Welcome!

Security through Intelligence

Adam Vincent

Subscribe to Adam Vincent: eMailAlertsEmail Alerts
Get Adam Vincent via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

Wires are so “2005”

One of the more overlooked innovations of the computer industry is the ability to communicate without wires.  Walking around the office without being tethered to a wired network connection is oh-so convenient.  This technology has revolutionized personal, mobile and inter-office collaboration.

This technology has made wireless network connections much more available in public places.  Many hotels, cafes and restaurants, airports, and city offices and buildings offer the amenity of free Wi-Fi for their patrons. Some cities and countries, Estonia, for instance, offer free Wi-Fi.

“Nothing in life is free” and bad things that can happen when you access a public Wi-Fi connection, so connect with care.

This blog will focus on securing your shiny new 802.11 wireless router by preventing unauthorized use of your wireless connection.

Listed below are some tips to help secure your wireless router.  Note that the particular brand you have purchased may have slightly different menu configurations.  Take the concepts covered (below) and consult the user guide for the particular configuration syntax and proper installation methods associated with your device.

WEP, WPA? What is this?

Wireless Encryption Protocol (WEP) is an older version of encryption that should be included with your router.  It is critical to have this piece of security in place.  There will be a passphrase associated with router, and this will generate a key (series of numbers and letters).  Anyone with this passphrase can obtain access to your router.  A more secure protocol is Wireless Protected Access (WPA).  It’s definitely more difficult to crack than WEP, and its newer version is WPA2.  WPA and WPA2 have keys that change dynamically, and your protection will be based on an encryption key.  It’s highly suggest that a strong password/passphrase which is at least 14 letters/numbers is used.

Passwords

Just like your computer, iPhone, Blackberry, etc, your router has an admin password.  To prevent unauthorized access, you must change the default password.  Without password protection, access to your router can be as simply as typing http://192.168.0.1 or http://192.168.1.1 (generally the IP address of your router).  By knowing the model of your router and typing in the default password, an unwelcomed guest can change all the configurations.  This is a pretty simple security measure to implement that makes your home network much more secure.

Naming – SSID (Service Set Identifier)

A feature of many of the today’s devices is the ability to name your own devices.  Much like we discussed in the iDevice blog, you need to recognize that wireless router name is visible; anyone can see the name of your home network.  If you don’t name your router, the name is likely the actual router brand name and model number.  With a modest amount of research, it’s possible for an adversary to learn the vulnerabilities associated with your router, and hack into your home network.  Choose a name that is not personal and doesn’t give away too much information.  For fun, try out the name of a famous person.  It probably won’t give you away, and should be to easily remember.

Who is stealing my stuff?

If ever you every notice your connection going incredibly slow while you are browsing the Internet, you should diagnose the cause.  It could be that someone else is using your wireless router, and eating up your bandwidth.  To determine if this is the cause:

  • Connect to your router’s admin page.
  • Consult your manual to find the IP address, and enter in your STRONG password to access the router
  • Look for something called Attached Devices,Active Devices or Connected Devices
  • If you see something you don’t recognize, you have probably found the culprit
    • If you do discover non-authorized access to your network, change your WEP, WPA or WPA2 encryption key immediately

Filter it all out

Another technique to help keep your home network protected is to secure your wireless network with MAC Address filtering.  This technique may be a bit more complicated than the others.  (If you have visitors regularly who access your network, you may wish to skip this tip.)  A MAC address is a unique identifier for a physical network device.  Each computer, for example, has its own unique MAC address.  MAC address spoofing is a possibility, but it takes skill, so we’ll focus on how apply filters to restrict access to your home network.

To enable your router’s filtering feature, you will need to look at configuration manual.  (Some routers don’t offer this capability.)  If yours does, a simple way to check is to:

  • Logon to the router homepage.
  • Look for a menu option saying MAC Address Filtering
  • Click enable
  • Enter in your MAC address
    • To find your MAC address click (for Windows users go to Start à Run à type ‘cmd’
      • Type ‘ipconfig /all’
      • It is the series of numbers and letters after Physical Address
      • Example:  01:23:45:67:89:ab

Since most computers, printers, and electronic game devices come wireless ready, wired connections are becoming obsolete.  After all, who can resist accessing the Internet with complete freedom of movement?  Follow the simple steps above, and operate your wireless router with the peace of mind knowing that the information sitting behind your router is safer.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.