This is one of my mini-series or I should say my mini-how to. Its not going to be long winded as like last time. First of all , you must be overwhelmed when you first bought your Wireless Router. Imagine , connecting to the Internet without wires and you could proudly say to your mom that you’re on the World Wide Web without connecting any wires , “Hey ma , look at me – I am surfing the Web without wires” or alternatively surf the web while you’re in the WC (yeah , I know). I do have couple of tips as well !
Anyway , it does not matter if you have just bought a new WiFi Router or just using your old ancient 802.11b router. Its all the same – wireless are prone to “intruders or joy riders who are always on the look out for free/opened wifi whereby they could use it to download gay pornographic material and upload malicious software to the Internet. AT the end if the big brothers trace it back , it will be you the one that will be blamed. So firstly , lets take a look on what the security options that we can use it and what are the advantages and disadvantages
Mac Filtering (without any security) – The most convenient way ever. Just add your MAC Address (a unique address for every network adapter , think of it as its own signature. Each network adapter let it be wireless card or normal ethernet – they do have their unique MAC Address. No 2 PCs can have the same MAC Address) in order to allow access via WiFi. There are disadvantages. Firstly , MAC Address can be easily spoofed and it doesn’t protect your wifi against eavesdropping. To sum it up :-
Advantages :- It enables authorized devices to connect , making it harder for those without the authorised device to connect
Disadvantages :- Its too easy to spoof a MAC Address . Hence you’ll be creaking in a minute or two after finding out that someone got into your network !
Pradeesh’s suggestion : Don’t use it. Its pretty useless. Not to mention that its bit annoying when you have guests over at your place and when they would like to use your WiFi. You’ll have to add their MAC Addresses manually to your router and reboot it. Its soo cumbersome !
WEP (Wired Equivalent Privacy) – When first 802.11 devices came out. They had to offer a form of security so that corporate users could roll out WiFi in their building and such. This is where WEP kicks in. Its some sort of encryption that prevents prying eyes to steal your data. Well it did a good job in protecting for a while , unfortunately it was flawed big time and its possible to crack WEP-protected WiFi spots within 3 minutes as its done by FBI. For more information on how they did that , click here to read. For Home Users , WEP does provide some protection against joy riders and free hoppers , so that they wouldn’t able to steal your WiFi Access easily. However with the right tools and the right person , its possible to crack into your WiFi. WEP works across 802.11b and 802.11g devices. pretty much its widely supported , so if you have an old 802.11b device or wifi card , chances are you’ll have to use WEP as WPA/WPA2 aren’t support in these devices !
Advantages : It stops your neighbors from stealing your Internet Connection. Now Ain’t that great ?
Disadvantages : Its too easy to be cracked/hacked into. Even a 10 year old kiddie whizkid could get into your WiFi AP
Pradeesh’s suggestion : I am using WEP myself. Yes , it does provide a form of protection and I am fully aware of its weakness. The reason why I am using WEP is that mainly because of WDS (I’ve linked up 2 routers wirelessly). Plus on top that , there aren’t any people *so far* on my neighborhood who do have the ability to hack into WiFi , as an average Malaysian here would be happier to find an open hotspot rather then a closed one ! I would recommend folks to use WEP , if you’re not security paranoid.
WPA/WPA2 (Wi-Fi Protected Access) – The state of the art security that you could have in order to protect your WiFi Access. Basically for Home Users , they’ll be using WPA/WPA2 (TKIP) in pre-shared key mode. This is pretty strong enough provided that you don’t use as simple passphrase/password which can be easily cracked by using a dictionary-based attack (in other words , an attacker could simply load up a dictonary and try to guess the password up. Softwares can do that and as for the hacker , all he has to do is load and forget). WPA2 is an improved version of WPA , claimed to have fixed some flaws in WPA. Keep in mind that not all devices can support WPA2. For some routers its possible for you to run in hybrid mode (aka WPA/WPA2 mixed) whereby allowing clients to use WPA or WPA2. An example of router which supports this function is Linksys WRT54G with Tomato Firmware !
Advantages : You’re basically secured. Chances of people hacking into your WiFi are low , provided
Disadvantages : I would say not much. It does not work with older devices and it may add burden for older PCs. You may notice some performance decrease and it may impact on the speed. Remember , the packets are encrypted , so it does impact a bit on the performance especially if you’re transferring large files !
Pradeesh’s suggestion : I would go for WPA/WPA2 if I am a security paranoid or a a security nazi ! If you have uber geeks living in your area , its best for you to opt for WPA2 Enterprise. If you just want to feel safe and have a bit of sense of “feeling secure” – then opt for WPA. I’ve used WPA/WPA2 before and its easier in sense that you just enter the password as opposed to WEP whereby you’ll haveto key in some digits. But thank god , modern OSses such Windows Vista and MacOS X are able to generate it for you by just entering a pass phrase !
Additional tips :-
- Do not ever use simple keys for WEP such as 0000000 or 111111. Instead try to use your mobile phone number or something personal whereby it makes hard for people to guess. This prevents those guessers to enter your network easily. However it still doesn’t protect against hackers !
- Try to change your passphrase every 30-60 days. This includes for WEP and WPA. Don’t keep on using the same password for an infinite period of time. This makes easier for hackers to capture your packet and do a replay attack !
- Change your SSID. Don’t leave it as your default SSID even though you’re using WEP/WPA. It makes it easier for hackers to find vulnerabilities and use other methods to get into your access point
- Hide your SSID (Thanks |1f34| )
That’s about it folks. I hope you have learned something new today !