Beware of wireless weaknesses

Jan 28, 2007 21:45 GMT  ·  By

Yes, I am in. I got myself a laptop and the wireless frenzy is overwhelming me. I don't need a cable anymore for my second computer gives me wings. It is a feeling of freedom. I am no more the prisoner of an UTP cable. Maybe I got more inspiration if I work in the kitchen. Who can stop me?

Until now the internet cable limited my creational domain for the living room, now it's a lot more extended (for approximate 100 m indoor and almost 300 m outdoor depending on your gear).

But just as it happens with every good thing in this life, there are hidden strings, usually bad parts that we need to deal with in order to enjoy the product. Well, in the wireless field, the security problem must be managed carefully and from the very beginning.

I have not been too well informed about this issue until I personally set up a home network that included a wireless connection. Until that moment I used the traditional methods to repel the intruders: antivirus, anti Trojans and firewalls but now, since I have a laptop connected through a wireless route, the situation has changed.

The wireless connection is now the most vulnerable part of my home network. Because no cables are involved, anyone who owns a wireless enabled computer is able to scan and later connect to my network unless I secure it. And unauthorized users connecting to such network is bad. He gets access to the entire network, he is able to steal internet eating up your bandwidth.

Think about this example: someone manages to connect to your wireless router and gets free internet. "Big deal" you would say. "I have unlimited transfer over the internet". Well, stealing internet wouldn't be the end of the world, but if that person does illegal operations over the internet using you IP?yes?it is scary. So let's take a look at what we should do in order to prevent such dramatic events.

Securing steps:

- Immediately change user name and password for the configuration console (admin) Modern routers offer a web based configuration console permitting the users to set up the network. To use it, a default user name and password are provided (in some cases blank spaces are enough). I strongly recommend you to change them as soon you initialize the router. Some people prefer not to use any username and password because of their commodity in the same way they keep their Windows account unsecured. Be smart. It takes just a moment.

- Use a different SSID Your router provides a default SSID and because each hardware manufacturer uses its own default ID, people can take advantage of the "open ports" specific to that manufacturer. Using a router on the default settings and SSID can be easily hacked. And besides that, you don't want your neighbor who owns a similar router (in case you recommended it) to connect to your network and vice versa.

- Stop broadcasting the SSID When the router is on, send the network information for the devices to connect to. It is just like the mobile phone Bluetooth. It can be discoverable or not, depending on your will. So set up the router not to broadcast the SSID. The network will be hidden and accessible just for those who know the SSID. Once you set it up not to be discoverable add the SSID in your client settings and you will be able to connect to your network although it is not shown under the "Show wireless networks" section.

- Add MAC address authorization for connection To make sure unauthorized computers connect to your network enable MAC filtering. The MAC address is a unique number for every network card (although it can be easily changed). Therefore, you can limit the access to the network for specified MAC addresses (the one used by your own trusted computers). This method is not 100% secure but it is part of the necessary security options.

- Make sure you enable encryption (WEP or WPA) Encryption of the data sent is a must. Without encryption, all the data sent over the wireless network can be intercepted, which is very dangerous for your security and privacy. Depending on your hardware data, transmission can suffer a drop due to the encryption, but the latest wireless devices do not have such problems.

- Try to avoid using the DHCP server Dynamic Host Configuration Protocol (DHCP) is a set of rules used by a communications device such as a computer, router or networking adapter to allow the device to request and obtain an IP address from a server which has a list of addresses available for assignment. This means that any computer, which connects to your network, automatically gets an IP provided by the DHCP server. This may be comfortable but unsafe. In case an attacker connects to the network, it gets a valid IP. To prevent that, disable the DHCP server and manually allocate the IPs for your computers. If anyone connects, network resources are not available because he does not have a valid IP address.

- Wireless router placement I advise you to place the wireless router in an equidistant position of your house in order to cover all the corners at the same signal strength. Moreover, by doing this, you will prevent sending the signal outside the home/apartment walls. If the signal leaves the walls it can attract attackers and you don't want that.