Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Is your wireless a hackers’ playground?

I have found in life that many things we deal with are…mixed blessings. Such is the case with wireless technology. The very factors which make it so convenient (and thus popular) also make it less secure. A WAP is a radio station. It broadcasts its signal in all directions, for a limited distance; and it “listens” for signals as well. It (by default) sends out a constant “I’m here. I’m ready. I’m here. I’m ready…” When a passing device, a laptop or PDA say, gets within range it hears the WAP (Wireless Access Point) and can connect with it by sending a “I’m ready too. Let’s begin.” message.
So convenient. So easy. And no wires holding you to one spot. It’s a modern miracle!
It’s little wonder that nine out of ten networking devices sold in the US are “wireless”. They cost basically the same as wired, so why not get wireless too? My router is wireless (a WAP). Isn’t yours?
But I know about wardriving. Yes–”war+driving”. What’s that? It’s driving around with a laptop and a sensitive antenna (or a piece of coaxial cable stuck into the bottom of a Pringle’s can) and trying to “sniff” (detect) unprotected WAPs. It’s a game hackers play: who can detect the most unsecured WAPs in an hour? When they’re not doing it for kicks, they’re accessing a wardriven WAP and ‘creeping’. What’s that, you ask? “Creeping” is browsing around the data on the computers connected to the WAP. Most of the time they’re not interested in stealing your data (there’s no challenge there), they’re just snooping. They get some kind of kick out of it. (Sometimes they’ll leave behind a ‘calling card’ to let you know you’ve been ‘creeped’.) Most of the time these guys cause no harm…unless they see that you’re a total non-geek novice (no anti-virus, all your .docs are in one folder, you’ve never ‘defragged’, etc.) and they decide you’re “too stupid to own a computer” and they take it upon themselves to “punish” you by erasing your config.sys file (which will cause Windows to fail to load).
Sometimes they will simply “pile on” or “coast” a WAP and use it to surf the web for free–the main downside to the owner is reduced bandwidth (speed).
When a hacker runs across a WAP in his wardriving games that the owner has taken the precaution of encrypting, he usually passes on by, but sometimes they get bored with the super-easy creeping, and feel the need for a challenge (I’m sure, thinking, “what’s this guy hiding behind that encryption?”). This is when hackers become crackers. See, it’s terribly easy to turn on encryption–every WAP manufacturer builds it into the product–and use it. The trouble is most folks don’t know about it, much less use it…But for those who do, manufacturers included the ability to use WEP encryption (Wired Equivalent Privacy): a 128bit stream cipher key. So now the hacker is looking at gibberish and needs to find a way to “crack” the code to see the data being transmitted, and to talk/co-operate with the WAP–thus the ‘challenge’. Sadly, with the computing power of today’s personal computers and freely available tools a hacker can break into WEP protection in less than two minutes (much less).
Eventually, the hacker’s methods were discovered and WEP was quickly declared to be next-to-useless, and manufacturers switched to a new (2003) and improved methodology called WPA–Wi-Fi Protected Access. Now there’s WPA2. Have the hacker/crackers been thwarted? Well…um…no. However, WPA and the newer WPA2 are so time consuming to crack, the average hacker won’t bother. Why should he? There’s still plenty of folks broadcasting “Here I am. I’m free and easy. Here I am…” Seeemingly every house on the block an unwitting Internet café.
WPA2 is pretty good, and keeps out all but the determined (and sometimes even them).
The main points I want to make here are:
* You really do want to turn on the feature that scrambles your wireless transmissions. (To read my How-To article, How-to-secure-your-wireless-network, click here.)
* Securing your wireless by encrypting with WEP is next to useless; with WPA is so-so; and, WPA2 is the way to go at this time.
* Your network is only as capable as its weakest link, so if you have older devices that aren’t WPA-capable, your newer devices will default down to WEP (or no encryption) level to accomodate your old. I recommend replacing your older gear with newer, WPA2-capable devices.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

June 17, 2008 Posted by | advice, computers, encrypting files, hardware, how to, networking, PC, Portable Computing, routers and WAPs, security, tech | , , , , , , , , , , , , | 1 Comment

How to secure your wireless network

Welcome to the 2008 version of Tech–for Everyone. I regret to inform you that there are no major revisions or changes in this new version… in fact, it is exactly the same as the 2007 version: my tech tips, advice, and How To’s brought to you six days a week, advertisement-free.

For my first article of 2008, I am going to demonstrate the steps for encrypting the signals transmitted by your home Wireless router. This is a simple process, and once you have completed the steps only the people who know the password you set (namely, you!) can use your Internet connection. Not only will this prevent freeloaders from surfing the Web on your dime (stealing your bandwidth), but because encryption scrambles the data, it will prevent hackers from reading the ‘packets’ your computer transmits (ie, “reading your mail”), and prevent them from easily accessing the computers on your home network.

Encrypting your Wireless signal really is a security “must do” in this day and age, and there is no downside— it will not slow down your browsing, nor cause you to have to enter a password every time you go on the Internet. Once you set it, everything happens automatically and invisibly to you.

Tip of the day: If you have a Wireless router, lock it down with encryption.
The first step in changing settings on your router is to use a browser to log onto its Control Panel. I have published an article, https://techpaul.wordpress.com/2007/11/16/protecting-your-network-use-your-router-for-access-control-repost/ which demonstrates the basic procedure.
(In that post, I demonstrated on the best-selling Linksys WRT 54G, and although there a whole new generation of Wireless routers being sold now, and there other manufacturers than Linksys, the procedure I demonstrate is basically the same on all of them.)

1) Please refer to the prior post, or consult your router’s documentation (or visit the website) to learn the steps to log in to the router’s Control Panel.
baswrless.jpg
This screenshot shows the WRT 54G Control Panel (default: http://192.168.1.1, password “admin” {no quotes}. The prior article tells you how to change these defaults: highly recommended!) and you will note the black Menu bar across the top. Click on the “Wireless” menu option, and you will see the blue sub-menu options change to look like the screenshot.
By default, your router will be set to broadcast its “SSID”. This is basically a “Hey! Here I am!” signal that advertises your router to devices looking to find a “hotspot“. To help us reconnect after we’ve enabled encryption, we’re going to leave this “on”..for now, but as our final step we’re going to come back and turn this off.

2) Click on the “Wireless Security” sub-menu. Here is where we are going to choose our encryption type, and enter our logon passphrase (this passphrase is really a key, used by the encrption algorithm, so the longer your passphrase is, the stronger your encryption will be).
advwrless.jpg
Use the drop-down arrow to choose the encryption type. Now, here is where I could get into a long lecture about the differences between WEP and WPA (Wikipedia has an excellent discussion of Wireless encryption, click here if you’re interested) but I won’t. I will simply tell you to use the best (newest) standard your devices can accept– currently WPA2. If your devices are older, WEP may be the best they can do; and if this is so, I strongly recommend you visit the manufacturer’s website and looking for a firmware upgrade, or consider replacement with a newer device. WEP is simply too obsolete and easily ‘broken’.
Be aware that both devices– the router, and the Wireless adapter on your computer– must be able to use the same encryption type.
It is perfectly okay to accept the defaults for “Algorithm type”.

3) Enter a “algorithm key”. At various places, this “key” will sometimes be referred to as a “passphrase”. Don’t worry about the phrasing– this is what you will need to enter when “joining” the wireless network (“connecting”).
As shown in the screenshot, a long, complex passphrase is best. Use capitals, ‘special’ characters, numbers, and avoid words found in the dictionary. Be sure to write this down, and keep it someplace safe.

4) Save your new Settings. That’s it: your router’s wireless signals are now scrambled by an encryption algorithm, and only those machines which can answer with the proper passphrase will be allowed access.

Now power up your laptop and “Connect to a network” as you normally would (you will have to because your old connection will no longer connect– it’s protected now!)
wirecons.jpg
Your Wireless Networks window will reflect the change of the network’s status, as this screenshot shows, and will now say “Secure network”, or “Protected” (depending on your adapter interface).

Double-click on the your network (or, right-click and choose “Connect”). Now you will be asked to enter your passphrase… enter it EXACTLY. (Again, it may be phrased “key”.) You should now be connected to the Internet just as you always were, but now you’re connected securely. Congratulations!

Now let’s set things so that your logon and connecting is automatic. Return to your Wireless Connections window and right-click on your router’s name (“Paul’s Net” in the screenshot) and select “Properties”.
wprop.jpg
Place a check in the top and the bottom checkboxes, and uncheck the center one. This will make your router the primary connection, and “find” its signal even though we turn off the SSID broadcast as our final step.
You will need to repeat these “connecting steps” for each laptop/device you have that accesses the Web wirelessly.

5) Return to the Basic Wireless Settings page (first screenshot) and turn off the SSID broadcast. That’s it, you’re done.
Sorry, this ran too long to include a free download link today.

Copyright 2007-2008 © Tech Paul. All rights reserved.

Share this post :

January 1, 2008 Posted by | advice, computers, encrypting files, hardware, how to, networking, PC, privacy, routers, routers and WAPs, security, tech, Windows | , , , , , , , , , | 1 Comment