April 4, 2007 at 8:20 am · Filed under Wireless
If you are using wireless in your home or business, ask about what type of encryption is being used. You might say, “It is none of my concern” and you would be wrong. Is your personal information, privacy, bank account information, social security number and your very identity your concern? Of course it is.
104 bit WEP key’s are breakable with 50% certainty after obtaining just 40,000 packets in less than one minute. It takes only slightly more time to break 256 bit WEP encryption.
What this means for those of you that have wireless access in your home or business, is that an attacker can determine your wireless access key in minutes if you are using WEP encryption. If you are not sure what type of encryption is being used, you may not be using encryption at all.
One minute. Little more than that is all someone needs to determine your credit card number. Trust me, you will never know it happened until you’re broke.
Essentially, encryption requires anyone that wants to view wireless data to provide a password (or “key”). If you are not using encryption, the data going ‘across your wireless network’ might as well be clear text (and may be). When I say ‘across your wireless network’, what I actually mean is that everything you do is broadcasted three hundred and sixty degrees in all directions for hundreds of feet and anyone within range can access that data as if it were a street sign. That is without ever entering your home or property.
If you’re wondering what you should do about it, switch to WPA1 or even better, WPA2 encrpytion. If your access point or router does not support it, buy one that does or find out how to update the firmware for WPA support.
WEP can still serve the purpose of deterring “accidental” access or annoying neighbors looking to freeload your Internet access, but lax security is no security.
As always, remember to disable SSID broadcasting so your wireless network is not broadcasting it’s availability, change those default passwords and enable WEP, WPA1 or WPA2.
Related Article: Breaking 104 bit WEP in less than 60 seconds (PDF)
January 25, 2007 at 10:39 am · Filed under Wireless
Assume that right now (possibly someone in your own neighborhood?) anyone has access to your network. It is possible and the odds are that someone is or even more likely, will access Internet sites or your files using your private connection and you will have no clue even after they are gone.
Your wireless router/access point outputs a signal 360 degrees in all directions. You have to assume that anyone within about 300 feet already has access to your network (unless you have already taken the steps to secure it) or can have access to your network instantaneously. If you’re asking why, keep reading.
Anyone is capable of seeing your network with no special tools or software. All it takes is software included with a wireless adapter or antennea (or other that is attainable for free online); access can even be gained by a PDA or cellphone. If you have a visitor in your home, that visitor could be committing illegal acts on an Internet account that is in your name, in as little time that it takes to “pretend” to be in the bathroom. When the FBI shows up at your door, they haven’t come to say hello.
As soon as you attach a phone line or cable line (internet access line), and power on your router access to your Internet connection is almost immediately available to the public. Once you attach a network cable from your computer to that router, someone could have access to your files in minutes.
You may find that when you are setting up a computer to connect to your wireless network, during the setup you may see more than one wireless network available. Why is this? That is probably a neighbors wireless advertising it’s existence. Bad neighbor, bad! I would let them know about that. His or her router is “broadcasting it’s SSID”. The SSID is basically an ID or name for the wireless connection used to identify it and connect to it. You may turn this off easily in your router to prevent your network from being seen. You will need to remember that SSID (which can be changed or viewed in your router) to connect to your wireless network. In other words, you won’t be able to see it in that list anymore.
In many cases a neighbor may also unknowingly access your network when attempting to connect to his or her own wireless network and not ever realize this for days, weeks or even months — never perhaps?Let’s hope your neighbor is not a pedophile or a bootlegger. You’re going to be in some serious trouble.
The settings on your router or access point have default settings that are the same on that type/model of router, or on every wireless router or access point sold by that company. This means thousands of people know the password to your router. If they dont, they can find it online. Knowing that password gives a person the ability to do anything at all to your wireless settings. If you have taken measures to prevent unauthorized access by wireless users, access can still be gained by this person since all they have to do is change those settings, allowing themselves access. Technically, access to your router is “impossible” with these settings set correctly, because they would need access to your network to access your router, but let’s not take that chance, ok?
In almost all cases a wireless network is so insecure by default that a person can access your network within seconds from anywhere in range. They may even do so without ever knowing, if a device such as a cellphone is set to find wireless networks and connect to them when available.
These are the things that you must assume will occur when you have a wireless network, because in the majority of cases, it is that easy; so easy we can do it without even knowing it and it takes literally seconds. Trust me, I’ve done it.
What is the most important thing you can do to protect yourself?
Obvious: Don’t have a wireless network, wired network or the Internet. I’m sure that is not an acceptable option to you, so I suggest you take my advice.
First off, what does someone that would “hack” into your network want? Well, they want information. Information can be anything: checking/savings account numbers, passwords, other bank information, personal information, documents, social security numbers, Quickbooks/Quicken data, tax information, logged instant messages, etc.
Put those files in a safer location and not in shared folders. Only do so if you know how to set security permissions on a shared folder to allow access only to those with authorization.
It takes a couple of seconds to connect to your network and only a few more to find your shared folders. It will only take a person several seconds to a few minutes to recognize which files are valuable, to copy those files and then to leave without a trace. A few hours later your bank could be calling you; your account is empty and you overdrafted. Or maybe the next morning you wake up and your name is in the newspaper or the FBI is knocking at your door.
Without security permissions set on your shared folders and files, there is no limit to what a person can to do files contained in these folders. Remember that a person may even be able to gain access using your own account, which means these security permissions/settings will do nothing to stop them.
If your lucky, your files may just get deleted or modified. I hope you have a backup.
A folder is shared if there is a small “hand” in the corner of a folder icon. These files can be seen over your network.
What are the advanced measures that I need to take?
1. Set or change the password on your router or access point. This is very important. Get rid of that default password quickly!
2. In the wireless settings on your router, set it to not “broadcast” the SSID. This helps to prevent the presence of your network from being seen.
3. Also in your wireless router settings, create a WEP or WPA “key” (or password). This will act as password protection to protect anyone from accessing your network that does not know this password. Use WPA not WEP, if it is available on your router. If your router does not support WPA get one that does. WEP is virtually useless these days. WEP keys can be broken in 3 minutes.
Tip: Using a 64, 128, or 256 bit WEP key makes no difference. Either can be broken just as easily in the same amount of time (about 3 minutes). Use WPA if possible. Do use the best encryption available on your router, but don’t rely on it to protect your network. WEP or WPA is an important option no matter which you use. It forces anyone wanting access to have a password! Use WEP if you can not use WPA!
Wi-Fi devices are required to have WPA2 certification as of March 13, 2006. Any new device on the market should support this encryption. If it does not, I advise that you not buy it.
An easy step: don’t place important files in shared folders. You will have to manually share a folder, so if you haven’t shared any folders to your knowledge, you should be ok.When you are away, unplug the network cable from your computer or the best option would be to unplug the power from your router. This will make it impossible for anyone to get access to your computer or Internet connection via wireless or from the Internet.
You purchased a wireless router so it’s your responsibility to call technical support and get assistance. It can be a headache, but in the long run it may save you the migraine of your life (in my opinion technical support staff are not too smart; you might be better off getting the help of a trusted friend).
