Tuesday, July 1, 2014

Don’t Have a False Sense of Security: 5 Insecure Ways to Secure Your Wi-Fi

rusty-broken-lock
You’ve got WEP encryption enabled, your network’s SSID is hidden, and you’ve enabled MAC address filtering so no one else can connect. Your Wi-Fi network is secure, right? Not really.

Good Wi-Fi security is simple: Enable WPA (ideally WPA2) and set a strong password. Other common tricks for increasing a Wi-Fi network’s security can easily be bypassed. They may deter more casual users, but a strong WPA2 password will deter everyone.

WEP Encryption

There are several different types of wireless network encryption, including WEP, WPA, and WPA2. Routers being sold today still ship with option to use WEP encryption – this may be necessary if you have very old devices that can’t use WPA.
WEP can be cracked very easily. WEP prevents people from directly connecting to the network, so it’s superior to using an open Wi-Fi network. However, anyone that wants access to your network can easily crack the WEP encryption and determine your network’s password.
Instead of using WEP, ensure you’re using WPA2. If you have old devices that only work with WEP and not WPA – such as the original Xbox or Nintendo DS – they’re probably due for an upgrade.

Hidden SSID

Many routers allow you to hide your wireless network’s SSID. However, wireless network names were never designed to be hidden. If you hide your SSID and connect to it manually, your computer will constantly be broadcasting the network’s name and looking for it. Even when you’re on the other side of your country, your laptop will have no idea if your network is nearby and it will continue trying to find it. These broadcasts will allow people nearby to determine your network’s SSID.
Tools for monitoring the wireless traffic in the air can easily detect “hidden” SSID names. SSID names aren’t passwords; they just tell your computers and other devices when they’re in range of your wireless network. Rely on a strong encryption instead of a hidden SSID.

MAC Address Filtering

Every network interface has a unique ID known as a “Media Access Control address,” or MAC address. Your laptop, smartphone, tablet, game console – everything that supports Wi-Fi has its own MAC address. Your router probably displays a list of the MAC addresses connected and allows you to restrict access to your network by MAC address. You could connect all your devices to the network, enable MAC address filtering, and only allow the connected MAC addresses access.
However, this solution isn’t a silver bullet. People within range of your network can sniff your Wi-Fi traffic and view the MAC addresses of the computers connecting. They can then easily change their computer’s MAC address to an allowed MAC address and connect to your network – assuming they know its password.
MAC address filtering can provide some security benefits by making it more of a hassle to connect, but you shouldn’t rely on this alone. It also increases the hassles you’ll experience if you have guests over who want to use your wireless network. Strong WPA2 encryption is still your best bet.
image

Static IP Addressing

Another questionable security tip making the rounds is using static IP addresses. By default, routers provide an integrated DHCP server. When you connect a computer or any other device to your wireless network, the device asks the router for an IP address and the router’s DHCP server gives them one.
You could also disable the router’s DHCP server. Any device connecting to your wireless network wouldn’t automatically receive an IP address. You’d have to enter an IP address by hand on each device to use the network.
image
There’s no point in doing this. If someone can connect to the wireless network, it’s trivial for them to set a static IP address on their computer. In addition to being extremely ineffective, this will make connecting devices to the network more of a hassle.

Weak Passwords

Weak passwords are always a problem when it comes to computer security. If you’re using WPA2 encryption for your Wi-Fi network, you may think you’re safe – but you may not be.
If you’re using a weak password for your WPA2 encryption, it can easily be cracked. Passwords like “password”, “letmein” or “abc123” are just as bad as using WEP encryption – if not worse.
Don’t use the minimum password length of 8 characters. Something between 15 to 20 characters should probably be good, but you can go all the way up to 63 characters if you like. You can also create a longer password by using a “passphrase,” or password phrase – a sequence of words, like a sentence.
Assuming you’re using WPA2 with a strong password, you’re all set. You don’t have to put up with the hassle of hidden SSIDs, MAC address filtering, and static IP addresses to secure your network.

No comments: