Protect your Wireless Lan

Posted by Martin in Security, The Web  Tags: , , , , , , ,

7

Feb



More and more users use wireless connections to connect to the Internet, many do receive a wireless lan router by default from their internet provider and forget to protect the router and the connection properly. Insecure Wireless routers are a main target not only of hackers but also of neighbours in the vicinity who like to waste your bandwidth instead of their own.

While it does not seem to be that bad that someone else would use your wireless internet connection for surfing the web it becomes a very important matter if this is abused. Someone could download warez, pornography, commit fraud, send thousands of emails or share software in p2p networks. You will be held responsible for abuse that is done with your connection.

You need to know the basic information about your wireless router before you can begin to protect it.

  • Who is the manufacturer
  • What is the name of the wireless router

Visit the manufacturers website and search for updates for your router. Updates are normally in the form of firmware updates which update the internal functions to a new version which could result in additional features and security. Please consult the website for instructions on how to update the firmware of your router.

Make sure you update it using a wired connection because wireless connection tend to become unstable in the wrong moments. (Murphy’s law)

It is now time to protect the router further. Connect to the interface which is normally done by opening the IP of the router. (default 192.168.1.1 most of the time) Enter username and password and change them when your are logged in. Many routers get hacked because the user did not change the default login data that ships with the routers. Everyone can look them up and it is really easy to access the router even though everything else might have been optimized for security.

Now it is time to configure the security settings of the w-lan router. Add a service set identifier (SSID), it does not really matter how you name it, just remember the name. Make sure you disable the SSID broadcasting afterwards, this ensure that your wireless router does not show the SSID and it is a little bit more difficulty to find it out.

I know that this is a weak security tip but it could mean that this in addition with other security measures poses a problem for so called script kiddies.

Enable the strongest encryption method available, this is normally WPA2 with AES. If you have an older router or a device that does not support WPA2 you should think of buying a new router or updating the devices. Make sure you use a large string with numbers and letters. A good value would be between 20 and 30 chars for the key, make sure you remember it because you need to supply the key to the other devices that have to connect to the router.

Enable Mac filtering, look up your mac address by using the command line in Windows XP and typing ipconfig /all. The physical address is your mac address. This ensures that only computers with a Mac address that is listed in the router can connect to it. Please note that the Mac address can be faked.

If you do not need the full transmitter power because your router and computer are physically close to each other you could reduce the transmitter power to reduce the chance that someone from outside your walls will be able to find the router and connect to it. Please be aware that a good antenna on the device that wants to connect to your router is able to counter this strategy.

Here is a list of other ideas that are worth investigating.

  • Disable all services that you do not need.
  • It is a very good idea to power off the router when you do not need it to prevent anyone from connecting to it while you are away. Alternatively turn off the wireless function of the router.
  • If you have the means monitor the traffic of your wireless connection to find out if someone else uses it as well.
  • Enable the firewall of the router and configure it properly
  • If the router has a logging feature enable it and analyze it regularly.
  • Limit the maximum number of DHCP addresses if you use that feature.
  • Use Authentication if possible.

Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

9 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Iain Cheyne says:

This advice is a bit OTT.

WPA1 with TKIP encryption is enough and has never been cracked. TKIP is more compatible than AES. WPA passwords have been cracked, which is why you should choose a long one.

MAC filtering and SSID hiding give no real protection and are inconvenient for everyone.

Iain Cheyne says:

You can get an excellent overview of Wireless security at the Security Now podcast.

http://www.grc.com/SecurityNow.htm
Episodes 10, 11 and 13

Martin says:

Iain I don’t think that MAC filtering and SSID hiding are inconvenient. It just takes a minute or two to setup both. Sure they do not help against attackers who know what they are doing but they could fend off the script kiddie

Iain Cheyne says:

But why bother when WPA will defeat all hackers?

WPA Passwords from GRC’s passwords page are pretty much unbreakable.

https://www.grc.com/passwords.htm

Lincoln says:

Did you mean Moore’s Law or Murphy’s Law?

Martin says:

Murphy’s law:

Murphy’s law is a popular adage in Western culture that most likely originated at Edwards Air Force Base in 1948. The Law broadly states that things will go wrong in any given situation, if you give them a chance. “If there’s more than one way to do a job, and one of those ways will result in disaster, then somebody will do it that way.” It is most often cited as “Whatever can go wrong, will go wrong” (or, alternately, “Whatever can go wrong will go wrong, and at the worst possible time,” or, “Anything that can go wrong, will”). /taken from wikipedia/

Lincoln says:

So when you said “Make sure you update it using a wired connection because wireless connection tend to become unstable in the wrong moments. (Moore’s law)” you actually meant to finish with “(Murphy’s Law)”?

Martin says:

my error, I corrected the article to Murphy’s Law, that’s what I meant in first place.

Protect your Wireless Lan — Torrents and more says:

[...] pornography, commit fraud, send thousands of emails or share software in p2p networks source: Protect your Wireless Lan, gHacks tech [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.