Tuesday, February 28, 2006

Securing Wireless Networks

A question I get asked quite a lot is "How secure are wireless networks?" and my stock answer is "As secure as you make them". For a domestic wireless network there are just two steps that you need to take to provide you with adequate security.

1. Enable encryption. There are two basic types of encryption - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). All wireless routers that you are likely to encounter will allow you to enable WEP. WEP can be set to afford either 64-bit or 128-bit encryption which involves entering either a 10 or 24 digit hex (base 16) number. Eircom routers (Netopia boxes) now use 128-bit encryption by default, so you will need to get the 24-digit number from the router and enter it when your PC/Laptop connects with the router. More recent routers allow the more secure WPA encryption to be deployed. There has been much written about how insecure WEP encryption is compared to WPA. Let's be clear that any encryption in a domestic wireless network is going to keep all but the most dedicated hacker out of your system. To hack into a wireless network, in a meaningful way, is not a trivial matter. First, the hacker needs to be within range of your wireless transmissions, which means that, unless it is your immediate next door neighbour that is trying to hack you, he/she will need to be camped outside your house for prolonged periods of time. Next he/she needs to be familiar with wireless hacking tools, almost all of which are Linux-based and quite cryptic to use - not something that the average 10-year old kid will be familiar with. There are "specialists" out there who can be hired to break into the wireless networks of big corporations for financial gain but, believe me, they are not particularly interested in your late night browsing habits.

2. Filter MAC addresses. All network devices (network cards, routers, access points, etc) have an individual MAC (Media Access Control) address which is a hardware address that uniquely identifies each node of a network. The MAC address consists of 6 pairs of hex numbers, such as 00-0E-23-A5-31-4C, and each is unique to a particular device. Almost all routers today allow MAC filtering to be set up for a network. This is done by entering the MAC addresses of the network cards in the PCs/laptops that you want to allow to connect to the network. Once set up only these PCs will be allowed to connect and a PC with a different MAC address will be refused admission. To check your IP address go to Start>Run, type cmd and click OK. This will open the Command Prompt window. At the flashing cursor type ipconfig /all and hit return. Your MAC address is the 12-digit hex number listed under Physical Address.

These two simple steps will provide your wireless network with all the security that you are likely to need.

No comments: