How do I make my wireless network secure? Does security need to be hard? No. This is your simple guide to securing your wireless network. People need to understand that to secure something you need to understand it. If you don’t understand it you might make a mistake that could ruin your security or make it less efficient. For this reason you will be taught some simple things to help you along.
What is encryption?
Why do I need it? It’s very simple. If you stand and shout out something across the street the next door neighbors hear it very easily should they have ears. The same goes with your wireless network. The wireless cards on your neighbor’s computers are listening and can translate anything that is not encrypted should the user choose to. Encryption is how this problem is handled. This is done by using extremely boring algorithms. Algorithms that are not the subject here are used on the digital data that is passed over a wireless network the wireless signal becomes nonsense to anyone that does not know how to translate the nonsense, yes to decrypt the nonsense.
What is decryption?
It’s the process of making something that is on a form that is encrypted understandable to the decrypter. Do you need to know that? Not really.
How is it done?
You need to authenticate by some method to the wireless system you are using. So the wireless network industry provides some ways for that.
In almost all wireless access points or wireless routers you see the same things. It’s all very confusing at first but do not despair. I will explain it in simple terms here. To confuse people even more the network industry needs many words for the same things. Here I will list many of them so you don’t get more confused. If you are using a home network you do not need any WPA with the word enterprise in it. Enterprise in this context is usually a fancy word for central authentication. Home users don’t usually use central authentication systems. So what are the key players in the system setup?
WEP explained. – Useless and should not be used.WEP can be cracked in seconds. If you have something that only has WEP consider getting rid of it.
WPA explained. – Software version of WPA2. Don’t use it unless having problems with WPA2.
WPA2 explained. – Hardware assisted encryption. Choose this on unless it’s not an option.
With WEP out of the way we are down to WPA and WPA2. Some routers even allow both at the same time. Damn this is getting simpler all the time isn’t it?
So how do you setup a wireless network? I am not going to bother explaining the AES, TKIP as you would likely not finish this reading if I did. Basically this is what you need to know.
TKIP and WPA is a good match together.
AES and WPA2 is a good match in wireless security and preferred over WPA.
Many wireless network manufacturers provide wireless access with WPA + WPA2 using both AES and TKIP as an option.
The user setting up a wireless network at home could see many things like PSK-WPA2, WPA2-PSK,WPA-HOME,WPA-PERSONAL,WPA-ENTERPRISE,WPA2-ENTERPRISE and many more proprietary options are out there. If you see the word home or the word personal with WPA it usually means PSK which stands for pre shared key. Again it could have been named password but that would be to hard wouldn’t it? Manufacturers likely think something like PSK is too hard so they confuse you all by naming it something else. This results in the following synonyms for the same options.
This is usually the same option: WPA-HOME, WPA-PERSONAL, WPA-PSK, PSK-WPA, and WPA-PSK-TKIP.
This is also usually the same option: WPA2-PSK, PSK-WPA2, WPA2-HOME, WPA2-PERSONAL, WPA-PERONAL-AES, andWPA2-HOME-AES. You might also see CCMP in there in some form.
Usually it is wise to ignore the security options that are proprietary from the manufacturer as there are many problems that are associated with none standardized protocols.
One option that is often overlooked is to change the time of the rekey interval to a lesser value. Often it is 3600 seconds. It could be less. Just don’t go overboard in cutting it down because of the processing strain it puts on hardware. Per packet rekeying is not a good idea on most routers.
The ground rules for setup of a secure wireless network.
- Use the strongest encryption authentication possible. AES/WPA2 recommended.
- Use a long and strong password. Hackers today can hack your network should you use a PSK. It’s only a matter of time how long. You can make it very long by making your password very long. Example of a very strong password (PSK) would be something like this:
My m0ther vas Alvais very stange because she ate 99 kats with % and $.
This password would take very long in cracking with brute force. Brute force means to test access with a guess until you hit the right password.
- Use shorter key rotation. Be sensible in choosing an interval. 15 sec is to little but 24 hours is too long. Don’t confuse this with changing the PSK. I am not talking about that. This is the re-authentication of the currently logged on wireless equipment. It should be transparent to the user but can be a burden on hardware if to low an interval.
- Make sure the wireless equipment is not in wireless admin mode. Shut of the wireless administration access if you have an option. Wireless admin mode is when you can control the equipment from the wireless network.
- Take the time to change the wireless password few times a year. The PSK every now and then. Even with the best and strongest password to a wireless network you can never know if you never change it. Someone might have his computer brute force hacking your WiFi all day while at work. Brute force hacking a password like the one in section 2 would take forever.
- Update your network equipment. In hacker heaven the hacker needs only to lookup the system he is looking at and find a known bug and exploit it. Just like any other computer system your network needs maintenance and upgrades. For example there was a known flaw with WPA-PSK role out of one type of keying technology that affected the key strength for a lot of home users from some brands using buttons for keying the equipment. Many have this still in their home and have no idea that the WPA setup is as almost as weak as WEP.
There are some common misconceptions about wireless security.
- People and guides tell you to use MAC address filters. To someone who knows his hacking they are useless in protecting your wireless network and the first thing a hacker sees is the MAC of the wireless cards on the network.
- Don’t broadcast your wireless network. This is another useless advice. There is a checkbox in most or even all WiFi routers and access points allowing for this option. Don’t bother with it. It takes a hacker and his programs seconds to find the name of your network. You will just get him thinking “a there is an idiot I would like to hack”. Also many device drivers have trouble with this type of setup and don’t find it or keep losing connectivity. WiFi Phones are notorious for having trouble with this sort of setup.
- Limit your wireless range. Limiting the power output of a wireless device is often more trouble than going with the standard setup. The security advantage is often little or none. The problems you can get in to are far worse than the benefits of the practice. It takes a professional to setup in many cases in a correct way. You are better off just securing the WiFi correctly.
- Even if someone has broken your wireless network and is actively listening to your data you need not panic. Most of the time this is for getting internet access without paying for it. The only traffic the hacker is listening to is unencrypted traffic. Banking is for example done over https using SSL encryption from your computer to the bank. Hacker would have to break that encryption to. This is not to encourage going without encryption on your router. Just informational. You might not want your nosy neighbor knowing all your online travels. Just secure your network and replace the needed security information you are concerned about. Review your security needs and report this to the needed parties. This obviously does not apply to enterprise users at all.
How to make a password that is extremely hard to brake using brute force or dictionary attack.
- Never ever use your birthdates, family names or something as easy to guess. Use sentences. They are easier to use and remember. Never use a phrase or a saying as password.
- Make it super simple first so its easy to remember and as long as you trust your memory to remember it. Example: Kennedy was assassinated on a trip to Dallas.
Then take the steps 2-5 you think your memory would handle here below.
- Change it to make it very hard. First replace some letters. K3nnedy was assassinated on a trip to D4llas. Take note that I do not replace all A and E in this string.
- Misspell. To remove dictionary attacks from the possible options. Example: K3nnedy was assassinated on a tri to D4llas.
- Now get some hard to guess things in there. Example: K3nnedy was a$$assinated on a tri to D4ll%as.
- Don’t stick a note on your computer screen saying what the password is. It’s better to have a password you would remember than writing it down and making it useless. Putting some meaning to it you understand is better for remembering. Example: Uncle Don lik3s $.
This guide does not address the securing of the router itself. Only the wireless part that is sent out is the issue here and the security of the wireless network. Here is a guide to home network security.
The wireless network is just as important as breathing to many people today. It’s important to have WiFi security working and properly setup.
Now try to do it yourself. Be sure to document your work.