Is your wireless network secure?
December 5, 2010
Nearly every household has a wireless network to access the internet but how secure is yours? Some of you may not worry too much because what’s the worst that can happen? Someone gets free access to your internet. Big deal. Well the reality is you could be opening yourself up to a whole load more trouble than you realise.
What is the problem?
Over the last 12 months there have been numerous stories of people suffering real hardship all because they had an unsecure wireless network. One chap came home to find his front door had been smashed in. His initial thought was that someone had burgled his house because upon entering he was met by the Police. However this was not the case. It transpired that the Police had smashed the door down and had a search warrant to look for a stolen laptop that was last used from his address. The truth is the offender had jumped on his unsecure wireless network from a flat a few doors down.
There is also the issue of privacy. Recently Google has upset many governments around the world by the intrusive activities that went on whilst their fleet of Street View cars took photographs at street level. But it’s not the pictures that caused upset. What Google did was sniff out unsecure wireless networks and then use these to call back home to their servers. This meant Google knew exactly where your router is in the world because GPS pin pointed the location of the car and the message that went to their servers identified the unique signature of your router.
But Google went further than that. It also scanned your traffic to discover other types of indentifying data. Your email details, your facebook details, your twitter account details and anything else you happen to be doing when the car went by.
Obviously an unsecure wireless network is easier to connect to and that’s the big problem. Just as you can easily connect so can anyone else in range because the signal usually extends way beyond the boundaries of your house. So while you sit browsing the internet in comfort, someone can begin to search around the virtual world of your house including your PC and any other PC in the house.
How do they snoop my wireless network?
With the tools available on the internet is it very easy to find an unsecure wireless network. In fact, it is easy to find a wireless network with the wireless client on your PC but with a free tool like inSSIDer it is even easier. This free tool shows more detail than the standard client.
Once you’ve indentified a network to attack it’s a simple case of getting a tool called a sniffer – such as Wireshark. This tool is capable of tracking all packets of information that fly around the air. Normally this appears as a bunch of individual pieces of information that on their own don’t necessarily mean much. But Wireshark can reassemble these various packets back; not only into the correct order but even into the separate conversations.
For example, if you consider each activity you do on the computer as a single conversation. So checking email is one conversation and checking facebook is another conversation. Wireshark is capable of identifying these various conversations and, irrespective of the timeframe, break these down into specific and separate entities to analyse.
Imagine that each book in a library is one conversation and that every page is part of that conversation. Now tear all the pages out, throw them in the air and let them land in a big heap. Wireshark can easily take each page and rebuild the entire collection back to the original state in seconds. It can even identify vital information like your username and password. And how many of you use the same password for various sites. It won’t take long to gain access to all your favourite sites.
Switch on encryption
There are typically three types of encryption WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 with WPA2 being the most secure.
WEP is pretty much worthless nowadays because free tools can scan the wireless network and gather enough information in less the 30 minutes to work out what the password is. And if WPA is secured with a reasonably simple password it is easy to keep testing the wireless network and use brute-force to crack the password.
WPA2 is the best options as it uses additional techniques to further increase the complexity of the password making it a lot harder to crack.
How do I set my WPA password?
One of the problems with network security is that each manufacture has a different approach to how they present the configuration screens to set up the WPA password (or passkey as it’s known). If you are not 100% sure of what settings are required feel free to give us a call because we can help.
Even Better Security
As well as setting up Wireless encryption there are a few other security layers that must be considered:
- Local Router Password
- SSID Hiding
- MAC Address filtering
- These additional features act as a further line of defence against remote attacks on your router.
Local Router Password
Many broadband routers come with a preset username and password set as default. This simplifies the initial installation but you should change this because there are many web sites that list default username passwords.
The saving grace is that to access the router configuration you first need to access the router. If you have insufficient wireless security then this can be achieved through the airwaves otherwise you need to be physically connected through a wire.
This threat is fairly low but what can happen (I know because I’ve seen it happen) is that other members of the family could remove the wireless security because it easier for guests to attach to the wireless. This then leave the router and all the PCs in the house exposed.
SSID Hiding
SSID stands for Service set identifier. This is the code, or network ID, that you search for when connecting to a wireless network. Whilst the SSID makes it easy for you to find your network it also makes it easy for anyone else to.
The downsides of hiding the SSID is that you either need to setup your wireless network manually or only show the wireless SSID whilst making a connection. After the connection is made you can then hide it again.
MAC Address filtering
A MAC address, put simply, is a special set of 12 alpha-numeric characters that are used to indentify each unique device on a network. So the wireless network on your PC has a unique MAC address as does the wireless on your router. The router then keeps track of the MAC address of each device so it knows who on the network is going to Google and who has gone to Microsoft. It is this function that allows many people to share one router to access the internet.
So by enabling MAC address filtering you can allow only specific trusted devices to connect.
How do I find my MAC address?
Each system has its own way to find the MAC address, or Physical Address as it is sometimes know. The best way to find out how to locate the MAC address for your device is to use google but on a WIndows PC the best way is to use the IPCONFIG command.
- Press and hold the Windows Key and then hit R.
- Type cmd in the open text box
- Click OK.
- In the black command window type IPCONFIG /ALL.
- This should return with a list of Connection Name and you will see the physical address as follow;
Free Offer – to anyone in the Basingstoke Area
We are happy to visit you house and review your wireless network for free. This will include a review of the security as well as the signal strength around the house.
We will give advice on how to secure your network but will not configure the network for you.
If you wish us to secure your wireless network and all attached devices then we will reconfigure the router and up to 3 devices for £19.99. For more than three devices the charge is only £34.99.
To take advantage of this offer, just contact us and we'll arrange a suitable time to visit.