Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Secure your Wireless Network

encryption

  • Please log in to reply
28 replies to this topic

#1 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 17 October 2008 - 05:20 AM

Here are a few steps to keep your AP secure.
Remember nothing is unbreakable

[1] Secure your wireless router or access point administration interface

Almost all routers and access points have an administrator password that's needed to log into the device and modify any configuration settings. Most devices use a weak default password like "password" or the manufacturer's name, and some don't have a default password at all. As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else. You may not use this password very often, so be sure to write it down in a safe place so you can refer to it if needed. Without it, the only way to access the router or access point may be to reset it to factory default settings which will wipe away any configuration changes you've made.

[2] Don't broadcast your SSID

Most WLAN access points and routers automatically (and continually) broadcast the network's name, or SSID (Service Set IDentifier). This makes setting up wireless clients extremely convenient since you can locate a WLAN without having to know what it's called, but it will also make your WLAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by (though it will still be detectible by WLAN "sniffers like kismet").

[3] Enable WPA/WPA2 encryption instead of WEP

802.11's WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren't limited to 0-9 and A-F as they are with WEP. WPA support is built into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware and operating systems. A more recent version, WPA2, is found in newer hardware and provides even stronger encryption, but you'll probably need to download an XP patch in order to use it.

[4] Remember that WEP is better than nothing

If you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a string of the same or consecutive numbers. Also, although it can be a pain, WEP users should change encryption keys often-- preferably every week.

[5] Use MAC filtering for access control

Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump.

[6] Reduce your WLAN transmitter power
You won't find this feature on all wireless routers and access points, but some allow you lower the power of your WLAN transmitter and thus reduce the range of the signal. Although it's usually impossible to fine-tune a signal so precisely that it won't leak outside your home or business, with some trial-and-error you can often limit how far outside your premises the signal reaches, minimizing the opportunity for outsiders to access your WLAN.

[7] Disable remote administration

Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it's best to keep remote administration turned off. (It's usually turned off by default, but it's always a good idea to check.)

There are many other things you can do but this should get you started.
  • 1
Posted Image

#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 17 October 2008 - 07:20 AM

Sorry Kresh, but I couldn't +rep you for this. I've got 1,3,5 on my access point, plus a firewall blocking unauthorized IPs and no DHCP on mine. All so I can share my dialup connection :D
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 17 October 2008 - 07:30 AM

dude i didnt make this for +rep :D its only a tutorial for people who want to learn somthing new :D
  • 0
Posted Image

#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 17 October 2008 - 08:05 AM

Yeah, but it deserves +rep.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#5 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 17 October 2008 - 08:07 AM

It looks like this was copied from here: Clean-Graphics Consulting & Web Design - How to secure your wireless router.
Are you the owner/author of the website/article?
  • 0

#6 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 17 October 2008 - 08:15 AM

i never sad its one of mine tutorial if that would be mine i had made at the end of the tutorial Author:Kresha7 :|
is it not allowed to post good tutorials ? lol if you wait that people always write there own tutorials the forum never will grown you should had open another threat for that tutorials by members i like to share good stuff i know how to secure my router i read this long time ago :D isen't it pretty stupid ? to try to invent the weel again thats the same as writting the tutorial again
  • 0
Posted Image

#7 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 17 October 2008 - 08:26 AM

Actually, once a tutorial is posted on most sites it is actually copyrighted in the US meaning we could get in trouble for stealing their content. It also will cause CodeCall SEO and the originating site SEO to diminish (google will see this as duplicate content).
  • 0

#8 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 17 October 2008 - 08:33 AM

you dont get in troble ive postet this because the athor allowed to show this tutorial on many sites
  • 0
Posted Image

#9 Turk4n

Turk4n

    ???

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1919 posts
  • Location:Sweden
  • Programming Language:C, Java, PHP, Python, Bash
  • Learning:C++, C#, JavaScript, Visual Basic .NET, Others

Posted 17 October 2008 - 10:35 AM

@kresh7 - Don't broadcast your SSID

That is really dumb to do, there are tools to just jump directly on AP, that hides their SSID. As a heavy backtrack user I would just take of that as "security" measure to prevent "air crackers". It's as useless as trying to run a car without it's reg-plate.
  • 0

#10 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 18 October 2008 - 01:26 AM

:| im not so dumb to broadcast my ssid :H but there are a lotttttttttt of tools that show even your hidden ssid :S it impossible to hide it :D you cold create honey pots a lot of fake access point to make it harder to find the real one
  • 0
Posted Image

#11 Turk4n

Turk4n

    ???

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1919 posts
  • Location:Sweden
  • Programming Language:C, Java, PHP, Python, Bash
  • Learning:C++, C#, JavaScript, Visual Basic .NET, Others

Posted 18 October 2008 - 08:18 AM

Not, really instead of hiding yourself, just broadcast the SSID, and encrypt(use WPA or WPA2) plus make sure the password is a "strong" password. Also if your router allows you to create a list of "verified" people to be able to see and "even" come in. Then you have at least a better protection, than just to hide the SSID and with a weak protect.

However, if your neighbors are "not" determined "air crackers" they won't be able to do anything. However if one of your fellow neighbor is a "air cracker" then hiding SSID won't help you.

Side effects with hiding SSID, some "bad" *NIX os's can't see the "router". Your router loses performance; but you gain connection time length. However as a friend and used to be "air cracker", "script kiddie" I would recommend you not to hide yourself. Just show yourself and your protection. Most gives up on people that has really good protection since it takes time to calculate password or bypass it.
  • 0

#12 kresh7

kresh7

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 326 posts

Posted 18 October 2008 - 08:32 AM

lol :C im secure for myself but dosent mather if you can secure your router well there are a lot of technics to spoof your router and get free internet connection sorry for my bad english
  • 0
Posted Image





Also tagged with one or more of these keywords: encryption

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download