Pages

Wednesday, 26 September 2012

How to secure your wireless home network


Securing a wireless network is very important because if you don’t, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you’re doing.
1) Connect to your router via your browser, by inputting something called a Gateway IP Address.
  • Click Start > Run > type ‘cmd’ > Click ‘Enter’
  • Once the Command Prompt window opens, type ‘ipconfig /all’ and hit ‘Enter’
  • Locate the line labeled ‘Gateway’ and make note of the number that follows. It will look similar to ‘192.168.1.1’
  • Open your browser
  • Enter the Gateway IP Address into the address bar and click ‘Enter
 To find your Gateway IP Address and connect to it on a Mac
  • Open your Finder and run ‘Terminal’ inside of Applications > Utilities
  • Once the terminal window opens, type ‘ipconfig -a’ and hit ‘Enter’
  • Locate the line labeled ‘Gateway’ and make note of the number that follows. It will look similar to ‘192.168.1.1’
  • Open your browser
  • Enter the Gateway IP Address into the address bar and click ‘Enter’
2) Enable encryption on your access point. Using 128-bit encryption or higher makes your Wireless Network more secure. WEP and WPA are entirely different encryption schemes. WEP has been proven insecure and can be cracked in a few minutes using free utilities that can be downloaded from the Internet. Using at least WPA is recommended, because it is much more secure, but is sometimes a bit harder to set up correctly than WEP is, and isn’t completely secure. Some older access points or wireless cards do not support WPA2. If you have one of these, it is recommended that you purchase a newer one that supports WPA2, depending on how important you consider your security.
3) Set the router access password. Anybody who gains access to the router configuration settings can disable the security you have set up. If you forget the password, most routers have a hardware reset that will restore all of the settings to factory defaults. The best option is to use a random sequence of the maximum length of characters - you only have to type that once, so it is not a big thing. When you connect to the router via LAN cable while setting it up, you can copy and paste the password onto the router and onto your local setting, so you never need to type it again.
  • Use a secure password. Don’t use easily guessed passwords for your WPA2 or router access passwords, such as “ABC123”, “Password”, or a string of numbers in order. Use something hard to guess that contains both upper and lowercase letters as well as numbers. Special characters such as !@#$% are not supported by some routers. The longer the key, the better, although the WPA2 key has a minimum and maximum length. Try to make a little mental effort - good passwords might be hard to remember, but they are harder to crack.
  • If you use a weak key then even WPA and WPA2 can be easily cracked within a day using a combination of special precomputed tables and dictionary attacks.
4) Change the Service Set Identifier (the network name or “SSID”) from the default to something unique. A default SSID indicates to hackers that the network was set up by a novice and that other options (such as the password) are also left as the default. Use a name you can remember and identify, as the SSID has no influence on the security of your network (not even if you choose not to broadcast it).
5) Enable MAC Address filtering on your Access Point or router. A MAC  address is a code unique to every wireless networking card in existence. MAC Address filtering will register the hardware MAC Address of your networked devices, and only allow devices with known MAC Addresses to connect to your network. However, hackers can clone MAC addresses and still enter your network, so MAC address filtering should not be used in place of proper WPA2 encryption.
6) Don’t disable the ‘SSID Broadcast’. Do not disable the ‘SSID Broadcast’ feature of your Access Point or router. This seems counter-intuitive, but it is actually a bad idea. Although this would make your network invisible to your neighbors, any determined hacker can still sniff out your SSID; and you are implicitly forcing your computer to shout out your SSID anywhere you are, while it is trying to connect to it. Anyone could then impersonate your router with that SSID, and get your credentials that way.
7) Disable remote login. The first router worm brute forces its way into the router in this manner. Most default usernames are set to Admin. It isn’t hard for a virus/worm to crack the password if the username is known. The good thing is that routers normally have this disabled by default. Be sure to confirm that it is disabled when you first set up your router and periodically thereafter. If you need to update your router setting remotely, only set up access for the time you are going to be connected.
8) Disable wireless administrating. Finally, change the setting that allows administrating the router through a wireless connection to ‘off’ (meaning that you need to connect with a LAN cable for administration). This disables any wireless hacking into the router.
Tips:
  • You need to set the same WPA2 Settings on your computer and router.
  • Check your Access Point or Routers’ documentation on how to enable or disable security features.
  • You may need to upgrade the Firmware of your Access Point or Router if it doesn’t have any of these features. In some situations, you will need to purchase a new Access Point.
Warnings:
  • Be sure to register all devices on your network, including computers, laptops, media players, and networked storage if you are using MAC filtering. Also, be sure to enter the MAC addresses correctly as if you enter the wrong ones, you will not be able to connect the computer to the router to change them back and you will need to reset the router. Some routers allow you to save them while they are connected.
  • Certain versions of Windows don’t have individual wireless settings for different wireless domains. This means that the settings that ‘share’ files at home with your LAN will ‘share’ files with anybody else’s wireless network, even a wireless network masquerading as one you trust.
  • Disable ‘File and Printer Sharing’ in the wireless ‘Connection Properties’ for your portable computer. Only use the ‘Client for Microsoft Networks’ half of Microsoft’s file sharing. This means that your portable must connect to a machine that shares file/folders in order to access things, and that OTHER computers can’t ask to connect to your portable to access files on your machine. At least not through Microsoft’s ‘File Sharing’. Other running services and back doors may exist.
  • A user with a ‘cantenna’ can access your wireless network from a very long way off. Just because your notebook doesn’t get a signal on the porch doesn’t mean someone else can’t access or monitor your network from a mile away, meaning that even though you don’t think anyone in yourneighborhood would break into your network, someone far away might.

How to tell if an outside user is on your wireless network:
Wireless security is very important these days. You don’t want anyone stealing your bandwidth or getting into your network to perform malicious attacks on your computer. This is a guide to help you know when someone else is on your wireless network. Since every wireless router is different, this tutorial will discuss the basics and use one of the most popular wireless routers, the Linksys WAP54G as an example. The steps for your router may differ. This guide assumes you are connected to your router (either through a network cable or over its wireless signal) using DHCP correctly.
1) Open your web browser and input your default gateway’s IP address. To find this:
  • Go to Start > run, and type cmd
  • Type ipconfig and press enter. It will list the default gateway here. Once you have your default gateway address, open your web browser and type it in the URL bar.
2) Input your router’s username and password.
  • Default for Linksys products is usually username: (blank) password: admin
  • Default for Netgear routers is Username: admin password: password
  • Default for Dlink routers is Username: Admin; Password: (blank).
  • Default for Siemens routers is Username: Admin; Password: admin (all lowercase).
  • Default User Names and Passwords can be found sometimes under the router, on the label or using Google.
  • If you are having trouble finding the UN and PW then tryhttp://www.portforward.com this website is usually used for opening ports for P2P programs and games,but when it shows you how to open your ports it tells you the default UN and PW for the router. The router list is HUGE.
3) If you are using the default username and password, go to the Administration tab to change it to something more secure. From the Router’s user interface you will probably have a setting to log Users going through the router-enable it if not already.
4) Write down, and use the steps shown above finding the default gateway to find your MAC or also called physical address of all computers/devices that use wifi/wireless in your home or that will be using it and write them down. From time to time check the log to see if any unknown addresses show up. If so, then someone is leeching off your internet. MAC/physical addresses are unique hexadecimal code that identifies each Network card inside every PC that uses Ethernet. No two MAC addresses are the same.
Finding who is on your network:
1) Navigate to the Setup tab.
2) Scroll down until you see ‘DHCP Server’ if it is enabled, continue to the next step. If it isn’t enabled, enable it.
3) Click on the “Status” tab and then on “Local Network” just below the main tabs.
4) Click the button that says “DHCP Clients Table”. This list will tell you the computer name of everyone connected to your network on DHCP (DHCP automatically configures a computer’s IP and DNS settings. This only works if everyone connected uses DHCP. If someone connects and uses their own static address, then this will not show them.)
Other ways to find out who is on your network:
Download and Install Who Is On My Wifi (download here)
Click the Scan Now button and it shows all computers on the network.
Tips:
  • If you are concerned about people connected to your network, click the Wireless tab then click on Security and enable WPA or WPA2. Everyone that wants to connect will need the WPA or WPA2 key to connect. Do not use WEP. WEP encryption is so weak that it can be broken in less than a minute.
  • If you want to deal with assigning your own IP address, disable the DHCP server on your router. You will have to assign your own internal IP address, but it will keep some people out that do not know your subnet (or how to do it)
  • Use a different subnet. This will keep people guessing if your DHCP server is off. To do this, just change the router’s IP address (on the Setup page) to something other than default (192.168.1.1). Try 192.168.0.1.
  • Installing a firewall will HELP prevent cracking of your computer
  • Enable MAC address filtering. Only allow MAC addresses of computers you know. While this is a good option for cursory protection, MAC addresses are broadcast between your computer and your wireless router in clear text. A would-be attacker can use a packet sniffer to see your MAC address and then use a MAC address spoofer to fool your router.
  • Once you’re connected to your network, disable the broadcast option. This will stop the router from broadcasting its name. You will still be able to connect, since you know the name.
  • Beware that everything mentioned here, except enabling WPA/WPA2 encryption, does not prevent people from connecting to your network. It just makes it a little harder for the unexperienced user.
Warnings:
  • Make sure you have physical access to your router in case you need to reset it back to factory defaults.
  • Also make sure you do not screw up your network。