Tips to secure home wireless connection

[sunils]

Wire-free networking offers a lot of flexibility to access internet from wherever you want. But if precautionary measures are not taken, there's a very real chance that your open wireless network is exposed to vulnerabilities out of the nearest window.
Home wireless networks require some critical considerations. If your Wireless LAN is strong enough to cover your neighbors' homes, you could find piggy backers slowing down your network - even though they're not helping with the bill!
You may also wake up one morning to discover that some miscreant has hacked into your Internet account and sent out a chilling e-mail claiming responsibility for a terror attack on the nation. If your Wi-fi/Wireless LAN is unprotected it's virtually impossible to trace the miscreant who sent the e-mail. This could also lead to Law enforcement agencies knocking on your door!
Internet access using Wireless hotspots could be exploited by miscreants if no security measures are undertaken. Your wireless access connections could be misused by somebody and use them as launching pad for initiating attacks/misuse and the liability falls on you since the Internet protocol address used will be traced to yours.

Do's :-

• Ensure that the access point is placed securely to minimize its signal strength outside home. Change the default username, password & SSIDs (vendor defaults) on your wireless router / modem to non guessable ones. Disable SSID broadcast mode. Use genuine software for antivirus and security patches protection. Keep your computer updated with the latest patch updates. Turn on (Compatible) WPA / WEP Encryption and choose a passphrase that is at least 21 characters. Enable Personal firewall in your machine. Enable MAC (Media Access Control) address filtering.
• Monitor the use of the internet link and be aware of your outgoing traffic periodically.

Don't :-

• Don’t keep your Wireless LAN (Wi-Fi) connections ON without password protection/Wireless encryption. Never share your authentication credentials or Access KEY details of your access points with anybody. Don’t engage in Peer-Peer file sharing activities as there are dangerous sites which could easily infect your computer. Never share your Wireless internet connection details with passwords in any mailing lists/groups.
• Don’t keep any of your personal email sessions open after use, with out logging off.

 

[xmakina]

What about MAC Filtering?

Running encrpypted wireless can mean a 30% slowdown, so if you're not transmitting secure data (i.e. you're at home and not work) is it worth mac filtering rather than encryption to make the most of this extra 30%?

 

[Fearghal]

Just to add on your great tut sunils,

Even if you encrypt your network a savvy hacker gain breech the encryption keys in minutes. You should hide the SSID so that the hacker can't even detect the network never mind hack into it.

Obviously there are methods to find SSIDs, however it is better to keep a hacker trying, than to hand him/her and easy target.

Edit--- Just because this is possible does not mean everyone's wireless network is under attack. Please don't start shouting at neighbours if your connection is slowing down

You Should also install some network intrusion detection
--- End of edit

Good Tut Sunils, Thanks

 

[kkenny]

Somewhat simple, but very useful!

 

[jensen]

Thanks for the tips.

what software would you recommend for network intrusion detection?
How do I even know if someone is using my network to access the internet?

 

[zen-r]

Thanks sunils. If you are able to, it would be worth elaborating with more tips & advice.

I don't tend to use wifi at home, even though it would give my laptop mobility, because my understanding is that there is no such thing as a totally secure wifi connection. I occasionally risk it when working away from home.

Obviously, taking the right security measures would reduce the risk to being small enough to not need worrying about. But it is hard to tell what the best measures are. I am always reading of new ways hackers are finding of breaking in (man-in-the-middle attacks/ evil twins, faking SSL, data sniffing, software backdoors & bugs etc).

 

[diego.miquel]

Gracias por el dato. (Thanks for the tips.) :smile:

 

[Bigbucks2528]

Nice, I will certainly follow these. Thanks!

 

[xav0989]

What about MAC Filtering?

Running encrpypted wireless can mean a 30% slowdown, so if you're not transmitting secure data (i.e. you're at home and not work) is it worth mac filtering rather than encryption to make the most of this extra 30%?

MAC addresses can easily be spoofed. for regular leechers, filtering will prevent them from accessing your network, but hackers could easily watch your traffic, find a good MAC address, and spoof his.
Wifi protection only serves as a method to make your wifi a less attractive target.

 

[gmybft]

Great tips, thanks!

______________________________________

Girl Wallpapers - Girls Wallpaper - Best Wallpapers Collection

 

[farscapeone]

Don’t engage in Peer-Peer file sharing activities as there are dangerous sites which could easily infect your computer.

LOL!

Anyway, I use mac filtering and newer had any problems. Maybe it's because my neighbors don't use wireless networks (or any other network for that meter) or it's because they don't use Internet at all LOL!

 

[cybrax]

WEP encryption keys take under twenty minutes to crack mathamatically
WPA fairs slightly better provided that a random password sequence was used, if you use a word(s) or phrase it falls quickly to a dictionary attack.

Basic WiFi Defence

1. ENABLE WPA ENCRYPTION - Use WPA2 if you have it as an option. Only this protocol is SECURE
2. DISABLE SSID BROADCAST - you can still be found but at least your not advertising
3. ENABLE MAC FILTERING - again this can be spoofed but it does make life harder
4. UPDATE ROUTER FIRMWARE - it helps sometimes BT homehubs in particular
5. ENABLE Router SECURITY FEATURES - if installed most don't have any
6. CHANGE DEFAULT PASSWORD - please! we like a challange occasionally
7. ENABLE HTTPS - this normally does the trick
8. ENABLE LOGGING - so you prove somebody was connected (not that the law cares)
9. DISABLE THE DHCP SERVER - it helps
10. POWER OFF WHEN NOT IN USE - easier said than done many don't have an Off button
11. REDUCE TRANSMITTER POWER - yeah right
12. CHANGE YOUR ENCRYPTION KEYS REGULARY

The first seven steps are typically more than enough to make a WiFi router Access Point more secure. However we must stress that

IT WILL NOT BE IMMUNE TO ATTACK

Just more difficult and hopefully any would be Wardriver will keep on going looking for an easier target router to hack into. Antivirus / Firewall on the PC is only of secondary importance the primary reason for hacking a router is to obtain an untraceable internet connection. As the law and the buck stops FIRMLY at the owner of the router.

 

[acooden]

Wa .. AWESOME.. so easy to understand... great job!!

 

[slacker3]

I prefer to use OpenVPN to secure my box, leaving the AP unprotected. Fun with script-kiddies guaranteed.

 

[vozdeesperancabr]

cool tops tranks:smile:

 

[aberjooz]

Thanks, tips are great:tongue: