Suggestions about wireless security
One of my passions is wireless security. Even if I have to say that securest wireless net is a turned-off wireless net :), we need to know how we can guarantee at least a mininum level of security against intrusions. There are a lot of websites that can explain you everything about wireless nets, so I say you only few suggestion (I’m considering 802.11b/g standard):
- Don’t leave your router/wireless connection totally opened, without any encryption security. Doing that, even a baby can use your wifi connection to search informations about his favourite candy on the net. :)
- Don’t use WEP (Wired Equivalent Privacy) encryption. It is breakable in 5 minutes using simple programs.
- WPA/WPA2 (Wi-Fi Protected Access) is securer then the previous one (WPA2 is better then WPA). You can chose PSK security mode, where every user is given the same pass-phrase.
- Use a long and not-simply-hitting pass-phrase (use alphanumeric characters, lower and upper case, numbers, special characters as !, @, #,…), don’t use a dictionary based word.
- If you can, use AES WPA algorithm, actually it is the strongest.
- Change the default SSID (Service Set Identifier) and disable the SSID broadcast on your Access Point, so your A.P. will be hided from not-skilled wardrivers.
- You can use MAC filters to increase your wireless network protection. Doing that, only PCs with their mac address registered can enter the network; but remember that MAC addresses can be spoofed and that exist MAC address changing softwares.
From Wikipedia: “While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodump-ng) and then spoofing one’s own MAC into a validated one. This can be done in the Windows Registry or by using commandline tools on a Linux platform.”
- If you don’t need so, disable File and Printer sharing and Client for Microsoft Networks on your wireless adapter.
- Pay attention to your Access Point:
- Change your Access Point default password. Do it long and difficult to hit.
- Keep your Access Point and wifi cards firmware updated.
- Keep your Access Point and PC firewalled.
- Use SSH to administer your Access Point, or use https instead http.
- If you can, don’t use DHCP server and assign static IP address to each client.
- If your firewall supports this function, enable logging and check if something is not normal.
- Turn of Wireless LAN when you don’t use it.
- Finally I think that the best choice to protect your WLAN can be a VPN (Virtual Private Network), in particular OpenVPN (that is under GNU GPL), that allows you to create a tunnel between computers using preshared private key, certificates, or username/password.