Nik's Technology Blog

Travels through programming, networks, and computers

Wireless LAN Security Vulnerabilities

Since I last wrote about WLAN Security shortly after buying a Netgear Wireless router, I thought I'd write about improving your wireless network over-and-above that of what WEP (Wireless Equivalent Privacy) offers.

In 2001 two universities in the US, Maryland and UC Berkeley published separate studies into the inherent flaws with WEP encryption.

This had, until recently put many corporations off the idea of WLANs. After all there are tools freely available that can decipher the WEP encryption keys used on a network.

So what technology can we use to improve WLAN security?

Ever since the flaws in WEP were discovered the IEEE and the Wi-Fi Alliance have been busy trying to ratify a new standard in WLAN encryption. Known as 802.11i or WPA (Wi-Fi Protected Access) it is meant to be a software upgrade that is designed to address all known WEP vulnerabilities.

WPA uses an IEEE standard called 802.1X with Temporal Key Integrity Protocol (TKIP). Basically TKIP uses a dynamic key rather than the static one used in WEP, with TKIP a new key is generated every 10000 packets. TKIP also checks packets to make sure they haven't been altered by an intermediary.

Even though the upgrade to WPA was supposed to be a software (Firmware) upgrade it's still down to the hardware manufacturer to continue supporting it's hardware. Looking on the Netgear site it looks like my hardware (Netgear DG824M) won't be getting new firmware to upgrade the security from WEP to WPA.

Securing a home wireless router

Searching For WiFi Hotspots

When you're out and about and need to check your email with your WiFi enabled laptop, wouldn't it be great if you didn't have to turn your laptop on to see if you are within range of a wireless hotspot?

I've come across a couple of solutions to that problem recently.

The first solution is to buy a 23 GBP PCTel WiFi Seeker. It's a small keychain based device that can detect IEEE 802.11b or 802.11g wireless networks within 300ft.

The other solution is a service by totalhotspots.com. You simply text HOTSPOT to their text number and they tell you the nearest wireless hotspot. The service costs 1 GBP per successful search.

PCTel WiFi Seeker

Novell Suse Linux 9.2 Pro Supports Bluetooth and WLAN

I saw an advert in PC Pro claiming that the new Novell Suse Linux, version 9.2 Professional has improved support for mobile devices.

If you've read my previous post concerning Linux and WLAN you'll probably have guessed my reaction to this news.

I checked out suse.com, which is in the process of being moved to the Novell site, and read the product description with baited breath.

It seems that YaST (Suse's installer of choice) has been updated to include better support for WLAN, Bluetooth and IrDA.

It reads...

Improved WLAN support and configuration with YaST (including Centrino).

New YaST configuration modules for IrDA and Bluetooth.

Bluetooth support with autodetection for synchronization with Bluetooth cell phones and handhelds.

It's all very exciting stuff and for around 56 GBP it's competitively priced considering it comes bundled with over 1000 open-source software products.

http://www.novell.com/products/linuxprofessional/

Wireless and Linux

While I'm on the subject of wireless networks (WLAN) I'm still waiting for Linux to catch up and support more Wi-Fi devices so I can start to use my Linux box to the full. As yet I'm still unable to get Mandrake or Red Hat to work with my MA111 out of the box or using linux-wlan.

If anyone knows of any PCI or USB solutions that are compatible and available in the UK please contact me via my contact page.

http://www.linux-wlan.org/

WLAN (Wireless LAN) Security

Since I bought my Netgear DG824M Wireless ADSL Modem Gateway I've been interested in securing it sufficiently enough to prevent it getting hacked.

Out of the box the router will work with default values, however it is VERY risky to keep your wireless access point running like this.

Here are a few tips which should keep out casual hackers and bandwidth thieves.

SSID (Service Set Identifier) Broadcasting

Your Service Set Identifier is basically the name of your wireless service, wireless access points all come with a default value for this, in the case of Netgear this can either be "Netgear" or "Wireless", you should change this to something else that does not describe your business or location (Note: SSID is case-sensitive).

The default setting on most Access Points is for the SSID to be broadcast out to anyone in range of the router, this is convenient for users to join your network, but handy for hackers to easily identify your network as a potential target. You should disable SSID broadcasting.

WEP (Wired Equivalent Privacy)

This is the wireless security standard, which has been proven to be quite easy to crack, however it does provide some protection, so it is highly recommended you enable WEP preferably 128 bit encryption and change the WEP key from the default value.

MAC address access control

Each wireless (and conventional) network card has a unique MAC address. Most Access Points allow you to configure access to the network via a set of MAC addresses instead of all users, which is usually the default setting. You should use this functionality since it will make it harder for casual hackers to join your network. On Windows machines open a DOS command prompt and type ipconfig/all in order to find the MAC address of your wireless card/USB dongle, simply add the MAC addresses of all the computers you need to access the router.

Wireless coverage

You should try and locate your Access Point in such a way as to reduce the coverage outside your building. Try to position your Access Point in the middle of your building equidistant from your computers and wireless devices, but away from windows and perimeter walls since this will provide good wireless coverage for people outside your building.