Nik's Technology Blog

Travels through programming, networks, and computers

Wireless LAN Security Vulnerabilities

Since I last wrote about WLAN Security shortly after buying a Netgear Wireless router, I thought I'd write about improving your wireless network over-and-above that of what WEP (Wireless Equivalent Privacy) offers.

In 2001 two universities in the US, Maryland and UC Berkeley published separate studies into the inherent flaws with WEP encryption.

This had, until recently put many corporations off the idea of WLANs. After all there are tools freely available that can decipher the WEP encryption keys used on a network.

So what technology can we use to improve WLAN security?

Ever since the flaws in WEP were discovered the IEEE and the Wi-Fi Alliance have been busy trying to ratify a new standard in WLAN encryption. Known as 802.11i or WPA (Wi-Fi Protected Access) it is meant to be a software upgrade that is designed to address all known WEP vulnerabilities.

WPA uses an IEEE standard called 802.1X with Temporal Key Integrity Protocol (TKIP). Basically TKIP uses a dynamic key rather than the static one used in WEP, with TKIP a new key is generated every 10000 packets. TKIP also checks packets to make sure they haven't been altered by an intermediary.

Even though the upgrade to WPA was supposed to be a software (Firmware) upgrade it's still down to the hardware manufacturer to continue supporting it's hardware. Looking on the Netgear site it looks like my hardware (Netgear DG824M) won't be getting new firmware to upgrade the security from WEP to WPA.

Securing a home wireless router

WLAN (Wireless LAN) Security

Since I bought my Netgear DG824M Wireless ADSL Modem Gateway I've been interested in securing it sufficiently enough to prevent it getting hacked.

Out of the box the router will work with default values, however it is VERY risky to keep your wireless access point running like this.

Here are a few tips which should keep out casual hackers and bandwidth thieves.

SSID (Service Set Identifier) Broadcasting

Your Service Set Identifier is basically the name of your wireless service, wireless access points all come with a default value for this, in the case of Netgear this can either be "Netgear" or "Wireless", you should change this to something else that does not describe your business or location (Note: SSID is case-sensitive).

The default setting on most Access Points is for the SSID to be broadcast out to anyone in range of the router, this is convenient for users to join your network, but handy for hackers to easily identify your network as a potential target. You should disable SSID broadcasting.

WEP (Wired Equivalent Privacy)

This is the wireless security standard, which has been proven to be quite easy to crack, however it does provide some protection, so it is highly recommended you enable WEP preferably 128 bit encryption and change the WEP key from the default value.

MAC address access control

Each wireless (and conventional) network card has a unique MAC address. Most Access Points allow you to configure access to the network via a set of MAC addresses instead of all users, which is usually the default setting. You should use this functionality since it will make it harder for casual hackers to join your network. On Windows machines open a DOS command prompt and type ipconfig/all in order to find the MAC address of your wireless card/USB dongle, simply add the MAC addresses of all the computers you need to access the router.

Wireless coverage

You should try and locate your Access Point in such a way as to reduce the coverage outside your building. Try to position your Access Point in the middle of your building equidistant from your computers and wireless devices, but away from windows and perimeter walls since this will provide good wireless coverage for people outside your building.