Wireless enabled devices like
laptops , smart phones and tablets are
common gadgets in the current generation. These devices are connected to
wireless access points available in office or residence or sometimes in airport
for internet access.
Recently I have conducted a
survey on wireless security and some general features of wireless devices. I found
more than 90% users either uses laptop/smart phones/Tablets connecting to
wireless router present at their home/office for internet usage. I have also observed
that most of the users are not aware of serious security threat.
Wi-Fi signals don't know where your house ends and where your
neighbor's begins. Wi-Fi signal leakage gives hackers and neighbors the
opportunity to find your wireless network and attempt to access it without your
knowledge. Some important factors that account the usage of internet are
1) Official
works
2) Social
networking
3) Personal
mails/blogs
4) Sale
and purchase from ecommerce websites
5) Online
Banking
6) Other(
googling…etc)
g
1.
What do you think about hacking the wireless router ?
“71.4%
of the users know their router is prone to hack, while 28.6% are not aware of
threats but they don’t believe it a foolproof secure”
Lets us assume what happens if your
neighbor gains access to your wireless router Below is the figure showing
the real time Wireless Access points observed from my room. Some of them are
secured with WPA2 , few with WEP and some access points without security key.
Also please note do not name your router with your flat number giving more
privileges to the neighbors showing your identity. Below are some examples showing the names
with flat numbers.
If neighbor / hacker gains access to your wireless router then all your activities can be monitored, believe me it’s a serious security threat. The below figure clearly shows how a hacker connects your network and steals the critical information like your browsing data including passwords and transaction details including the credit card number
2.
How frequent do you change your
router key/password?
"50 % of users never cared of changing password or key regularly and about 21.5% never changed their default password/key”
“Only
7.5% users change their key weekly/monthly”
First thing you need is to change
the default username and password of your router. Any user connected can browse
for your ADSL username and password to access the router interface. Router interface can be accessed using http://192.168.1.1 ( Netgear ) directly from any browser. Mostly the username
is “admin” and password is “password” or “admin”. Please check the below
attachment for default usernames and passwords
3.
Do you suspect any change in your internet data speed or downloads recently?
“64.3% of users observe either their Internet speed is slower than actual
from past few days or they feel their download limit is not in sync with their actual
usage”
“35.7% never cared to analyze the bandwidth” – Below are some of the
tools which can help to analyze the bandwidth.
Contact you Internet provider to get the details of your downloads and alert them if you find anything alarming.Calculate you Internet Download and upload speed from the below mentioned website or any other speed related tools http://www.speedtest.net/ www.2wire.com
4. Type of password you prefer WEP / WPA ? wireless routers have an option
of choosing the encryption type of Wireless equivalent privacy (WEP) and
wifi-protected access (WPA).
“42.9% users not aware of encryption type WEP/WPA“
WEP Router key can be hacked in minutes by your neighbors. It is very
easy to decode with tools like aircrack. WPA also prone but relatively better
than WEP.
Its time for you to change for WPA 2 with strong passphrase Which gives
you more advantage
5.
Do you aware of mac address filter (enhanced security) feature on your
router ?
“71.4% users router users does not aware of MAC Filter option“
Configure your wireless router to
only allow certain MAC addresses to connect.
MAC address
filtering sounds great in theory. Every network device in the world has a
unique MAC address – also known as a physical address - so using it to restrict
the devices that can connect to your network sounds like wireless security’s
“magic bullet”. There are two major shortcomings in this theory. Firstly, the
MAC address is sent in the header of every data packet – unaffected by
encryption – and thus is open to sniffer software. Secondly, MAC addresses can
easily be spoofed – which also has genuine uses in networking - using readily
available software.
Best Practices for
making your network safe and secure
If you want to secure your Wi-Fi
router do the following:
1. Firstly change the default username and password of your router. Anyone connected can browse for your ADSL username and password. Use a least 12 letter passwords. Mix it with caps, numbers and special characters. Don't use dictionary words.
2. Use WPA2 - AES. Last I've heard is that WEP and WPA1 has been hacked
1. Firstly change the default username and password of your router. Anyone connected can browse for your ADSL username and password. Use a least 12 letter passwords. Mix it with caps, numbers and special characters. Don't use dictionary words.
2. Use WPA2 - AES. Last I've heard is that WEP and WPA1 has been hacked
3. Hide the SSID. There are hacker
tools to unhide the SSID, but this extra step can make it a step harder for the
hacker.
4. Use mac addresses. Also there are hacker tools to spoof mac addresses, another step to increase security.
5. Turn off DHCP. The hacker has to use Static ip address to join the network. Make the network ip different than the norm. This make it harder for the hacker to guess the IP range.
6. Limit the IP range of the network. Anyone outside the range cannot connect.
7. Turn off remote access. Some routers can be access remotely and router setting can be change. Turn this setting off.
9. Use a personal firewall like Commodo - freeware.
4. Use mac addresses. Also there are hacker tools to spoof mac addresses, another step to increase security.
5. Turn off DHCP. The hacker has to use Static ip address to join the network. Make the network ip different than the norm. This make it harder for the hacker to guess the IP range.
6. Limit the IP range of the network. Anyone outside the range cannot connect.
7. Turn off remote access. Some routers can be access remotely and router setting can be change. Turn this setting off.
9. Use a personal firewall like Commodo - freeware.
