Network Security guide for the home or small business network – Part 7 – Wireless Networking

OK – the last couple of entries got into some heavy lifting and some real learning on your part. Learning about what software needs to run, what services are running, updating them to keep current on security patches. We even talked about securing services listening for outside connections and limiting them to what is absolutely necessary. Now we’ll take a deep breath and get into another area… Wireless network security.

Wireless network information travels on radio signals and anyone with a wireless card and laptop can be on an “in the clear” network before they realize it. These days operating systems do a very good job of “automagically” configuring a wireless card for access when they’re in range. This can be a good thing and a bad thing. Easy access to the internet might be good, but that also may mean easy access to your network.

Fortunately the range of wireless networks is typically limited 200-500 feet at the most unless you’re really trying to extend the range. A good walkaround with a wireless card/laptop will give an idea of where your network is accessible from. Are your internal network shares password protected? Or are you defending more against intrusion from the internet. If you have wide open wireless access, you need to start thinking about what services are visible on the INTERNAL network as well.

OK – so you say, we only use the network for internet access, I don’t care if someone else uses it. What if that someone else uses your connection to send out a scam email? A virus? When the dots are being connected they will likely lead back to your internet connection. It might be worth securing it. How?

There are a number of ways to do this and I’ll just get into generic ideas. The simplest way to secure a wireless network is MAC address filtering. MAC addresses are unique addresses given to each piece of network hardware EVER made. Every network device has a unique MAC. It might look like this… 00:12:17:51:E3:7D and should show up in an ifconfig command under linux (ipconfig under windows) or may be written on the network device. MAC address filtering works this way, the wireless access point is told “I want to allow these trusted devices on the network”. Foolproof right? Wrong… Since the data is transfered in the clear it can be very easy for an attacker to collect enough information to guess why they can’t get on the network and ascertain which MAC addresses are legit. Further it’s possible to “spoof” or pretend to have a different MAC address and gain access.

Next up is WEP encryption. This comes in 64-bit and 128-bit varieties. 128-bit is all I’ll suggest. Unfortunately WEP can also be broken fairly quickly. The idea is that a WEP key is generated. The accesspoint has the WEP key and the clients use the same key (you’ll usually only have to enter it once.) The key is hexadecimal (0-9 and a-f are allowed), most programs will take a passphrase and then generate a key from that. Again, an attacker can listen and with current software WEP can be broken in about 5 minutes. It is at least some protection though. (Better than nothing). Combined with MAC address filtering it might prove fairly effective. At least we would hope that someone would move to “lower hanging fruit”.

The best option currently is WPA encryption. Currently I don’t know of WPA being broken. If you’re dealing with older hardware trying to connect wirelessly this may be a problem as some older devices may not support WPA. If everything you need to use can handle WPA, this would be THE best, most secure (currently) choice. The concept with WPA is similar to WEP, the communications are encrypted between the machines and the access point, the key is constantly changing though which prevents outsiders from gathering enough infromation to break the key.

Related Posts

Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
  • Lorex Security Solutions LOREX is a global leader in video security camera solutions offering exceptional performance with a wide range of products including security cameras, wireless security cameras, ip cameras (network security cameras), security dvrs, observation systems and other complete security systems. LOREX solutions are easy to setup and features plug and......
  • Free Wireless Access Can Be a Security Problem Free wireless hotspots is a huge security and privacy threat since hackers have the tools to really make life difficult.  Check out the video below. Connecting to a random WiFi hotspot is much like strolling into a bar in a strange part of town. Most likely you'll have a good......
  • D-Link Announced 2 new 2-Bay Network Storage Devices Two new Network Storage Devices from D-Link D-Link today announced that its ShareCenter® 2-Bay Network Storage devices, the DNS-320 and DNS-325, are now available. Building off of the successful DNS-321 and DNS-323, the new DNS-320 and DNS-325 provide centralized storage, enabling consumers to easily share documents, files and digital media......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Leave a Reply

You must be logged in to post a comment.

Switch to our mobile site