in TKIP if you have the option use AES and disable TKIP. It should be noted that these vulnerabilities are very limited in there actions and the worst someone can do is inject a few packets into your network and that’s only possible if you have QOS or MMS enabled so don’t loose any sleep if you have devices that have to use TKIP.

Why WPA is better than WEP?

One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or ?passphrase? as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval.

So your ideal network would be…….

Using WPA2 with AES or CCMP encryption.

Disable QOS and MMS if you do still need TKIP

Broadcasting your SSID as any freely available scanner can see it and hiding it can create problems. Make sure you change it from default to prevent rainbow table attacks.

Use a GOOD STRONG KEY. There are plenty of freely available password generators out there. As a rule of thumb if you can remember your pass phrase then its to weak. It should be at least 30 characters and be totally random. Using “let me in” is not a good idea. As far as we know now its impossible to break WPA2 AES unless you brute force it. The best policy is to use all 63 characters made up of a jumble of random numbers letters and symbols. This is unbreakable as to run through all the combination would take hundreds if not thousands of years. A weak key equals a weak network!

Change your routers default password as this will help prevent friends tinkering with your setup if they plug into you via wired or wireless connections.

If you have trouble entering the key my advice would be to make a text file on a cd or USB key and copy and paste the key into all the computers you need to.

So why bother with all this ? Whats the risks ?


Well once someone has access to your network there are a few risks.

The first is using your bandwidth for illegal or nefarious activities. Downloading sick child **** or performing stolen credit card transactions. When this activity is traced it will be to your public IP / router and not any further. IE to you as the customer and its next to impossible to trace the actual source of the traffic as the hacker will have long since gone. The net result being the police kicking down your front door at 3am

Access could be made to a computer and a Trojan or keystroke logger could be installed using a known vulnerability.

ARP spoofing can be employed, This can be used so all the traffic you send and receive can be sent through the attacker allowing he/she to see everything you are doing and by gaining access and installing a certificate on your browser they can even see SSL or secure site traffic.

Mail spam could be sent out by the hacker using your IP as the source, This will not go down well with your ISP and is one of the reasons a lot of ISP’s block port 25.




I hope you have found this guide useful and if you have any questions then please post and I will do my best to answer them.

Sponsored Links
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton
stuartbe is offline   Reply With Quote
The Following 4 Users Say Thank You to stuartbe For This Useful Post:
bakuryu (29-12-2008), maxmanrules (02-01-2010), MEtal247 (01-01-2009), Strider (28-12-2008)
Unread 28-12-2008, 04:15 PM   #2
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 5,046
Thanks: 637
Thanked 730 Times in 613 Posts
Mood: Busy
Blog Entries: 6
Rep Power: 9045 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows Server Windows 7 Windows 10 Linux


Re: Keeping Your Wireless Network Secure

Hi Stuart,

Thanks very much for the guide. I'm using the following settings in my home router. Hope it's okay?

Quote:
Network Authentication: Mixed WPA2/WPA -PSK
WPA Pre-Shared Key: *************
WPA Group Rekey Interval: 0
WPA Encryption: TKIP+AES
WEP Encryption: Enabled
Encryption Strength: 128-bit
Strider is offline   Reply With Quote
Unread 31-12-2008, 06:37 PM   #3
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Re: Keeping Your Wireless Network Secure

Nope...

Its a bit strange.

You dont want to be running wep unless you REALY have to.

Allso try changing to WPA2/AES if your hardware on the network supports it.

You allso need to make sure that you are using a good long complicated wireless key for the WPA2

If you dont need wep then disable it.
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton
stuartbe is offline   Reply With Quote
Unread 09-02-2010, 06:38 AM   #4
Elite Member (1000+)
 
maxmanrules's Avatar
 
Join Date: Nov 2009
Location: New Zealand
Posts: 1,118
Thanks: 237
Thanked 143 Times in 126 Posts
Mood: Goofy
Blog Entries: 3
Rep Power: 3116 maxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renowned

Intel ATi

Windows XP Windows Vista Linux


Smile Re: Keeping Your Wireless Network Secure

The first is using your bandwidth for illegal or nefarious activities. Downloading sick child **** or performing stolen credit card transactions. When this activity is traced it will be to your public IP / router and not any further. IE to you as the customer and its next to impossible to trace the actual source of the traffic as the hacker will have long since gone. The net result being the police kicking down your front door at 3am

well you speak like you have personal knowledge
And I just realized I accidentally erased the quote marks oooops
__________________
doctor octagonapus
O o
/ŻŻ/__o___O___o___O___o___O__
BBWWWWWAAAAAAAAAAAAAAAHH!!!
\__\ŻŻOŻŻŻoŻŻŻOŻŻŻoŻŻŻOŻŻŻoŻŻ
O o
http://www.youtube.com/watch?v=YC5dLKPAs5g
"Everything's better with pirates"
maxmanrules is offline   Reply With Quote
Unread 02-11-2011, 09:30 AM   #5
Junior Member (25+)
 
timmy.norris's Avatar
 
Join Date: Sep 2011
Posts: 47
Thanks: 0
Thanked 3 Times in 3 Posts
Mood: Bashful
Rep Power: 0 timmy.norris is an unknown quantity at this point


Windows XP


Re: Keeping Your Wireless Network Secure

Thank you for posting this thread, I definitely learned a lot.
__________________
Find a vpn service provider that will match your needs.
timmy.norris is offline   Reply With Quote
Unread 17-03-2012, 11:15 AM   #6
Junior Member (25+)
 
Join Date: Mar 2012
Age: 30
Posts: 89
Thanks: 6
Thanked 4 Times in 4 Posts
Rep Power: 0 brettbaynaard is an unknown quantity at this point


Windows 7


Re: Keeping Your Wireless Network Secure

Minimize the number of users and also limiting the DHCP address the network can assign. This will let you know that unauthorized logins.
brettbaynaard is offline   Reply With Quote
Unread 17-03-2012, 08:59 PM   #7
Elite Member (1000+)
 
maxmanrules's Avatar
 
Join Date: Nov 2009
Location: New Zealand
Posts: 1,118
Thanks: 237
Thanked 143 Times in 126 Posts
Mood: Goofy
Blog Entries: 3
Rep Power: 3116 maxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renownedmaxmanrules is extemly Renowned

Intel ATi

Windows XP Windows Vista Linux


Re: Keeping Your Wireless Network Secure

Alternatively you can MAC filter or just stop new devices from connecting to the network.
maxmanrules is offline   Reply With Quote
Unread 27-03-2012, 01:50 PM   #8
Advanced Member (250+)
 
killer64's Avatar
 
Join Date: Feb 2010
Posts: 267
Thanks: 26
Thanked 25 Times in 19 Posts
Mood: Tired
Rep Power: 119 killer64 is on a distinguished road


Windows NT / Windows 2000 Windows XP Linux


Re: Keeping Your Wireless Network Secure

lol whenever somebody messes with my wireless i ***** (sc word) with their web pages like flipping images upsidown and scrambling everything and redirecting them to some nasty stuff

i check who is connected frequently
__________________
><
this pixel contains my logo compressed as a zip
good luck!
killer64 is offline   Reply With Quote
Unread 27-03-2012, 02:20 PM   #9
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 5,046
Thanks: 637
Thanked 730 Times in 613 Posts
Mood: Busy
Blog Entries: 6
Rep Power: 9045 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows Server Windows 7 Windows 10 Linux


Re: Keeping Your Wireless Network Secure

I've completely disabled the Wireless in my Virgin Media router; the WiFi connection speed was less than half (~20 Mbps) of the Ethernet connection (~51 Mbps).
Strider is offline   Reply With Quote
Unread 22-05-2012, 11:36 PM   #10
Advanced Member (250+)
 
Join Date: Apr 2010
Posts: 367
Thanks: 32
Thanked 35 Times in 35 Posts
Rep Power: 125 rick0909 is on a distinguished road


Windows XP


Re: Keeping Your Wireless Network Secure

Sponsored Links
Quote:
Originally Posted by Strider View Post
I've completely disabled the Wireless in my Virgin Media router; the WiFi connection speed was less than half (~20 Mbps) of the Ethernet connection (~51 Mbps).

I don't know where you live Strider, but an ethernet connection speed of 51Mbps is kinda slow. My ethernet connection speed shows 100 Mbps. Actual speed tests show 20 Mbps d/l and 3.5 Mbps u/l

My WiFi N adapter using an N router shows 150 Mbps as connection speed. I don't understand how WiFi can be faster then the Ethernet, since the Ethernet provides the speed to the router. But I don't feel any performance improvement either. Speedtest doesn't show faster speeds either. So IMO, it's hype

Rick

Sponsored Links

Last edited by rick0909; 23-05-2012 at 12:02 AM.. Reason: correction
rick0909 is offline   Reply With Quote
Reply

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 11:59 AM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional