Wireless Networking (Wi-Fi) has made it so easy for anyone to use Internet on your computer , mobile phones, tablets and other wireless devices anywhere in the house without the clutter of cables.
With traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighboring building or sitting in a car that’s parked outside your apartment.
This practice, also known as piggybacking, is bad for three reasons:
- It will increase your monthly Internet bill especially when you have to pay per byte of data transfer.
- It will decrease your Internet access speed since you are now sharing the same internet connection with other users.
- It can create a security hazard* as others may hack your computers and access your personal files through your own wireless network.
[*] What do the bad guys use – There have been quite a few instances where innocent Internet users have been arrested for sending hate emails when in reality, their email accounts where hacked though the unsecured Wi-Fi networks that they had at home. Wireshark is a free packet sniffing tool for Linux, Mac and Windows that can scan traffic flowing though a wireless network including cookies, forms and other HTTP requests.
How to Secure Your Wireless Network
The good news is that it is not very hard to make your wireless network secure, which will both prevent others from stealing your internet and will also prevent hackers from taking control of your computers through your own wireless network.
Here a few simple things that you should to secure your wireless network:
You can also use Google to find the manuals for most routers online in case you lost the printed manual that came with your router purchase. For your reference, here are direct links to the manufacturer’s site of some popular router brands – Linksys, Cisco, Netgear, Apple AirPort, SMC, D-Link, Buffalo, TP-LINK, 3Com, Belkin.
Step 2. Create a unique password on your router
Once you have logged into your router, the first thing you should do to secure your network is to change the default password* of the router to something more secure.
This will prevent others from accessing the router and you can easily maintain the security settings that you want. You can change the password from the Administration settings on your router’s settings page. The default values are generally admin / password.
[*] What do the bad guys use – This is a public database of default usernames and passwords of wireless routers, modems, switches and other networking equipment. For instance, anyone can easily make out from the database that the factory-default settings for Linksys equipment can be accessed by using admin for both username and password fields.
Step 3. Change your Network’s SSID name
The SSID (or Wireless Network Name) of your Wireless Router is usually pre-defined as “default” or is set as the brand name of the router (e.g., linksys). Although this will not make your network inherently* more secure, changing the SSID name of your network is a good idea as it will make it more obvious for others to know which network they are connecting to.
This setting is usually under the basic wireless settings in your router’s settings page. Once this is set, you will always be sure that you are connecting to the correct Wireless network even if there are multiple wireless networks in your area. Don’t use your name, home address or other personal information in the SSID name.
Also see: Change Network Name to Prevent Wi-Fi Theft
[*] What do the bad guys use – Wi-Fi scanning tools like inSSIDer Windows) and Kismet (Mac, Linux) are free and they will allow anyone to find all the available Wireless Networks in an area even if the routers are not broadcasting their SSID name.
Step 4. Enable Network Encryption
In order to prevent other computers in the area from using your internet connection, you need to encrypt your wireless signals.
There are several encryption methods for wireless settings, including WEP, WPA (WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2). WEP is basic encryption and therefore least secure (i.e., it can be easily cracked*, but is compatible with a wide range of devices including older hardware, whereas WPA2 is the most secure but is only compatible with hardware manufactured since 2006.
To enable encryption on your Wireless network, open the wireless security settings on your router’s configuration page. This will usually let you select which security method you wish to choose; if you have older devices, choose WEP, otherwise go with WPA2. Enter a passphrase to access the network; make sure to set this to something that would be difficult for others to guess, and consider using a combination of letters, numbers, and special characters in the passphrase.
[*] What do the bad guys use – AirCrack and coWPAtty are some free tools that allow even non-hackers to crack the WEP / WPA (PSK) keys using dictionary or brute force techniques. A video on YouTubesuggests that AirCrack may be easily used to break WiFi encryption using a jail-broken iPhone or an iPod Touch.
Step 5. Filter MAC addresses
Whether you have a laptop or a Wi-Fi enabled mobile phone, all your wireless devices have a unique MAC address (this has nothing to do with an Apple Mac) just like every computer connected to the Internet has a unique IP address. For an added layer of protection, you can add the MAC addresses of all your devices to your wireless router’s settings so that only the specified devices can connect to your Wi-Fi network.
MAC addresses are hard-coded into your networking equipment, so one address will only let that one device on the network. It is, unfortunately, possible to spoof a MAC address*, but an attacker must first know one of the MAC addresses of the computers that are connected to your Wireless network before he can attempt spoofing.
To enable MAC address filtering, first make a list of all your hardware devices that you want to connect to your wireless network**. Find their MAC addresses, and then add them to the MAC address filtering in your router’s administrative settings. You can find the MAC address for your computers by opening Command Prompt and typing in “ipconfig /all”, which will show your MAC address beside the name “Physical Address”. You can find the MAC addresses of Wireless mobile phones and other portable devices under their network settings, though this will vary for each device.
[*] What do the bad guys use – Someone can change the MAC address of his or her own computer and can easily connect to your network since your network allows connection from devices that have that particular MAC address. Anyone can determine the MAC address of your device wireless using a sniffing tool like Nmap and he can then change the MAC address of his own computer using another free tool like MAC Shift.
0 comments: