Community Pick: Many members of our community have endorsed this article.

Do's and don'ts on wireless security.

Luc FrankenGlobal Architect
CERTIFIED EXPERT
Published:

1. MAC Filtering


MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this.

This means that if someone mentions the name of someone on the list (for example a name overheard while waiting in line for the door) he/she get's in.

In wireless networking, a simple network sniffer will reveal to you any clients associated with an access point, so you would know which "name" to give when visiting the access point and can change the MAC of your network card accordingly.

In short, this "security" would be breached in several seconds depending on how fast the one wanting to access your network can type a new MAC address.

2. Antenna location and/or power adjustments


Some people might tell you that you should make sure the signal only gets to the area you want it to, rather than placing your access point in a place where you have enough coverage for the area you want to have covered and enough signal to cover all of that area.

Lowering the amount of power or placing the antenna in an area where you want to use the signal only causes you issues. Anyone wanting to access the network can always get a bigger antenna and/or a directional antenna to get the amount of signal they want.

Location and output of an access point should be adjusted for maximum coverage and minimum interference, but not as a security mechanism.

3. Disabling SSID broadcasting


In short, disabling SSID broadcasting will only make it more difficult for clients to connect to the network, as you will have to enter the SSID of the network when connecting. However, as with the MAC address filtering, all you need to do is sniff the network to find the name. With clients connected (or even when they're not connected but only have the network configured) this is even easier to find, as clients will be broadcasting the SSID when they're attempting to connect to a network.

A great explanation of this can be found at http://technet.microsoft.com/en-us/library/bb726942.aspx#EDAA 

4. WEP encryption


While WEP might stop the casual cracker from breaking into your network, with modern techniques the key can be decrypted in a matter of minutes. I don't want to show how to do it, but some of the details on the initial (2001) findings on the insecurity of WEP can be found at http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf 

5. So, what you should you be doing?


So what is the best way to secure a wireless network?

Unless you have the ability to set up some form of authentication server, your best setup will use either WPA or WPA2 encryption (preferably with AES instead of TKIP) depending on what your hardware supports.

WPA2 was not created because a flaw was discovered in WPA; it just uses a longer key (WPA uses a 128 bit key and WPA2 uses a 256 bit key). In both cases they're not generated by the entered password; the password is "translated" after hashing used for authentication.

At this time, the only known successful crack on a WPA/WPA2 encrypted network (without rainbow tables) is a dictionary attack on the passphrase used.

So to keep your network secure, make sure your passphrase contains letters, numbers and some special keys in random order. (You'll only have to enter it once on every connected device, so there's no need to remember it afterwards, but make sure you've written the key down somewhere and stored it safely so no unauthorized persons can find the key.)

6. Change the SSID to something unique


With WPA(2) the actual communication password is generated from the SSID and the passphrase used.
Rainbow tables which can be used to crack these can be created but take a large amount of time.

Tables for the 1000 most popular SSID's can be downloaded without much effort nowadays but creating tables for a new SSID takes on average double the amount of time as brute-forcing the password which is configured. But once a table for a certain SSID has been generated, it can be used for all access points with the same SSID.

So having a truely unique SSID will make sure no one will be bothered by generating a rainbow table for it. Brute forcing the password will take years if done on a single computer.

7. Warning on feeling secure with pre-generated keys


Although you're secured by either WPA or WPA2, you can still have one big security risk.

There is a huge security hole in some Speedtouch/Thomson modems that have been sent by providers to customers all around Europe and possibly other locations in the world.

A detailed description of the issue can be found at http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/

Tools have been created to automatically generate possible keys out of the SSID's sent out by these devices. For example if you have a Speedtouch modem with the SSID "Speedtouch188DBB" your WEP/WPA key will be any of the following four keys: 763FF260D1, 819150ACBE, 02BB8DC9D0 or DF05A812A7

A one-out-of-four-keys suddenly doesn't look that secure anymore as all of those keys can be tried in a matter of seconds. So it is critical, if you are using one of these devices, that you reset the password.
12
5,945 Views
Luc FrankenGlobal Architect
CERTIFIED EXPERT

Comments (2)

CERTIFIED EXPERT

Commented:
May I add here that you need to change your Router's Password too? Though that does not relate to Wireless Security but suppose you hand out the WPA/WPA2 key to anyone for Casual Browsing, you don't want him / her to mess with your Router's Configuration, right?

Ravi.
CERTIFIED EXPERT

Commented:
Nice piece of work. This I tell about every day.

One more suggestion: WPA can be cracked easily when your password is based on a dictionary word.
W1F1R0UTER is however it consist of numberts and letters, and does not form a word, easy to crack.

One fine trick is using asterisks in your key.

*WIFI*ROUTER* by example is almost uncrackable (for now...)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.