Saturday, April 19, 2008

SECURING YOUR WIRELESS NETWORK

Securing your Wireless Network

For a long time now, wireless internet has become a much more popular way of surfing the internet or general networks for that matter. They have, essentially, allowed people to leave their homes with their laptop, palm pilot, tablet PC, or whatever it may be, and they are able to surf they are able to have the same possibilities they could have as if they were in their office or at home. In the beginning, wireless networking seemed like a pretty simple and basic idea,. Though, yes, it is a simple concept and is very convenient...it may be fairly convenient to someone who feels like “stealing" your signal. Or better yet, someone stealing your passwords because you figured, "O, I won't need 128-bit encryption, nobody will try to jack this shizzle." Well, my pitiful mistaken friend, the truth is that if you're computer is connected to a network of other computers...you are ultimately vulnerable to a number of dangerous things. Whether it be viruses, trojans, 'hackers', 'crackers', squirrels, or just nosy neighbors, you are VULNERABLE! Now you may be thinking, "Is there anything I can do to help protect myself on my wireless network?" As a matter-a-fact, yes, yes there is. There are several different methods of protecting yourself while you use a wireless LAN (Local Area Network). One of the most powerful being encryption. Whether it be WEP (Wired Equivalent Privacy), using 128-bit encryption, or even changing your SSID (Service Set Identifier). Any form of protection, is essentially keeping you one step closer from having your wireless signal stolen.

Changing your SSID

A Service Set Identifier (SSID) is a security measure that would allow someone to communicate with the 'base station'. It basically allows only someone with the same SSID to communicate with the station. Now figuring out this SSID is easy if it is left on default. All an attacker really has to do is just bruteforce the signal to figure out the password. Because most people will choose a password that is easy to remember, it doesn't always take an attacker too much time to gain access. And because of the fact that data packets are only encrypted, the SSID is broadcasted over in clear text. So basically, changing your SSID is a good idea though your new password should be much harder to guess than something like your name. Be sure to utilize the different characters on your keyboard.

WEP

Wired Equivalent Privacy, this is a widely used system that can be configured between none, 64-bit, and 128-bit. Though this may seem good, WEP has a huge security flaw. The fact that some with some patience can easily crack the WEP key with something like Airsnort is kind of discouraging. All one would have to do is collect millions of packets and eventually the WEP key can be cracked. You see, WEP uses what is called the RC4 algorithm to turn the information into infinite lengths of numbers. (RC4 is a.k.a. a stream cipher). Basically the sender and the receiver have the same key and when the receiver gets the encrypted packets the key is used to decipher it. All a passerby has to do is collect enough initialization vectors which are sent as 24-bit fields in the encrypted package and wait until a collision occurs between two IVs. Once someone get's enough IVs to figure out the plaintext, bam they can decipher the WEP key. To fix some of these flaws you can use WPA (WiFi Protected Access). Even this encryption method fixes the flaws in WEP, it is still semi-susceptible to DoS attacks. Though WEP isn't entirely secure, it is better than nothing and it is easy to activate on your wireless router. Just look in your corresponding manual.

Disable SSID Broadcasting

Most wireless routers will broadcast your SSID so someone 'authorized' to that service can access it via hotspot, etc.. Mainly you will find SSID broadcasts from larger businesses and not very likely to find it in homes. This is because of the fact that the SSID is not encrypted at all. So if someone really wanted to, it wouldn't be hard for them to intercept this message and get them one step closer to getting into your wireless network! So all-in-all, this feature is unnecessary to use in normal home use. This feature, although increasing your security, still allows your SSID to get by. This step is easy and is a good thing to disable on your router.

MAC Address Filtering

A network that does not have MAC address filtering turned on will allow anyone who knows the SSID to logon to the network. However, if one was to turn this filter on then when someone tries to get authenticated on the network they must first have their MAC address compared to the ones on the administrator's list. His/her list would consist of every MAC address of every client on the network. This feature is a convenient and easy way to increase your WLAN security risks. Though it is possible for an attacker to spoof a MAC address and gain access that way, MAC address filtering is a good feature to having running on any wireless network big or small.

Well...this essentially concludes this version of "Securing your Wireless Network" and this paper, by no means, completely secures your WLAN from attackers. Like I said in the beginning of the article, you are ultimately ALWAYS vulnerable. No matter how secure you think you are, you can always take one more step to making yourself even more secure. One must continue to stay up-to-date and secure on their WLAN and make all the proper updates and what have you in order to keep it even somewhat secure. Remember, you're never secure as you think you are.

www.iss.net
www.about.com
www.google.com!!!!
www.keyitsolutions.com

No comments:

Post a Comment