SMJ Solutions

Wireless Security

March 26th, 2004

Wireless networks are all the rage these days. Improvements in wireless technology and falling prices are making wireless networks the new cell phone — everybody is getting one.

Most of the improvements in wireless technology have been in the user-friendly category. In fact, many of these improvements that now let four-year olds set up a wireless network have made this networking medium dangerously insecure.

Don’t be tempted to use the “works right out of the box” functionality of wireless routers and access points. The factory defaults for these items are well-known and exploited. Let me give you a quick example:

Jeff purchases his LINKSYS 11Mbps Wireless Access Point Router, takes it out the box, plugs in his cable modem to the WAN port, plugs in the power supply and turns it on. Jeff grabs his laptop, which has built-in wireless equipment, boots up and sees his new wireless network in a pop-up bubble off his Windows XP taskbar. He opens Internet Explorer and begins to surf the ‘net wirelessly. Cool, right?

Well, later that night after Jeff surfed from every room in his house (just because he could), a fourteen-year-old kid who stumbled upon wardriving.com and made her own antenna out of a Pringles can decides to begin her career as a hacker. She points her antenna out her window and goes to her computer to see what wireless networks show up on netstumbler, this cool new program she just downloaded.

After scanning, netstumbler shows 3 networks in her neighborhood alone. These networks are named: linksys, jonesfam, and cantHackMe. She smiles because she now can have some fun. After reading for 30 minutes on the web, she knows the linksys network is now her network. The jonesfam network may not be that interesting (unless she has a crush on one of the Jones boys), and the cantHackMe network may just be too much effort for a beginner. However, she has learned that a network with the default name of linksys means it is wide open — in fact, if she were malicious she could teach a lesson by logging into the wireless router with the default password of ‘admin’ and lock the rightful owner out of their own network. But that would be mean. So she connects to the linksys network and downloads pirated movies all night, knowing that even if the RIAA is watching, they will be knocking on someone else’s door.

Given the above example, the average computer user should do follow these steps when setting up a wireless network. The first three are mandatory, four and five are highly recommended to lock down your wireless network.

Step 1: Change the name of your wireless network

The name of your wireless network is called the SSID. Most wireless routers and other equipment come with easy-to-use web interfaces. Simply log on to your equipment as shown in the user manual (yes, even read it!), and change the SSID. Try not to enter any personal information that may invite trouble (for example: the jonesfam network may be a hot target for young teenage girls).

Step 2: Disable SSID broadcasts

Once you’ve change your SSID, your wireless equipment may be shouting that name to any wireless equipment that can hear. Turn off the broadcast makes it even harder for hackers to discover your SSID. The SSID is comparable to a username, sure that hackers still need the password, but if have to figure out the username and password, their job is much more difficult.

Step 3: Change the default administrator password

The default passwords for wireless equipment are widely known and readily available. You don’t want hackers locking you out of your own network. Use a good password, change it, and change it often.

Step 4: Enable WEP

WEP stands for Wired Equivalent Privacy, and is basically a method of encrypting the data going back and forth wirelessly so that only the intended recipient can read the data. WEP is not perfect, but it should keep out everyone but the super hacker who would need several days worth of encrypted data to break it. For small home networks, this isn’t realistic, so WEP should be fine.

Step 5: Choose your friends

All networking equipment comes with a MAC address — a number that identifies each unique piece of networking equipment. You can enter in the MAC addresses of the cards you own and that are authorized to use your wireless network. All other MAC addresses will be ignored. Again, this isn’t perfect, but it’s more than enough to dissuade the casual hacker.

So, no need to fear your neighborhood eighth-graders or other hackers. Follow the steps to make your wireless network a very unattractive alternative for would-be hackers. You will never have a totally secure network, wireless or wired, but the idea is to make it a lot harder to break into than the next guy down the street. Let him get the visit from the RIAA.

Entry Filed under: Networking,Security