Securing a Wireless Network

[Frizz]

Howdy!

Can someone tell me what I need to do to secure/lock a wireless networK? I think someone's nicking my bandwidth, and I'm sure it's unsecured as I can connect my phone and DS freely to the line.

I've looked in Network options, but I feel like if I fiddle around, I'll break something. :/

Any help is greatly appreciated.

 

[Aesgir]

In your options you should have WPA/WEP encryption options, enable that. Preferably WPA. If it's sky, they probably sent details of how to do this in your welcome pack, other than that it should be fairly easy to spot the options.

You could also stop broadcasting your SSID, meaning people wouldn't be able to just see your network, but thats optional really on a home connection.

 

[Frizz]

Ok, say I go into My Network Places, right click on the Network which then brings up Properties, yes?

There's nothing there about WPA/WEP encryption options. Or SSID for that matter...

 

[Aesgir]

You should be able to do it by logging into your router/router settings to enable it. You should be able to set up the encryption and set up a passkey, don't use the default one which a lot of ISP's try, set your own

 

[Frizz]

In these options then? None of the tabs have anything on that stuff either.

 

[Aesgir]

You access routers through your browser normally.
http://www.microsoft.com/athome/moredone/wirelesssetup.mspx
shows the address to connect to it according to manufacturer. It actually shows how to do it all from scratch if thats any help.

 

[Frizz]

Hmm, ok. Thanks for the help.

 

[Bob007]

Adding to the rest might want to MAC address filter as well.

use command prompt to get this. start>run type cmd
in new window type ipconfig /all

look for a line something like..
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX

Thats the "unique" MAC (media access control) address for your hardware.

With everything else, you should be pretty secure from 99% of must "hacks".

 

[Ch3tan]

A combination should do you, stop broadcasting your SSID, turn on some encryption and restrict access to the MAC addresses of your devices. It is what I do.

 

[Frizz]

Right-o. I've completely blocked unknown users via MAC filtering, used WPA encryption and turned of my SSID.

Had to go onto the routers home IP address...thing. Just sort of played about with the settings mentioned. Turns out there were about four others connected to my network.

Lesson learned. Thanks for the help, peeps!

 

[Ch3tan]

cheeky neighbours whoring your bandwidth. Go slap them

 

[Frizz]

It just makes me feel like an ingorant fool, who got what he deserved. Cheap fucking neighbours though, yeah.

 

[taB]

Have pretty much given up on wireless for the moment, my signal is so bad. Router is 10 metres from computer round a corner worst physical blockage is a glass door. I'll try and stick my specs up tonight and get some ideas because running a cable out at home every time is annoying me.

Have tried with and without MAC addresses, WAP/WEP stuff. Think I must be missing something obvious (as per usual)

 

[smurkin]

cheeky neighbours whoring your bandwidth. Go slap them

Or you could see if they are sharing any folders on the network and fill them with gay porn :kissit:

 

[nath]

It just makes me feel like an ingorant fool, who got what he deserved. Cheap fucking neighbours though, yeah.

This is a fairly common attitude, and tbh I think it's batty. If you've bought a wireless router and found it very difficult to set up security I don't see that as a failing on you (unless you work in IT...) rather than a failing of the device itself. In my experience wireless routers are absolutely useless at informing the user on how important it is to secure your network and how to do it.

I think newer models are starting to have wizards that guide you through it, but it's bloody stupid to expect average users to know what the hell WEP and WPA is. If they're marketing wifi equipment to bloody everyone, they should make it useable by (nigh on) bloody everyone.

</rant>.

 

[Jonty]

Hi Frizz

It's actually illegal in the UK to use someone's wireless connection without permission ('dishonestly obtaining an electronic communications service'). So if you know who it is and you're feeling vindictive ...

nath is right, though, the technology companies should make it easier and spell out security issues, state what each feature does, and help people to configure things appropriately.

Kind regards

 

[WPKenny]

Have pretty much given up on wireless for the moment, my signal is so bad. Router is 10 metres from computer round a corner worst physical blockage is a glass door. I'll try and stick my specs up tonight and get some ideas because running a cable out at home every time is annoying me.

Have tried with and without MAC addresses, WAP/WEP stuff. Think I must be missing something obvious (as per usual)

Download net stumbler...

Downloads | NetStumbler.com

And see what channels other nearby wifi networks are using and set your own to one that's as far away from them as possible. i.e. if your neighbour is using 11 then you should use 1.

 

[Aesgir]

Yeah it is actually illegal. Think these were the first 2 to be arrested for it in the UK Geordie cops arrest two for Wi-Fi squatting | The Register

Don't know why you'd feel like a fool for not knowing how to secure your network. It's not something ISP's really give you any info on, and unless you KNOW what WPA encryption or your SSID is, it's all just meaningless jargon. Nath is spot on, it should be made a lot easier for people to understand how to do it. I've had to set up a fair few wi-fi connections for people because of intimidating jargon. Not that i mind, it's a job after all

 

[Jonty]

Hi guys

I bought a Belkin Wireless N Router at the weekend (discounted ), and whilst it's a great piece of kit and very easy to setup, it really illustrates our concerns above. Wireless security is turned off by default, the security options are buried in the router configuration menus, and the various options are presented in all their abbreviated glory. If you don't know your WEP/WPA/WPA2 from your PSK/TKIP/AES, you're pretty screwed.

To Belkin's credit, they do offer some brief explanations about what each option does and how to use it, but they don't tell you any details.

Belkin's setup process is great at automatically configuring the router and setting up the wireless connection, so I refuse to believe they couldn't add a step to easily configure the security. Anyway, good hardware, but certainly no leadership on this issue.

Kind regards

Jonty

P.S. For those of you have disabled your wireless connection's SSID, you need to tell Windows to 'Connect even if the network is not broadcasting' (it's buried the wireless connection options). Note that disabling the SSID isn't fullproof, so it's still best to secure your wireless connection with encryption (preferably WPA-based).

 

[Hawkwind]

Note of caution: Make sure you change the usr / passwd of the router. Amazing how many people don't. Mate of mine had his changed for him by a neighbour showing off with his laptop. Guy would not tell him the new details until he a got a bottle of whiskey!:worthy:

Personally I hide the SSID, WEP and MAC Filter. pretty easy to add a MAC for anyone visiting and one of the strongest tools to keep freeloaders off your highway.

 

[Deebs]

Guys,

Don't use WEP. With today's computers the encryption can be broken in seconds now, including 128bit.

Disabling your SSID does NOTHING. The SSID is transmitted in every packet so they just need to sniff one packet to find your SSID (obviously your 55 year old neighbour won't be doing this).

If you want to have the most secure network select WPA2 with AES encryption if your router supports it, failing that WPA with any cipher at a minimum.

 

[Sharma]

Hi Frizz

It's actually illegal in the UK to use someone's wireless connection without permission ('dishonestly obtaining an electronic communications service'). So if you know who it is and you're feeling vindictive ...

nath is right, though, the technology companies should make it easier and spell out security issues, state what each feature does, and help people to configure things appropriately.

Kind regards

Provided he's got the MAC address from the logs surely? otherwise it'd be an empty claim!

 

[Frizz]

I did have, but once I blocked the MAC addresses, they disappeared.

 

[nath]

Guys,

Don't use WEP. With today's computers the encryption can be broken in seconds now, including 128bit.

Disabling your SSID does NOTHING. The SSID is transmitted in every packet so they just need to sniff one packet to find your SSID (obviously your 55 year old neighbour won't be doing this).

If you want to have the most secure network select WPA2 with AES encryption if your router supports it, failing that WPA with any cipher at a minimum.

As far as I'm aware, WPA has been publicly broken so is about as ineffective at genuine security as WEP. WPA2 is the only way to be reasonably sure that your network is secure, for now.

That said, I always think of it like a padlock on a gate - sure, people can get round it if they need to, but it's enough to turn around opportunistic spods. Wep will still be good enough for that, it'll stop your neighbours skanking your bandwidth and your *moderately* more savvy neighbours trying to have a gander at your files/messing with your router settings.

WEP2 is great if all your devices support it but I'd not lose any sleep about it if you don't have it.

 

[Deebs]

As far as I'm aware, WPA has been publicly broken so is about as ineffective at genuine security as WEP. WPA2 is the only way to be reasonably sure that your network is secure, for now.

That said, I always think of it like a padlock on a gate - sure, people can get round it if they need to, but it's enough to turn around opportunistic spods. Wep will still be good enough for that, it'll stop your neighbours skanking your bandwidth and your *moderately* more savvy neighbours trying to have a gander at your files/messing with your router settings.

WEP2 is great if all your devices support it but I'd not lose any sleep about it if you don't have it.

Can you show me a url that shows WPA as being broken.....

 

[Jonty]

Hi guys

I think we need to keep things in perspective here. Your average person is not going to know how to look for unbroadcasted SSIDs, and they're not going to try and brute-force hack encryption.

Of course I'm all for securing wireless networks by default, and personally I think Deebs' advice is spot on, but keep in mind the real-world threat level is actually very low. If you're a business, or using your wireless connection for something sensitive, then of course take extra precautions, but always keep things in proportion. I know some people who use 4096-bit encryption when their instant messaging, which probably makes them look suspicious more than anything else ^^

Kind regards

Jonty

P.S. nath, that's a bit harsh, WPA is still a whole lot better than WEP

 

[Deebs]

From my research I cannot find any reference to WPA/WPA2 being cracked but merely someone managed to brute-force a key. Any encryption mechanism is susceptible to this.

 

[nath]

I'm happy to concede I could be wrong on this one - I'm sure I read or heard somewhere that WPA(1) had been hacked, but it was a while ago so like I say I could be wrong. I was under the impression that there was a bit of software that'd just snap it straight away and in that respect, it was no more secure than WEP.

Anyway my main point was similar to Jonty's - encryption for home users is primarily to stop people skanking your connection.

 

[nath]

Double posting ftw!

Yeah you're right, looks like WPA is just vulnerable to weak passwords.

 

[Deebs]

No problem. I am quite anal when it comes to security, I need to be as I am responsible for it at my place of work. What I preach at work I do at home.

Problem is that the casual user has access to the programs that can crack WEP in seconds/minutes so I believe that when people give advice stating that WEP is good enough for home they are just plain wrong.