Wireless Network Security Considerations for the Home Office

Posted Tuesday, October 6, 2009 - 09:14 by Dimitrios Gatso...

Wireless networks seem to be everywhere. The problem is that they do not seem to be secure. The general issue is that of awareness. The average home computer user has no awareness of the abuse potential that an unsecured wireless access point invites.

I was lounging about at home not long ago and thought it would be cool to see how many unsecured wireless access points I could find nearby. I found three unsecured wireless networks. One network had a name that I recognised, it was the name of a pet that my neighbour two doors down had kept some years ago.

I decided to pay my neighbour a visit. I was welcomed cordially enough and after briefly exchanging pleasantries and catching up I asked my neighbours to guess the reason for my visit. I told them to stop after guess number three as they were not getting any closer. I advised my neighbour that the wireless component on their ADSL modem router was not security enabled.

I can well understand that Internet service providers (ISPs) want their customers to be able to connect to the Internet out of the box. However, basic security configuration seems to be an after thought. In all fairness, ISPs often have procedures on their websites that show customers how to enable security on their devices.

My neighbour did not even realise that his modem had wireless capability. My neighbour may well have been informed but this information meant nothing or little to him as he does not have a technical understanding of computers. And so I began the process of securing his wireless access point.

The first thing was to contact the ISP and determine the login credentials of the wireless device. So I began dialling a support number. After about 25 minutes I had the credentials to logon to the wireless access point. I recorded the credentials and gave them to my neighbour.

I then had to find out how to access the wireless access point. Usually the documentation that comes with your wireless access point tells you how to access the device configuration page. Most devices clearly print the IP address that you need to enter into your web browser to access the configuration page of the device, on the device itself. A common default address is: http://192.168.0.1. You could use the procedure below to determine the IP address you need to access to logon to the wireless access point.

To determine what IP address you need to put into your browser to access your wireless access point you will need to do the following (Of course I am assuming that you are using a Windows operating system):

  1. Select the Start or Windows button in the bottom right hand corner of your screen.
  2. Select run. (If run is not visible then press the Windows key followed by the r key.)
  3. You will then see a window with a dialogue box with the Open. Type cmd in the dialogue box and select the OK button.
  4. This will then bring up a black console window
  5. In the window type the following: ipconfig
  6. Then press the enter key
  7. Record the default gateway IP address
  8. Type this address into your web browser and press the enter key
  9. Enter the credentials that you received from your ISP to logon to the wireless access point

However all this effort will only get you in the front door. From here, what you see on the other side is governed by the manufacturer of your device.

From here you have a few options. You could:

  1. Contact your ISP and ask them to guide you through configuring wireless security
  2. Ask your IT savvy friend/relative/acquaintance to do it for you (I personally work for food)
  3. Locate the hardware manufacturers website and download the relevant guide

The particular configuration options will vary significantly. But if you decided to be brave and chose the third option then you will need to consider the following:

Wireless encryption type

Should you use WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) or WPA2?

WEP is a deprecated standard and can be compromised within seconds. This is not a good encryption choice.

WPA was considered secure but the associated Temporal Key Integrity algorithm (TKIP) was compromised by security researchers in 2008.

WPA2 is what you want to select. You also have the option of choosing Temporal Key Integrity algorithm (TKIP) or the AES-based algorithm. Since the TKIP algorithm has been compromised you should select the AES based algorithm.

You will also need to create a wireless passphrase. This is the password that you will need to enter when you want to setup a connection to your wireless access point. It is recommended that you create a passphrase of 13 or more random characters.

MAC address filtering

A number of wireless access point devices have the ability to filter connections based on what is called a MAC address. A MAC address stands for Media Access Control address and is a unique identifier assigned to every network interface card (NIC) by the manufacturer. What this means is that you can limit the devices connecting to your wireless access point based upon this address that is hard coded into your network card. Of course there are ways around this but this measure will function as another layer of defence.

Disable SSID broadcast

Service set identifier (SSID) is a name that identifies a particular wireless network. It could be any name that you set, but typically there is a default name that is used by the device manufacturer. This is broadcasted and reveals the name of the network and usually the manufacturer name. Whilst turning this broadcasting off cannot be considered a significant security measure, it will stop the casual browser from trying to connect to your network and guess the password.

So what are the potential consequences of not securing wireless access points?

There are a number, the most significant include:

  • You will allow anyone nearby to use your Internet bandwidth, essentially providing your local neighbourhood with free Internet connectivity
  • If you have an Internet plan that charges for additional downloads then you could be getting charged excessively for the downloads that are being made by others connecting to your unsecured wireless access point
  • If you use internet banking, pay bills or utilities online or perform any other financial transactions over this wireless link, your credentials could be stolen which could lead to your money also being stolen
  • Personal documents and articles about you that can be accessed over the wireless network could be stolen and used for the purposes of identity fraud
  • Your computer can be hijacked without your knowledge and be used to attack other computers or spread viruses or send spam

It is important to understand that these measures are deterrents. Applying these actions will mitigate the risk of your wireless access point being compromised.

Comments

Thanks for sharing your

by Thomas (not verified) - Jun 1 2010 - 2:21pm

Thanks for sharing your experience about wireless network.I too use wireless connection,but never thought about this unsecurity.Are there any networking softwares that can keep track of these unsecured items that hamper the PC and account details ?Can only using Firewall will help?Well,this is regarding the security of your PC,but it's also important to make your home secured by having a best home insurance  policy.So U can chk out with Insurance hits website for best offers.

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are human.
Image CAPTCHA
Enter the characters shown in the image.
By submitting this form, you accept the Mollom privacy policy.