How To: Wireless Security - Overclock.net

**IEATFISH** · 09-08-08

Wireless Security Guide
The Basics of Wireless Security

I have seen lots of questions on wireless security so I thought I would make a thread with the most common options you can find these days on wireless routers to make your home network more secure. I know this will be rather elementary to some but if you implement as many of these as possible, it will be very easy to keep your network more secure.

These are some things I have done and yes, there are more so post them if you could and I will try to add it to this guide. And, as there are many types of routers, not all will have all options. Consult your manual or google for exact instructions.

First off, there is no 100% secure network, whether wireless or wired. If you have implemented every type of security feature you can think of, there is always a way around it. So we are not going to make a network intrusion-proof; we are going to make it too hard to be worth getting into. The only way to have a 100% secure network is to unplug your wireless router and turn off the computers. It is a pretty good comparison to contraceptives. No contraceptive is 100% effective but if you use a couple types, you have a much better chance of not getting yourself or another pregnant.

For example, using the Homebrew app DS Wifi Lib Test on his Nintendo DS, dskina found all these networks:

There are 771 networks found. Out of the ones on the screen all but two have the simple WEP protection (we'll talk more about that in a minute), one has no password protection, and one has the better WPA protection. If you were attempting to access any of these networks, which would you chose? Obviously the non-password protected one first, then the WEP networks, and as a last ditch, the WPA one. By implementing as many of the following security features as possible in you network, you will be less of a target for those wanting to steal your internet or information.

1) Password Protection For starters, the most effective way to protect your wireless network is to put a password on it. That will deter the majority of people from accidentally connecting to your network without knowing it. It happens all the time. Your computer connects to the neighbors network because it has a better signal. With a simple password, that will not happen without them at least knowing.

Okay, so there are a few types of encryption, but we will just mention the most popular, WEP, WPA, and WPA2. WEP was the standard but major security flaws have been exposed and it is relatively easy to crack. Older routers may only have this type of encryption so if that is try, upgrade or at least use every other method of protection possible.

That being said, if you have WPA, use it over WEP. It is much more secure. Then, if you have WPA2, it is an improved WPA. To give a comparison of the first two, a WEP key can be discovered by decrypting the data on the network. The WPA key can only be discovered by actively trying different key until the right one is found. This is called a brute-force attack. That is the difference to finding the answer to a math problem by working out the problem (WEP) or having to guess every possible answer until your teacher tells you it is right (WPA). Obviously WPA will be more secure. When you pick a password, choose a combination of letters (upper and lower case), numbers, and special characters. This will keep the guessing game very hard. If the answer to that aforementioned math question was 7, it would be easy to guess. But if it were -46.2354 it would be much harder. Use this to check your password. If you are given WPA options such as AES, TKIP, etc. AES is the best choice.

UPDATE: Recently WPA protected networks has been successfully entered faster and faster as new methods arise. Still it is the most secure as the exploits used are rendered useless with AES. The underlying rule here is always use the strongest encryption possible. As new types emerge, google WPA vs. ______ and see what the differences are.

Make your password as long as can be remembered, the longer the more secure. Check out this calculator to see how much difference it makes to vary your password with upper, lower, special characters. Here is a note from the calculator page FYI:

Quote:

IMPORTANT NOTE: Password Calculator estimates recovery time for Brute-force attack only. Brute-force attack is the worst case, sometimes other more effective recovery methods are available.

2) Network Broadcasting Also called SSID Broadcasting. Another easy thing to make your network more secure is to turn this option off. Your router is constantly sending out a signal telling everybody and their dog that it is there. When you open the list of available wireless networks in Windows, you can see whose router is sending these. It is all of them. If you turn it off, no one will see your network in these lists. Once again, it is not fool proof, but very good to deter the average person from accessing your network. When you do this, make sure when you set up the wireless connection on the computer that you check the option that says "Connect to this network even if it is not broadcasting" or the like. You just have to know the name of the network, (which you should pick so it is unique).

3) MAC Address Filtering Every network device has a MAC address, a fingerprint if you will. In your router, you can filter them, allowing access for some or denying access to others. You can find your MAC address by typing 'ipconfig /all' in a command prompt (type cmd.exe in the XP Run dialog or Vista Start menu search to open a command prompt). Finding the 12 digit number that appears like this XX:XX:XX:XX:XX:XX, usually called Physical Address, under the wireless device in the list. Then, in your router, you can allow only certain computers to access your network, effectively blocking others out. Of course, this is not unbypass-able either, as it is possible to change your MAC address. Once again, very few people would actually do this and it is one more hassle to someone trying to get into your network.

The other MAC filtering option is to block certain MAC addresses. If you don't want to use MAC filtering, but want a certain computer to NOT be able to access the router, you can specifically ban them. Obviously, they can change their MAC address but this is a good way to block someone who may know the password, etc. of your network (friend, friend of one of your children, etc.) and keep them off your network. Most routers have an option to see what devices are connected to your network. Just check the MAC addresses and if there is one you don't recognize, you can specifically ban it.

4) Other Items Other things that are important but don't need much explanation or are personal preference are as follows:

1- Turn off your router at night. The longer it is off, the less time for someone to find it.

2- Have a unique user name and password to access the router options. Otherwise you may find your router commandeered and under someone else's control. This is usually fixed by hard resetting your router with the reset button but it can be a big hassle and security issue. Some routers (and custom firmware such as DD-WRT) allow you to turn off access to the settings from wireless clients or completely.

3- Set up static IP addresses. GH0 mentions some reasons here. Mainly, it allows you to keep better track of what is passing through your router from which computer. More Information.

4- Update your firmware. Make sure you have the most up to date firmware on the router. This helps reliability, security, and graphical appeal to the interface (my old Verizon one was ugly but the new version is very pretty). You may also want to look into custom options such as DD-WRT which turn your $60 router into a $600 router.

5- Lower Signal Strength. If you live in a small apartment, you may not need your whole complex to be able to pick up your signal. With some firmware, you can lower the transmission power and shrink the radius of your router.

Having a secure wireless network will keep your personal information much safer and keep unwanted people from using your internet connection. Some routers/wireless devices (computers, game systems, etc.) will have problems with some of these methods. For example, by default the Nintendo DS does not support WPA passwords. You will need to try out different settings and see what works for you. Here you have some easy options to making your network a bit more secure. I hope this helps some of you. Once again, post anything I may be forgetting.

**stanrc** · 09-08-08

Very nice write up, I use all 3 methods listed above.

error10 · 09-08-08

If you use a WPA2 passphrase it can be from 8-64 characters. Longer is better. As long as you can remember it.

nbrider88 · 09-08-08

Thanks for the info. I'm using wireless for the first time and need to set up the security asap, thanks for the guide.

**GH0** · 09-08-08

Probably better to link to the specific post.

http://www.overclock.net/4517722-post3.html

**IEATFISH** · 09-08-08

Quote:

Originally Posted by GH0

Probably better to link to the specific post.

http://www.overclock.net/4517722-post3.html

Fixed, thanks. I didn't know you could link to a specific post.

**GH0** · 09-08-08

This also explains a couple disadvantages and advantages to Static vs DHCP IP address:
http://www.fnal.gov/docs/pc/nt_at_fe...ntguide.b.html

**IEATFISH** · 09-08-08

Quote:

Originally Posted by GH0

This also explains a couple disadvantages and advantages to Static vs DHCP IP address:
http://www.fnal.gov/docs/pc/nt_at_fe...ntguide.b.html

Added

**GH0** · 09-08-08

Quote:

1-Turn off your router at night. The longer it is off, the less time for someone to find it.

Then your internet is down. :P

Roke · 09-08-08

Nice guide but I thought that MAC address filtering and turning off broadcasting are now being considered insufficient nowadays since they can be so easily broken down and bypassed. Am I wrong?

		Overclock.net - Overclocking.net > Software, Programming and Coding > Networking & Security
How To: Wireless Security

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)