Since I last wrote about WLAN Security shortly after buying a Netgear Wireless router, I thought I'd write about improving your wireless network over-and-above that of what WEP (Wireless Equivalent Privacy) offers.
In 2001 two universities in the US, Maryland and UC Berkeley published separate studies into the inherent flaws with WEP encryption.
This had, until recently put many corporations off the idea of WLANs. After all there are tools freely available that can decipher the WEP encryption keys used on a network.
So what technology can we use to improve WLAN security?
Ever since the flaws in WEP were discovered the IEEE and the Wi-Fi Alliance have been busy trying to ratify a new standard in WLAN encryption. Known as 802.11i or WPA (Wi-Fi Protected Access) it is meant to be a software upgrade that is designed to address all known WEP vulnerabilities.
WPA uses an IEEE standard called 802.1X with Temporal Key Integrity Protocol (TKIP). Basically TKIP uses a dynamic key rather than the static one used in WEP, with TKIP a new key is generated every 10000 packets. TKIP also checks packets to make sure they haven't been altered by an intermediary.
Even though the upgrade to WPA was supposed to be a software (Firmware) upgrade it's still down to the hardware manufacturer to continue supporting it's hardware. Looking on the Netgear site it looks like my hardware (Netgear DG824M) won't be getting new firmware to upgrade the security from WEP to WPA.
Securing a home wireless router
When you're out and about and need to check your email with your WiFi enabled laptop, wouldn't it be great if you didn't have to turn your laptop on to see if you are within range of a wireless hotspot?
I've come across a couple of solutions to that problem recently.
The first solution is to buy a 23 GBP PCTel WiFi Seeker. It's a small keychain based device that can detect IEEE 802.11b or 802.11g wireless networks within 300ft.
The other solution is a service by totalhotspots.com. You simply text HOTSPOT to their text number and they tell you the nearest wireless hotspot. The service costs 1 GBP per successful search.
PCTel WiFi Seeker
While I'm on the subject of wireless networks (WLAN) I'm still waiting for Linux to catch up and support more Wi-Fi devices so I can start to use my Linux box to the full. As yet I'm still unable to get Mandrake or Red Hat to work with my MA111 out of the box or using linux-wlan.
If anyone knows of any PCI or USB solutions that are compatible and available in the UK please contact me via my contact page.
I installed XP Service Pack 2 last night for the second time after rolling it back previously.
The first time I installed it I couldn't get my Netgear MAlll wireless 802.11b USB device to work, I've since installed it on various other XP machines and with each install i've had different issues with the device.
I learned fairly early on that the supplied Netgear software wouldn't work under SP2, instead you have to opt for Windows XP wireless configuration, which incidentally has been slightly improved since SP1. Having said that it's still not perfect, since you have to enter your WEP in manually rather than use a password to create it like the Netgear software.
There are also issues with driver installation when you do a fresh install of XP and patch it with SP2 before installing the MA111.
The joy of computing :)
Since I bought my Netgear DG824M Wireless ADSL Modem Gateway I've been interested in securing it sufficiently enough to prevent it getting hacked.
Out of the box the router will work with default values, however it is VERY risky to keep your wireless access point running like this.
Here are a few tips which should keep out casual hackers and bandwidth thieves.
SSID (Service Set Identifier) Broadcasting
Your Service Set Identifier is basically the name of your wireless service, wireless access points all come with a default value for this, in the case of Netgear this can either be "Netgear" or "Wireless", you should change this to something else that does not describe your business or location (Note: SSID is case-sensitive).
The default setting on most Access Points is for the SSID to be broadcast out to anyone in range of the router, this is convenient for users to join your network, but handy for hackers to easily identify your network as a potential target. You should disable SSID broadcasting.
WEP (Wired Equivalent Privacy)
This is the wireless security standard, which has been proven to be quite easy to crack, however it does provide some protection, so it is highly recommended you enable WEP preferably 128 bit encryption and change the WEP key from the default value.
MAC address access control
Each wireless (and conventional) network card has a unique MAC address. Most Access Points allow you to configure access to the network via a set of MAC addresses instead of all users, which is usually the default setting. You should use this functionality since it will make it harder for casual hackers to join your network. On Windows machines open a DOS command prompt and type ipconfig/all in order to find the MAC address of your wireless card/USB dongle, simply add the MAC addresses of all the computers you need to access the router.
You should try and locate your Access Point in such a way as to reduce the coverage outside your building. Try to position your Access Point in the middle of your building equidistant from your computers and wireless devices, but away from windows and perimeter walls since this will provide good wireless coverage for people outside your building.