Wireless Network Security

Last updated: Jul 26, 2007

Most households have some sort of broadband that is hooked up to a wireless router of some sort. These wireless routers are by default insecure. It is argued that wireless in any form is incredibly insecure due to the fact that you can’t physically contain it. In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop is plugged into the corporate network. A cracker could sit out in the parking lot and break in through the wireless card on a laptop and gain access to the wired network. In my neighborhood alone within my range I am able to access five unsecured wireless networks and three WEP secured (insecure) wireless networks. With one single security-auditing program you could potentially view all activity within any one of these networks including: passwords, emails, bank statements, credit card numbers, and other private information. Do I have you scared yet? I hope I do since most households have unsecured wireless and it takes less than a minute to comprise its security.

Differences between wired and wireless networks

Its traditional wired counter part can be secured physically by not allowing physical access to the router, literally blocking or shutting of certain wired areas of a building. Since the wire is usually stored within the walls of the building it is more difficult to splice into the wire and watch what’s happening on the network. Wireless on the other hand can be “listened to” from anyplace within range. Since we don’t want people seeing what we are doing so the only choice was to encrypt all wireless traffic. That way people that were listening would only be able to see what would look like junk or garbage text. The only problem with this is that the computer on the other end has to be able to read this “junk”.

Methods of making wireless more secure

To maintain the connection with the router the computer on the other end must have a key or know the “password” to the router. This is the worst part of wireless, as the computer on the end must remain in constant communication with the router. That means the computer must send its key or “password” many times to the router. This makes a hacker’s job much easier as his software is able to detect commonalities amongst the “junk” that is continuously flowing. On top of that he is able to constantly ask the router if his/her “key” is the proper key. On a wired network if such an event were to take place network administrators could easily have a program that would detect if someone kept trying random passwords for a set period of time. If they tried too many passwords too rapidly the program would turn that wire/port off. On a wireless network the only means of stopping someone from trying multiple passwords in a short period of time is to block their MAC address.

So what is a MAC address? You can think of a MAC address as a serial number for your network card. In other words no matter how many passwords you through out into the air the router will simply ignore you based on the MAC address. Unfortunately MAC addresses can easily be changed even though they were never really intended to be. What make it worse is that someone knowledgeable could very easily “sniff” or monitor the wireless signal and see your MAC address and spoof (fake) their own MAC address to correspond to the legitimate computer on the wireless network. As you can see the MAC address block is really not a very viable method from keeping people from trying to guess your wireless network password.

The solution

Amongst the different types of encryption available there are some that are better than others. Currently WPA2 is the best form of wireless encryption followed by WPA and then WEP is better than nothing but not by much. Since WEP can be compromised in a matter of minutes you should only use WEP if you do not care about your security and your only mission is to keep average people from using your Internet connection for free.

To have a “secure” wireless connection you should use WPA2 or WPA with a 64-character hexadecimal key (password). And no, you do not have to type in this 64-character key every time you connect to the router. You can generate a 64-character hexadecimal key here.

It should be noted that although these are the standard forms of wireless encryption you can set up a VPN tunneling server and have it authenticate users through a pre-shared user/password combo. This may be the best way to encrypt wireless data streams and used by most universities; however, it is not practical for home users.

For a guide on how to configure your router at home see, The Wireless Router Guide.

Summary

  • Wireless networks are very insecure

  • Your neighbors could see everything you are doing while connected to an unsecured network (Although it is fairly unlikely)

  • You should set up your wireless router with WPA encryption with the maximum size password which is 64 hexadecimal characters

  • If you don’t know how see this guide.

Sources: According to Wikipedia, WPA Personal is secure when used with ‘good’ passphrases or a full 64-character hexadecimal key.

Need to print shipping labels on your site?

Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.

Get notified on new posts or other things I'm working on

Share: