Michael Grace

Synopsis:

Having an insecure wireless network makes you liable for arrest or lawsuit! If you have not done all these things listed below to protect your wireless network, take the few minutes it will take to do the basics and DO THEM NOW!!

Basics

There is no excuse for not doing all these things

– Change default user name & passwords for routing equipment

– Use strong passwords

– Turn on encryption (WPA2 or better. WEP is hackable in minutes)

– Change default SSID

– Enable firewalls

– Turn off when not in use

– Update router firmware to the latest version

Advanced

Increases security but may require more time or expertise

– Disable DHCP and assign static IP Addresses

– Filter by MAC address

– Monitor network for intrusions

– Use software to test for network vulnerabilities

Did you know that you can be arrested or be sued if your wireless network is insecure? If you have an insecure wireless router at home, someone could use your internet connection to start downloading child pornography, attack the NSA, send spam, release viruses, or hack your own computer and steal your identity! So when the police or NSA come knocking at your door how are you going to prove that you didn’t do it? All that activity will be traced back to your IP address and you will need a really good argument to convince them otherwise. But why waste your time, money, and possibly your identity by not taking a few minutes to secure your network? What about businesses that have wireless networks set up? If a business has an insecure wireless network, hackers can use that to steal information by monitoring the network or compromising computers on that network. If that happens, patients, customers, and employees are all at risk of having their private information stolen. Not good!

Lets step through the basics of what everyone should do to secure their wireless network.

– Change default user name & passwords for routing equipment

If you don’t change them, your router can be controlled by anyone. Changing the user name and password on your wireless router is easy. If you don’t know how to change them do a Google search for the user manual for the make and model of your wireless router.

– Use strong passwords

Please don’t set the password to be the same as the user name or the name of the router, that is just asking for trouble.  Good passwords generally need to be 7 or more characters with a mix of symbols, letters, and numbers. Using words that can be found in the dictionary  in your password means that it can probably be hacked in just a few minutes.

– Turn on encryption

Turning on encryption means that all the information won’t be sent over the air for everyone to see. Not having encryption turned on is like having a large electronic billboard outside your home or office displaying all the information that is being sent over the network. When turning on encryption on your wireless router, you will probably be presented with several encryption options. WEP is no longer a good choice because it is flawed and can be hacked in minutes. WPA2 is a  better choice and will keep your information much safer.

– Change default SSID

SSID is the unique name that devices use to connect with the wireless router. While changing the SSID of your wireless router doesn’t increase how secure it is, it can reduce the likelihood if it getting attacked. If a hacker sees that a wireless router’s SSID has been left at it’s default, there is a good chance that the router still has all or most of it’s default security settings (which aren’t secure). Changing the SSID moves your router off of the list of first to attack. You can even take that a step further and disable broadcasting of the SSID which means that devices will have to know the SSID before they can connect. Because an non broadcasted SSID can be found using the right tools, it should not be used as a sole means of security.

– Enable firewall

Most routers come with basic firewall capabilities and it would be silly not to enable it. Firewall software should also be running on all devices connecting to the network if possible.

– Turn off when not in use

Obviously it is overkill to be turning your router on and off every 5 min. when you need to pull up a web page or check your email. Turning of the router when you will be out of town or know you won’t be using it for a while is an excellent preventative measure.

– Update router firmware to the latest version

Often a manufacture of a router will release an update to the software that runs the router to fix security holes or improve performance. It is always a good idea to check to make sure you are running the latest and update it if you are not. Make sure you read and follow all instructions for updating firmware to prevent “bricking” your router. “Bricking” means you broke it and it can be very hard or impossible to get it working again, like a brick.

– Disable DHCP and assign static IP Addresses

DHCP is great because it is dynamic and it’s easy but it can be used to a hackers advantage. Assigning an IP to each device that you know is on the network prevents other devices from trying to get an IP to connect to the internet.

– Filter by MAC address

You can filter connections to the wireless router by the computers MAC address. The MAC address is a uniquely identifying number burned into the devices network interface. This is really nice because you can set up a list of devices that can connect to the network while keeping everyone else off.

– Monitor network for intrusions

There are several ways to monitor your network for intrusions. The simplest way is to set your router to log connection information and you look over those logs consistently for abnormal activity. Simple but not very time efficient. A more advanced way to monitor for intrusions is to set up an intrusion detection system (IDS) to look for suspicious activity and inform you of it automatically. There are some units that cost and are ready to go, or there are open source solutions like SNORT. Monitoring a network for intrusions is an advanced safety measure and usually done by the safety conscious or those who must protect sensitive information on a network like a business, doctors office, or credit card company.

– Use software to test for network vulnerabilities

Ofter setting up a network to be secure, it is a really good idea to use tools to test for network insecurities. Many of the tools to test for vulnerabilities are the same ones used by hackers to gain access to your network, so why not use them to find the holes? Tool complexity range from clicking a button to typing in commands at a command line interface. If you are really serious about network security, or the information you have on your network mandates that you be paranoid about it, you had better be doing testing using these tools.

Resources:

• MAC address
  • http://en.wikipedia.org/wiki/MAC_address
• SSID
  • http://www.webopedia.com/TERM/S/SSID.html
• Insecure networks could lead to liability lawsuits
  • http://news.cnet.com/Insecure-networks-could-lead-to-lawsuits/2009-1033_3-940460.html?tag=mncol
• Consumer network security
  • http://news.cnet.com/Safety-Open-networks-pose-dilemma/2009-1033_3-982324.html?tag=mncol
• Wardriving’ conviction is first under Can-Spam
  • http://news.cnet.com/Wardriving-conviction-is-first-under-Can-Spam/2100-7351_3-5390722.html?tag=mncol
• Home wireless security tips
  • http://wirelessdefence.org/Contents/Home%20Wireless%20Security%20Tips.htm
• How do I secure my home Wi-fi network
  • http://www.cnn.com/2009/TECH/expert.q.a/03/17/pirillo.wireless.security/index.html
• Worried about Wi-Fi security
  • http://news.cnet.com/Worried-about-Wi-Fi-security—page-2/2100-7347_3-5540969-2.html?tag=mncol
• 10 Tips for Wireless Home Network Security
  • http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm

Images: