• Home
• 1000s Resources
• News & Articles
• Books & E-books
• Forum
• Computer Security
• Equipment
• Free Help
• Free Listing
• Index - Private Investigation Agencies
• Law Resources
• Law Enforcement
• Licensing
• Missing Kids
• Services
• Investigation Courses
• Work Wanted Ads
• Positions Vacant
•  
• Member Login
• Membership
•  
• About us
• Contact Info
• Privacy Policy
• Your Feedback

Articles

«BACK

Wireless Networking - Making it Secure

Richard Wall's recent article "What network security is enough" has prompted questions from a few (thankfully) responsible investigators how to go about overcoming the WEP encryption weakness. One moment they never heard of network security, next minute they disover WEP and then they're rightly told to beware of hackers. If you are using a wireless network and you are (or, are not) a private investigator, do the right thing and follow Richard's expert recommendations.

"Wireless networking is fast becoming the preferred method of networking in homes and small to medium enterprises (SME's). It enables you to have a computer connected to a network without the constraints of a cable. You can also access internet in some locations via wireless hot spots.

Most wireless networks use an Access Point (or AP) as the common connection point, some are "Ad-Hoc" networks where the wireless network card acts as an AP. AP's are by far the preferred method as they afford more control over the network, in particular who can connect to it and who can't, this is what we will be focusing on in this article.

The single biggest risk someone has with a WLAN is they never change the default username and password on the AP for the web based configuration menu. Seems silly huh? But a staggering 60% of small businesses in Australia who have a wireless network fall in this very vulnerable category. Most AP's will have a default username or password of admin/admin, admin/password or even username/password making it very easy to gain access.

Once someone has gained entry into your AP, they can prevent you from having entry or even connecting to it. As most AP's are connected to the internet they can now abuse your connection in such ways like spamming, fraud, excessive downloads etc. If your connected to an ISP such as Telstra who have a reasonably expensive charge for excess data, this can get very expensive. To put this in simple terms, if you are on a Telstra 8mb plan with a total downloadable amount of 10gig/mth. Someone connects to your AP and downloads an extra 10 gig on top of your allowance, that will give you an excess data usage bill of somewhere around the $1400 for just that one month. Don't think that it can't or won't happen, it does. A single 8mb connection is capable of downloading 10gig ($1400 worth of data) in just under 2hrs 30mins!!

All that is aside from the risk of having your data compromised! The good news is, just like a wired network, it is relatively easy and inexpensive to mitigate these risks.

Most AP's will have some sort of encryption method, if yours doesn't replace it immediately. The more advanced AP's have several methods of encryption however one of these methods aren't even worth using.

Most people will be using the Wireless Encryption Protocol or WEP as it is also known, with a couple of minutes spare and my Linux based laptop I can crack that encryption and take over your wireless connection. WEP is not sufficient in my opinion and anyone using this sort of encryption are at risk!

There has been progress made on encryption technology and now we have Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access version 2 (WPA2) encryption, inside these methods there are two types. Pre-Shared Key (PSK) or Temporal Key Integrity Protocol (TKIP). Both offer a more secure version of 64bit and 128bit encryption. Both can be cracked, however never in a time frame that is practical. For example with WPA-PSK it would take a couple of years for it to be cracked.

Using the Pass-phrase (PSK) option is the easiest method and will make your wireless connectivity reasonably strong, but not fool proof.  A couple of other methods to just make sure it's as safe as it can be is to use MAC address filtering and turning off SSID.

MAC address filtering is reasonably simple, instead of the AP detecting security from the Wireless Network Interface Cards (WNIC) IP address, it uses the cards embedded physical address, the MAC address. That means that only the device with the corresponding MAC address can connect. As all network devices have an individual MAC address no other device can connect. DO NOT USE THIS AS YOUR PRIMARY PROTECTION! MAC addresses can be copied by software thus enabling people to connect, but used in conjunction with WPA security you will be secure.

Lastly disabling the Service Set Identifier (SSID) of your wireless network help as well. This is what you use to name your wireless network. So when you are using a WNIC to connect it will do a scan of available networks, you will see your network and connect, disabling this will prevent it from being seen. If you have already connected to your wireless network then your WNIC will know what it is and connect to it without it having to be visible. You cannot connect to a wireless network with the incorrect SSID, so disabling the broadcast of this will prevent people randomly trying to access your AP as they won't be able to see it.

The best weapon you have against wireless network intrusion is vigilance, change your default passwords to the AP, use WPA or WPA2 encryption as a minimum, Use MAC Address Filtering and disable the broadcast of your SSID. These simple steps will save you a lot of heartache if the worst happens."

Richard Wall
Operations Manager
Modern Investigative Solutions
www.misgroup.com.au