Wireless WiFi Security

Wireless is an evolving technology which is not inherently secure. Information on a wireless network is most likely not encrypted, so it is possible for another user on the network to use a 'network sniffer' to capture your data while in transit. Unless you take certain precautions, anyone with a wireless-ready computer can use your network. That means your neighbors, or even hackers lurking nearby, could “piggyback” on your network, or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.

You want to avoid man in the middle attacks. Make it your policy to use a secure login feature SSL (secure sockets layer) for email, e.g. (Yahoo), to protect your password and run personal firewall software on your laptop to protect against illicit attempts to access data on your machine. Consider encrypting your files, and preferably entire hard drive volumes, using PGPdisk. Switch to a Mac or some non-Windows operating system while you're at it. NSA has developed and distributed configuration guidance for Apple Operating Systems. This guidance can be used as a security baseline. Also, password-protect your computer, including a boot password.

How to securely use public WiFi?

Install a VPN program and run it every time you go online using a public WiFi hotspot. It runs in the background after you sign in, and gives you a private, encrypted tunnel for your data and communications when on a public wireless connection. Anchor Free HotSpot Shield is free, but ad-supported. It runs on both PCs and Macs. While browsing, you'll see ads appear occasionally at the top of the browser window. It's great if you infrequently need it, but annoying if you regularly find yourself in coffee shop.

Whether you use Windows, a Mac, or Linux, OpenVPN is a simple, robust way to secure your Wi-Fi sessions.

iPig requires no configuration of any kind. You just start your favorite web browser, email client or chat software and switch the iPig encryption on: iPig grabs all Internet traffic before it leaves your PC and encrypts it securely. The software runs on Windows 2000, XP and 2003.

Remember thst No VPN software protects data that does not go through the VPN.

How to set up a remote private network?

Hotspot Shield is a VPN for the Internet. Hamachi is a VPN for your own private network. Hamachi is meant to tie a remote end-user into another LAN or another PC to make it part of their own “LAN” (or private IP addressing). Internet traffic is not shielded with Hamachi.

LogMeIn Hamachi is currently available for Windows. Console versions of Hamachi are also available for Linux and OS X. Hamachix for the Mac automatically handles the tun/tap drivers, kernel extension, and throws a nice Mac-like GUI on top of the whole thing and here's the full walkthrough manual with screenshots.

For remote access for home & personal use try the free LogMeIn Simply Connected. LogMeIn Free gives you fast, easy remote access to your PC from any computer with an Internet connection.

Here's a discussion of Hamachi, iPig, and OpenVPN.

FBI Best Practices for Home Users to Prevent Hackers from Getting into Your Network

Network segregation
Put your access point on a separate subnet, with a firewall separating the wireless and internal users
Change the default settings on your access point
Default settings (SSID, administrator password, channel) are well known and even included as part of some WLAN attack tools
Use WPA with a strong key
WPA is a definite improvement over WEP in providing wireless security. But the version intended for home and SOHO use—WPA-PSK—has a weakness shared by any passphrase security mechanism. The choice of simple, common and short passphrases may allow your WPA-protected WLAN to be quickly compromised via dictionary attack (more info here). Use a totally random, long, secure passphrase.
Update your firmware
This is helpful if your AP or client doesn't currently support WPA. Many manufacturers have newer firmware for 802.11g products that add WPA support. You may also find this for 802.11b gear, but it's not as common. Check anyway!
Turn off the WLAN when not in use
A $5 lamp timer from your local hardware store is a simple, but effective way to keep your WLAN or LAN from harm while you're sleeping.

Step-By-Step Wireless Security

SSID Set to not Broadcast How to stay under the radar
MAC Address Restrict access only to your computers
Password Protect Your Wireless Device Keep the bad guys out
WPA Encrypted Passwords Stronger than WEP

Food for Thought
Block Wi-Fi Intruders with a Secure Paint Job Paint contains a new aluminium-iron oxide that is able to block waves
Securing your WLAN Why bother?
The six dumbest ways to secure a wireless LAN Put to rest once and for all the urban legends and myths on wireless LAN security
Simple advice for securing your home wireless LAN Look for WPA certified
Wi-Finally: wireless security that actually works Microsoft support for WPA2 — Wi-Fi Protected Access 2
Free Wi-Fi Security Test Requires ActiveX plug-in for IE6 and Windows XP/2000 OS
Cracking WEP in 10 minutes Download Flash video
How To Crack WEP Details.
A Cup of Bandwidth Bob Quietly "Borrows" Internet Service From Three Neighbors at Once
Worried about Wi-Fi security? cNet article.
Antennas Enhance WLAN Security Byte.com article
Top 7 Tips for Wireless Home Network Security Improve the security of your home wireless LAN
Real Security for Wireless LANs PC magazine article
WEP or WPA encryption. Radius, a server for remote user authentication and accounting, is a stronger scheme.
Securing your WiFi Network For the home, home office and small office user.
Use an SPI firewall. Make sure that your current OS will operate properly with your SPI firewall.

WPA (Wi-Fi Protected Access) can be defeated. Consider using WPA-PSK (pre-shared key mode, also known as personal mode) for a home LAN. WPA-PSK is vulnerable to dictionary attacks, if a hash of the pre-shared key can be gleaned by listening in on the 4 way handshake used to initiate the connection, so use a long key. It's convenient to use a 40-60 character sentence that you can easily remember. Choose a sentence (or a line from a song, a quote from a favorite book, or something similar) that is significant to you and use that. You can try a key generator but the key generator approach makes sharing the key harder and might not add much more security to a brute force attack. TKIP (Temporal Key Integrity Protocol) is a security protocol used in Wi-Fi Protected Access (WPA).

Glossary

Encryption: The scrambling of data into a secret code that can be read only by software set to decode the information.

Extended Service Set Identifier (ESSID): The name a manufacturer assigns to a router. It may be a standard, default name assigned by the manufacturer to all hardware of that model. Users can improve security by changing to a unique name. Similar to a Service Set Identifier (SSID).

Firewall: Hardware or software designed to keep hackers from using your computer to send personal information without your permission. Firewalls watch for outside attempts to access your system and block communications to and from sources you don’t permit.

Media Access Control (MAC) Address: A unique number that the manufacturer assigns to each computer or other device in a network.

Router: A device that connects two or more networks. A router finds the best path for forwarding information across the networks.

Wired Equivalent Privacy (WEP): A security protocol that encrypts data sent to and from wireless devices within a network. Not as strong as WPA encryption.

Wi-Fi Protected Access (WPA): A security protocol developed to fix flaws in WEP. Encrypts data sent to and from wireless devices within a network.

Wireless Network: A method of connecting a computer to other computers or to the Internet without linking them by cables.

Security Software
wicrawl A simple wi-fi (802.11x) Access Point auditor
BackTrack Remote-exploit CD project merging Whax and Auditor
PickupLine Bypass authentication on authenticated wireless networks
Auditor Security software toolset based on KNOPPIX
List of Default Passwords Huge.
AP Radar Network stumbler and wireless configuration clinet
Knoppix STD CD A collection of open source security tools and Linux Wi-Fi utilities for advanced users
WinZip Supports 128- and 256-bit key AES encryption in addition to lower security Zip 2.0.
UltimateZip Advanced File security with 256-Bit AES encryption. Free for private use.
Sygate Personal Firewall Free for personal use.
ZoneAlarm Firewall Free version has limited features.
coWPAtty Audit the pre-shared key (PSK) selection for WPA
WepCrack A tool that cracks 802.11 WEP encryption keys.
Aircrack 802.11 sniffer and WEP key cracker for Windows and Linux.
Mike's Guide to Airsnort on Windows XP A WLAN tool which recovers encryption keys.
Difference betwen monitor and promiscuous mode? Airsnort FAQ
NSSpyglass Will alert you to netstumblers (requires linksys AP)
AirSnare Will alert you to unfriendly MAC addresses
WireShark Network protocol analyzer - a successor to Ethereal
Ethereal Network protocol analyzer

| Furl | Stumble It! | Digg | Reddit

Recommend This Page

Newsletter | Privacy | Support | Search | Site Map

Revised: 01/26/2009

Dell Desktops Copyright 2001-2009 BinaryWolf.com Creative Commons License

FBI Best Practices for Home Users to Prevent Hackers from Getting into Your Network

Step-By-Step Wireless Security

Glossary

Dell Desktops

Copyright 2001-2009 BinaryWolf.com
Creative Commons License