TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Internet & Networking

How to secure your Wireless Network

Internet & Networking

 
Reply
Thread Tools Display Modes
Unread 16-11-2007, 04:57 PM   #1
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Lightbulb How to secure your Wireless Network

Here is another one I thought may be usefull........



Summary

Running a wireless lan is great, but there are risks. You can use a computer anywhare in the house and sometimes further. Sadly ? with this flexibility comes some risk. You can never secure your wireless network 100% but you can make it harder for people to use the network or monitor your trafic. The highest risk for home users is going to be from people living nearby with wireless networks.

More Information

When I moved into my new home 8 months ago and set up my wireless network someone nearby was running a wireless network. With two or three clicks of the mouse I was able to browse the internet and see the persons computers. I managed to alert this person via netsend and he then secured the network.

There are several steps you can take to make it harder for nearby users to break into your network. These are listed bellow.
  • WEP or Wired Equivalent Privacy.
WEP is a system that encodes packets going to and from your wireless card and router/access point. It is a fairly good system but it is not fool proof. There are several WEP modes available on most routers/access points. The higher the WEP level the more protection you have. The type of web that your cards and router will support will be detailed in the products user guide. WEP should be enabled all the time and should be treated as minimum protection for your wireless network. Be aware that WEP encoding/decoding will slow down your connection. This can be a problem if you are using a slow computer as the WEP system will use a great deal of system resorces.

More information on WEP can be found here.
  • The SSID or Service Set Identifier.
The SSID is like the workgroup on your home network. It is the name of the wireless network. You need to have the SSID to connect to a wireless lan. Once you have set up your wireless network you can safely disable the router or access point from sending out the SSID. Do not leave the SSID on its default name. Some cards or wireless lan scanners can still pick up the SSID so the system is by no means infalable. It will stop casual computer users from joining your network though. I recomend that you make a note of the SSID as your cards will no longer be able to detect the SSID name and you will need to input this information.
  • MAC filtering. or Media Access Control filtering.
The MAC address is a unique string of information in hexadecimal format. Every network card has a different MAC address. Its like a fingerprint for the network card and allows the network to identify the card. One way of making life a little harder for unauthorised users is to enable the MAC filter on your router or access point. This will only allow listed MAC addresses access the network. It will not however stop people from sniffing the network trafic. For this you need to use WEP. The mac address can usualy be found on the underside of a wireless network card. If you cant find it you can discover the address from windows. For windows 95/98/ME click on start then run. In the box type winipcfg in the box that appers click the more info button and ensure that the network card is slected from the drop down menu in the middle of the box. The hexadecimal string next to physical address is your MAC address. For 2000/XP/NT click on start then run. In the box type cmd and press enter. In the black box that apears type ipconfig /all in the lines of text that apears you will see an entry called physical address. This is your mac address. NB - remember that mac adrress's can be spoofed and as is the case with SSID hiding this method is not foolproof !
  • Using IPSEC To Further Protect The network.
If you have windows 2000 or XP pro then you may be able to use IPSEC. IPSEC is a encrption system that windows uses to send encoded data to other computers or a server. This method will only work if your pc is talking to another pc and not if your pc is talking to a router. Windows 9x based operating systems do not fully support IPSEC.

If you need any further information or you are stuck with a problem then please read the user guide that was dispatched with the product. If you are still stuck then read it again. If that does not help then please post and we will be happy to offer advice and help.
  • Using WPA (Also Known As: Wi-Fi Protected Access)
WPA is a security technology for wireless networks. WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.

Why WPA is better than WEP?

One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or ?passphrase? as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them.

NB - If you want to be secure... Use WPA with a very good long and complex password. As the only way to break WPA is an offline bruteforce attack a decent password will take a silly ammount of time to crack.

Sponsored Links
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton

Last edited by stuartbe; 11-01-2008 at 04:45 PM..
stuartbe is offline   Reply With Quote
The Following 3 Users Say Thank You to stuartbe For This Useful Post:
Hatrix (17-11-2007), shawnpb (24-10-2011), Strider (18-11-2007)
Unread 17-11-2007, 06:39 AM   #2
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 5,046
Thanks: 637
Thanked 730 Times in 613 Posts
Mood: Busy
Blog Entries: 6
Rep Power: 9045 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows Server Windows 7 Windows 10 Linux


Re: How to secure your Wireless Network

Excellent Guide stuartbe. Thank you very much for sharing your knowledge with us.
Strider is offline   Reply With Quote
Unread 17-11-2007, 10:19 AM   #3
Senior Member (500+)
 
Hatrix's Avatar
 
Join Date: Jan 2007
Location: Tunisia
Posts: 934
Thanks: 50
Thanked 63 Times in 57 Posts
Rep Power: 1251 Hatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud ofHatrix has much to be proud of


Windows 98 / Windows ME Windows XP


Send a message via MSN to Hatrix Send a message via Yahoo to Hatrix
Re: How to secure your Wireless Network

tht's very good stuart, nice work keep it up now less wireless neworks to hack lol
__________________
Mawarebytes
Ccleaner
KillBox

Last edited by Hatrix; 17-02-2008 at 07:26 PM..
Hatrix is offline   Reply With Quote
Unread 01-12-2007, 11:05 AM   #4
Network Dude
 
Petrowhisky's Avatar
 
Join Date: Nov 2005
Posts: 171
Thanks: 7
Thanked 18 Times in 15 Posts
Mood: Busy
Rep Power: 275 Petrowhisky will become famous soon enoughPetrowhisky will become famous soon enough


Windows XP Windows 7 Linux


Talking How to secure your Wireless Network

For a secured wireless network we need to consider the following things only....


1) Need to enable an encryption like wpa or wep....

Do not disclose the password (Key) to anyone..

2) Can use wireless mac filtering ,,

Which will allow the permitted computers to access the wireless network
and others will be rejected...

3) We can make our ssid invisible.....


These are the basic steps which we should consider....
__________________
Article Collection
Petrowhisky is offline   Reply With Quote
Thanked Users:
pacatganazz (28-05-2009)
Unread 11-01-2008, 10:12 AM   #5
Junior Member (25+)
 
amanda223's Avatar
 
Join Date: Jan 2008
Age: 28
Posts: 37
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 amanda223 is an unknown quantity at this point
Re: How to secure your Wireless Network

for securing your wireless you will have do somethings....
such as use 128 bit encryption.........
turn on firewall.....
don't share any security features..
then you should use ip filterationn
__________________
Looking for link building? Take a look at BlognList link building .
amanda223 is offline   Reply With Quote
Unread 11-01-2008, 04:42 PM   #6
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Re: How to secure your Wireless Network

FYO

Mac address filtering and SSID hiding offer no security and can be bypassed in seconds. The mac address can be spoofed and hiding SSID offers no protection against packet sniffers.

The only one true way to protect your network and your privacy is to use WPA and a very long and complex key.

You can generate one here
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton
stuartbe is offline   Reply With Quote
Unread 16-01-2008, 09:16 AM   #7
Network Dude
 
Petrowhisky's Avatar
 
Join Date: Nov 2005
Posts: 171
Thanks: 7
Thanked 18 Times in 15 Posts
Mood: Busy
Rep Power: 275 Petrowhisky will become famous soon enoughPetrowhisky will become famous soon enough


Windows XP Windows 7 Linux


Re: How to secure your Wireless Network

Turn on firewall is nothing for wireless security...It may block the entire communication via wireless....

Wireless is not dealing with packets just frames.....


mac address spoofing is only to hide the hacker by himself... He will not get the target mac address

Last edited by Petrowhisky; 16-01-2008 at 12:01 PM.. Reason: .
Petrowhisky is offline   Reply With Quote
Thanked Users:
pacatganazz (28-05-2009)
Unread 16-01-2008, 04:44 PM   #8
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Re: How to secure your Wireless Network

Quote:
Originally Posted by Petrowhisky View Post
Turn on firewall is nothing for wireless security...It may block the entire communication via wireless....

Wireless is not dealing with packets just frames.....


mac address spoofing is only to hide the hacker by himself... He will not get the target mac address
Not sure what you mean there.

The mac address of all devices on the wireless network and the router/access point can be seen in seconds. All someone then has to do is change there computers own mac address and they can use the network.

WPA and secure key is the ONLY true way to secure the network.
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton
stuartbe is offline   Reply With Quote
Unread 17-01-2008, 04:34 AM   #9
Network Dude
 
Petrowhisky's Avatar
 
Join Date: Nov 2005
Posts: 171
Thanks: 7
Thanked 18 Times in 15 Posts
Mood: Busy
Rep Power: 275 Petrowhisky will become famous soon enoughPetrowhisky will become famous soon enough


Windows XP Windows 7 Linux


Talking Re: How to secure your Wireless Network

Quote:
Originally Posted by stuartbe View Post
Not sure what you mean there.

All someone then has to do is change there computers own mac address and they can use the network.

WPA and secure key is the ONLY true way to secure the network.
I am sorry for the improper writing....

Wireless is dealing data in terms of frames not packets, because wireless comes in data link layer.

Mac filtering can be done in two ways

1) Allow some mac addresses only to the network. Others will be rejected.
The mac table will be stored in the router itself.

2) Deny some mac addresses only. Others are allowed.

In 2nd case mac spoofing is possible but in first case no use of mac spoofing. Intruder has no way to find out the mac addresses of allowed computers. ...So mac filtering is also secure.

Ip filtering has no use,because ip can be changed at any time.

Enabling WPA is the first way to secure the wireless network. But WEP 64 bit and 128 bit encryptions can be breaked.

SSID hiding is not useful infront of vista..It will detect the network as unidentified network.

But we are waiting for new techniques in wireless hacking na

Last edited by Petrowhisky; 17-01-2008 at 04:46 AM.. Reason: :)
Petrowhisky is offline   Reply With Quote
Unread 17-01-2008, 05:24 PM   #10
Regular Member (100+)
Thread Starter
 
stuartbe's Avatar
 
Join Date: Nov 2007
Location: Luton UK
Age: 41
Posts: 172
Thanks: 6
Thanked 11 Times in 6 Posts
Mood: Sad
Rep Power: 0 stuartbe is an unknown quantity at this point


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Server Linux


Sponsored Links
Unfortunately mac address information can be very easily seen on an unencrypted network by using ethereal or any other packet sniffer. All you need to do is put the nic into promiscuas mode and sit and watch.

You will in a very short period of time have a a list of all the mac and ip address's on the entire wireless network so unless you use WPA then the network can be easily hacked.

When the network has no encryption someone running a packet sniffer can easily see ALL the trafic from anyone on the wireless network as its broadcast just like ehthernet. The intruder doesnt even need to connect to the network and can sit there silently and gather any username and password details that are not being sent by SSL or other types of point to point encryption.

Once your on the network it is easy to insert yourself into the network and act as a man in the middle by using arp poisoning. Sadly ethernet was never disighned to offer any kind of security so the only security is to keep people out by encrypting the radio transmisions.

Its allso worth noting that the wireless network is BEHIND the firewall allowing direct packet access to any active computer on the network unless all the machines are running personal firewalls.

I have demonstrated the above to clients in the past and it allways comes as a shock. The fastest I have broken WEP 128bit is 45 seconds, that network had its SSID hidden and mac filtering only alowing a few macs to connect. I was surfing the internet in under a minute on the connection and didnt even show up on the router DHCP table as I was using a static IP

As I am sure I have allready said WPA with a long complex password is the only way to go. Using TKP is fine for a home user, Where as WPA radius can be used in more secure networks to isolate trafic from other users.

Unlike WEP... WPA was desighned using proper security methods and a 60 chr ASCI key would take decades to brute force.

Hope this clarifies things for you.

For your info :-

Breaking wep

Microsofts Advice

General Advice

Daily Wireless Info

ZDNET Whitepaper

HTH

Sponsored Links
__________________
There are only 10 types of people in the world, Those who understand binary and those who dont !

BSC EE, BSC RF ENGINEERING,AMIEE,NV,CRYPO-PHD, HMRN-MIDSHIPSMAN

Dr Stuart Epton

Last edited by stuartbe; 17-01-2008 at 05:43 PM..
stuartbe is offline   Reply With Quote
Reply

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 01:19 AM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional