Securing your WiFi – How and Why

This is one of my mini-series or I should say my mini-how to. Its not going to be long winded as like last time. First of all , you must be overwhelmed when you first bought your Wireless Router. Imagine , connecting to the Internet without wires and you could proudly say to your mom that you’re on the World Wide Web without connecting any wires , “Hey ma , look at me – I am surfing the Web without wires” or alternatively surf the web while you’re in the WC (yeah , I know). I do have couple of tips as well !

lock (Copyright Lakewoodconferences.com)
Its better to be safe then being sorry (Picture taken from Lakewoodconferences.com)


Anyway , it does not  matter if you have just bought a new WiFi Router or just using your old ancient 802.11b router. Its all the same – wireless are prone to “intruders or joy riders who are always on the look out for free/opened wifi whereby they could use it to download gay pornographic material and upload malicious software to the Internet. AT the end if the big brothers trace it back , it will be you the one that will be blamed. So firstly , lets take a look on what the security options that we can use it and what are the advantages and disadvantages
Mac Filtering (without any security) – The most convenient way ever. Just add your MAC Address (a unique address for every network adapter , think of it as its own signature. Each network adapter let it be wireless card or normal ethernet – they do have their unique MAC Address. No 2 PCs can have the same MAC Address) in order to allow access via WiFi. There are disadvantages. Firstly , MAC Address can be easily spoofed and it doesn’t protect your wifi against eavesdropping. To sum it up :-
Advantages :- It enables authorized devices to connect , making it harder for those without the authorised device to connect
Disadvantages :- Its too easy to spoof a MAC Address . Hence you’ll be creaking in a minute or two after finding out that someone got into your network !
Pradeesh’s suggestion : Don’t use it. Its pretty useless. Not to mention that its bit annoying when you have guests over at your place and when they would like to use your WiFi. You’ll have to add their MAC Addresses manually to your router and reboot it. Its soo cumbersome !
WEP (Wired Equivalent Privacy) – When first 802.11 devices came out. They had to offer a form of security so that corporate users could roll out WiFi in their building and such. This is where WEP kicks in. Its some sort of encryption that prevents prying eyes to steal your data. Well it did a good job in protecting for a while , unfortunately  it was flawed big time and its possible to crack WEP-protected WiFi spots within 3 minutes as its done by FBI. For more information on how they did that , click here to read. For Home Users , WEP does provide some protection against joy riders and free hoppers , so that they wouldn’t able to steal your WiFi Access easily. However with the right tools and the right person , its possible to crack into your WiFi. WEP works across 802.11b and 802.11g devices. pretty much its widely supported , so if you have an old 802.11b device or wifi card , chances are you’ll have to use WEP as WPA/WPA2 aren’t support in these devices !
Advantages : It stops your neighbors from stealing your Internet Connection. Now Ain’t that great ?
Disadvantages : Its too easy to be cracked/hacked into. Even a 10 year old  kiddie whizkid could get into your WiFi AP
Pradeesh’s suggestion : I am using WEP myself. Yes , it does provide a form of protection and I am fully aware of its weakness. The reason why I am using WEP is that mainly because of WDS (I’ve linked up 2 routers wirelessly). Plus on top that , there aren’t any people *so far* on my neighborhood who do have the ability to hack into WiFi , as an average Malaysian here would be happier to find an open hotspot rather then a closed one ! I would recommend folks to use WEP ,  if you’re not security paranoid.
WPA/WPA2 (Wi-Fi Protected Access) – The state of the art security that you could have in order to protect your WiFi Access. Basically for Home Users , they’ll be using WPA/WPA2 (TKIP) in pre-shared key mode. This is pretty strong enough provided that you don’t use as simple passphrase/password which can be easily cracked by using a dictionary-based attack (in other words , an attacker could simply load up a dictonary and try to guess the password up.  Softwares can do that and as for the  hacker , all he has to do is load and forget). WPA2 is an improved version of WPA , claimed to have fixed some flaws in WPA. Keep in mind that not all devices can support WPA2. For some routers its possible for you to run in hybrid mode (aka WPA/WPA2 mixed) whereby allowing clients to use WPA or WPA2. An example of router which supports this function is Linksys WRT54G with Tomato Firmware !
Advantages : You’re basically secured. Chances of people hacking into your WiFi are low , provided
Disadvantages : I would say not much. It does not  work with older devices and it may add burden for older PCs. You may notice some performance decrease and it may impact on the speed. Remember , the packets are encrypted , so it does impact a bit on the performance especially if you’re transferring large files !
Pradeesh’s suggestion : I would go for WPA/WPA2 if I am a security paranoid or a a security nazi ! If you have uber geeks living in your area , its best for you to opt for WPA2 Enterprise. If you just want to feel safe and have a bit of sense of  “feeling secure” – then opt for WPA. I’ve used WPA/WPA2 before and its easier in sense that you just enter the password as opposed to WEP whereby you’ll haveto key in some digits. But thank god , modern OSses such Windows Vista and MacOS X  are able to generate it for you by just entering a pass phrase !
Additional tips :-

  • Do not ever use simple keys for WEP such as 0000000 or 111111. Instead try to use your mobile phone number or something personal whereby it makes hard for people to guess. This prevents those guessers to enter your network easily. However it still doesn’t protect against hackers !
  • Try to change your passphrase every 30-60 days. This includes for WEP and WPA. Don’t keep on using the same password for an infinite period of time. This makes easier for hackers to capture your packet and do a replay attack !
  • Change your SSID. Don’t leave it as your default SSID even though you’re using WEP/WPA. It makes it easier for hackers to find vulnerabilities and use other methods to get into your access point
  • Hide your SSID (Thanks |1f34| )

That’s about it folks. I hope you have learned something new today !

10 thoughts to “Securing your WiFi – How and Why”

    1. Let me know which part that you dont understand – so that I can explain to you in plain english and update my article
      I want my readers to fully understand what I am saying !
      Cheers and thanks for visiting !

  1. 1st time here..
    i understand bout u saying coz i’ve post bout this too 😀
    and have the assigment in my networking subject this semester.
    but to anybody that not in IT field will have difficultie bout this..
    so my advice,
    just use wpa but dun use simple, default or simply gueesed password. use alphabet (uppercase+lowercase) + number + symbol (\/!# and many more) 🙂
    TMUkmkds last blog post..[Berita & Aplikasi] Peperangan Pelayar Internet. Sesi 5

  2. @TMUkmkd : absolutely right. it depends on who your neighbour is. WEP is too easy to crack..but then again, depending on your neighbours, you will know what to use. personally, i hide my SSID and i don’t enable DHCP. if they good enough to figure out my IP range n SSID, they’re worth it to use my wifi…LOL
    and i mean they can use it before i realize it and ban their MAC address !
    |1f34|-|1r3s last blog post..Timeout problem when upgrading wordpress 2.7

  3. no i’m using wpa2 for my router. hope it’s works.
    it’s had been hacked a few months ago and my friend helped to fix it.
    before the thing happened, i even don’t know that a router wi-fi security can be hacked.
    gosh. now i’m always beware of the wi-fi hackers.
    alones last blog post..Between Dreams & Reality

  4. Wow , alone what you were using la my friend ?
    WPA2 is pretty solid and you should keep it. Try to use TKIP and change the key every 1 month or at least change the lease time from 3600 to 1800 if you’re that worried
    I agree with TM on that. If you have uber 1337 hackers , thats it . you’re screwed and WEP isn’t worth it. But if you have uncle/aunty , mak cik , pak cik , then I could safely say that WEP should do its job

Leave a Reply

Your email address will not be published. Required fields are marked *