WiFi Security

Some quick pointers on how to stay safe when using wireless networks

Decorative Image - wirelessIn recent years wireless networking (WiFi) has become so common place that you’ll find it in most homes, businesses and social venues like cafés, bars and hotels. Some areas have begun rolling out metropolitan networks covering shopping centres, air ports or whole city centres.  The convenience of wireless networks however comes with a trade-off in security that is often taken for granted or overlooked entirely. Here I’ll go over a few quick fixes to help you stay safe…

Safe at Home

If you have broadband at home then quite likely your ISP provided a router with wireless networking. Most people don’t read the instructions, plug everything in, see that it works and never look at it again until something goes wrong. The risk is that if someone else can connect to your WiFi they can potentially spy on all of your web browsing or even to intercept and change your web traffic.

Instructions for how to check or change the following bits should be included in the paperwork that came with your router and with so many different models I can’t give specific instructions here.  If you get really stuck then get in touch with the make/model/ISP and I’ll see what I can do.  Some of the advanced features may not be available on all routers but you should be able to control the basics, which is enough in most cases.

The first thing you should do is change the admin password for the router as this will be set to a default when the router is delivered. If someone guesses your admin logon then they can get up to all sorts of mischief, lock you out of your own network, redirect, capture or change all of your web browsing.Secondly, make sure your WiFi network is properly secured.  Your WiFi network will typically be broadcasting its presence so that your laptop/phone/device can find it and connect to it.  WiFi should then ask for a password to make sure your device is allowed to use it.  The communication between your device and the router will then be encrypted so that others can’t eavesdrop on the conversation.

If you have an old router then it may have been initially set up with WEP encryption which has long been considered useless so check that your router is using WPA or WPA2. Also make sure that the network password isn’t something obvious.

There are some extra changes that you can make which will make it more difficult for someone to attack your WiFi and gain access or control. These will mean a little more effort for you but the payoffs in added protection are quite significant.

You can tell your router not to broadcast itself, the network will still be there but you’ll have to tell any wireless device exactly what to look for in order for it to connect to the network.  This is like having a secret PO-Box instead of having a town cryer shout out your address. Not all mobile devices will allow you to manually a WiFi hotspot though, limiting you to only those that are broadcast.For even more protection you can enable MAC Address Filtering which turns your WiFi into an approved VIP members only club.  A device will go through the usual password process but then you’ll have to actively approve the new device at the admin console before it will be able to use your network.

Remember to check the admin console for a list of connected clients from time to time. This will let you spot anyone that’s managed to sneak in. If this happens you’ll want to change the admin password, Network Name and password after having kicked the intruder off. It would also be wise to change the login details of any websites you’ve used over the network as the intruder may have picked up on them too.

Playing Away

When you’re away from home and connect to someone else’s WiFi you have no idea who else is also on that network. If somebody else is on the same network as you they will be able to eavesdrop on your web traffic.

An extension for Firefox called FireSheep and an application for Android phones called FaceSniff make it as easy as clicking a button for someone to listen to network traffic for account details on some of the more popular social networks like Twitter and Facebook. The best defence against this is to make sure that you use HTTPS whenever you can so that even if someone is listening to your web traffic, the conversation will be garbled and they won’t be able to capture anything useful.

 

2 thoughts on “WiFi Security

  1. Andi Taylor

    There are some extra changes that you can make which will make it more difficult for someone to attack your WiFi and gain access or control.

    The two suggestions you give would give 0 protection from any level of ‘Wi-Fi hacker’.

    When trying to crack wireless keys, it’s standard procedure to:
    a) sniff the network and see all devices connecting to said network – i.e. your laptop / smart phone
    b) clone the MAC address of one of these devices (therefore rendering MAC filtering useless)
    c) sniff packets to piece together the wireless keycode.

    Note – making the SSID Hidden doesn’t make the network invisible. It may not transmit it’s ID for a standard client to see, but tools such as aircrack-ng will see the network regardless.

    You are not inhibiting the hacker at all – only really inconveniencing yourself as the network user day-to-day.

    Best possible protection would be:
    a) disable any WDS / “One-touch authentication” buttons on your router. This code is flawed and can be hacked remotely
    b) Enable WPA2 encryption (without WPA fallback). This may, however, stop old devices connecting. But, WPA2 is not currently cracked, whereas WEP or WPA can be cracked in 2 minutes and about an hour respectively. WPA is harder to crack, and most ‘casual’ hackers wouldn’t bother as it requires a lot of CPU time.

    One simple trick can be to leave your router on ‘Automatic’ channel control. If you fix the channel, the cracking apps can hack away at the channel and the router. If your router automatically changes channel due to traffic, the hacking can actually make the router think that channel is busy and therefore change. This normally means any hacking has to start from scratch.

    1. thegaryhawkins Post author

      All very true thanks Andy but this flies a little over the heads of the average home user and there’s really very little that can be done to all together stop a determined and skilled hacker with a direct target in their crosshairs. The pointers I’ve outlined are more intended to deter passing attempts or bedroom hackers and follows the line of the 80/20 rule, 20% effort deterring 80% of the likely attacks.

      Still, it’s always good to know that some others take their IT security seriously too 🙂

Comments are closed.