How To Secure Your Wireless Network
by Jerry Malcolm - Originally published in issue 1 of (IN)SECURE Magazine - Tuesday, 9 August 2005.
There are a couple of ways a hacker or someone who is looking to steal or otherwise misuse your home wireless network can infiltrate your system. The first one is through “eavesdropping” and other is what is called a DOS attack.

Eavesdropping as the name implies involves utilizing tools and listening software utilities that have been easy to find since before wireless came along to capture the traffic that is passing through the air in your home wireless network. If the data contained in those packets is not encrypted a wealth of information about you can be captured about you. This includes login names, passwords and credit card information.

Encryption and use of the built in security measures described in this paper are excellent defenses against eavesdropping.

The second most prevalent attack is called a Denial of Service or DOS attack. In a DOS attack the hacker introduces noise or interference into the wireless network from without which artificially causes devices within the network to fail or issues a Denial of Service response to contact from other devices in the network.

Attackers can use these DOS signals to gather SSID and other important network addressing data that can be used to mount a more intrusive attack down the road.

You and Your SSID

In a wireless network implementation there are three ways to set the SSID for network communications. (1) The SSID can be set manually, (2) the SSID can be left the default that your network hardware provider set it to when your equipment was shipped or (3) The SSID can be generated automatically.

Wireless components such as routers and other access point devices provide a methodology for changing the SSID for network access.

The devices will usually come with a default SSID that is easy to figure out such as the company name or “default”. So the first step in securing your network is to change the default SSID that came with your wireless access point device.

Now when deciding upon an SSID name for your network, remember to make it something difficult to figure out. Do not use your last name, a name of your pet or your favorite Star Wars character.

In that this name will be something used exclusively for internal recognition of your network to itself, make it something obscure and difficult to figure out.

Encryption – WEP and WPA

As we discussed under definitions, WEP encryption is a standard security option that is the default encryption for all OSI compliant network products. However encryption is not automatically turned on. If you leave the defaults so encryption is not used, critical information is moving through the air between your wireless devices including user names, passwords, credit card information or other sensitive information about your home is not secure.

Through “eavesdropping” a network hacker or spy can access volumes of information about your family from your network. Therefore make it a priority to turn on WEP encryption as soon as you set up your wireless network.

WEP encryption, while the standardized “plain vanilla” security encryption available, is not flawless. A clever hacker can find ways to break WEP encryption. A number of improved encryption protocols are available that were built upon the WEP model but provide much more sophisticated encryption algorithms and correspondingly, much better security.

WPA and TKIP are upgrades to WEP encryption that more securely protect your wireless network. It is worth your time to research how to go about implementing these improved security protocols.

MAC Addressing and Filtering

As we discussed under definitions, the MAC address is a hexadecimal number that represents the physical address of your network adapter, similar to an IP address.

Just as with SSID broadcasting, this is a key security code that allows the devices on your wireless network to talk with your network adapter. By keeping the MAC address secure, you can dramatically limit the ability of unauthorized persons to access your network.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th