Is your WLAN secure?
-------------------------------------------------------------------------------
PARTHZONE helps you to secure your home/office wireless network so that hackers and
malicious elements can’t use it. You only need to tweak a few settings in your
router’s configuration.
---------------------------------------------------------------------------------
TRICKS BY PARTHZONE
Are you worried about the recent news
reports that terrorists have been using
open and unsecured wireless networks?
Here are some tips to help you secure your
home or ofice Wi-Fi network from intruders,
hackers and terrorists. Most wireless routers
have weak default security settings which
need to be changed in order to protect yourself
fully. But if you know how many computers are
supposed to be on your Wi-Fi network, it’s easy
to lock things down so no one else can get in.
Let’s begin with a few basic but important
settings that need to be conigured in your
wireless router. To log in to the router and
conigure it, use any Web browser and enter
the IP address of the router in the address bar.
The default IP address, username and password
should be mentioned in the router’s user manual.
The exact names and locations of each setting
mentioned below might differ between brands
and models, but the concepts are the same.
Browse through all the features of the router and
learn about how they affect your security.
Step 1: change the default password
Each router has a default username and
password, and you should change these the
moment you start coniguring yours. If the
router’s password is either unchanged common
or weak, a stranger might be able to reconigure
the router and wipe out all your other security
measures, making them useless. Default
passwords such as “admin” are the easiest to
crack, so try to use a good mix of numbers and
characters to be on the safe side.
Step: 2: change the default ip
address
Most routers have a common IP (Internet
Protocol) address which is set to
192.168.1.1, which is known to hackers.
This should be changed to a random,
uncommon IP address. You’ll need to stay
within the series, such as 192.168.xxx.
xxx, but the last value can be changed to
anything you like.
Step 3: Disable the DHcp service
DHCP (Dynamic Host Coniguration
Protocol) enables remote computers
connected to the router to obtain an IP
address and join the network without
needing to know the IP and router address
information. This is a simple and effective
way of keeping intruders away. As far as
possible, set up the computers on your
network with static IP addresses. If you
still want to use DHCP to make your own
coniguration easier, restrict the number
of DHCP IP users to the number of
computers on your network. For example,
if you have ive laptops running on the
network, limit the DHCP IP addresses to 5
from the default 50.
Step 4: Restrict the network mode
If your computers use Wi-Fi N or B/G,
restrict the network mode to only
that Wi-Fi lavor to prevent unwanted
computers from being able to join your
network. This isn’t 100 percent effective,
but can help deter casual Wi-Fi snoopers,
especially if you use the newer N standard.
Step 5: change the default SSiD
The SSID is the name of your network.
It often reveals the name of a house
or ofice from where signal is coming,
allowing hackers to zero in on your location.
Change the SSID to some random name,
or disable SSID broadcast entirely if
possible. Disabling the SSID broadcast
makes your Wi-Fi router invisible to
laptops and cellphones in the area which
automatically scan for Wi-Fi hotspots and
try to join them. If hackers can’t be sure
that your network even exists, they will not
bother trying to break in. It is actually just
common sense and shows that prevention
is better than cure.
Step 6: opt for WpA2 or pSK security
over Wep
WEP (Wired Equivalent Privacy) keys can
be cracked with relative ease, so opt for
WPA (Wi-Fi Protected Access), which
uses 64-bit or 128-bit encryption. PSKs are
Pre-Shared Keys, which provide stronger
security than WEP or WPA. The encrypted
keys are shared by the router and your
Wi-Fi devices. The higher the encryption
bit rate, the more dificult it is to crack.
Step 7: enable the mAc Filter
Enable MAC (Media Access Control)
address iltering to restrict or authenticate
a particular computer on the network. A
MAC address is a unique physical address
assigned to every piece of network
equipment, which the router can use to
authenticate it. If an unauthorized computer
tries to join the network, it will simply
be rejected. This is one of the simplest
ways to prevent strangers from using and
abusing your network.
Step 8: use the router’s firewall
Enable the irewall feature if your router
has one. Usually, routers use SPI (Stateful
Packet Inspection) which reviews the
packets of data entering your network. If
your router has an Internet Filter, enable
it too. This rejects anonymous Internet
requests and keeps your network from
being “pinged”, or detected by other users
over the Internet. To secure your computer
against other users already on the network,
use a desktop irewall such as the free
Comodo Firewall.
Step 9: use internet Access policies
This feature allows you to set parameters
for each computer accessing the network.
You can allow or block certain computers
from using the network on a speciic day
or time, or even block speciic websites,
keywords, applications and ports.
Step 10: Disable remote
administration
Remote management features can be
helpful and convenient if you are constantly
on the move, but can also be a window for
hackers. Enable this feature only when you
are actually travelling and really need it.
Step 10: Disable remote
administration
Remote management features can be
helpful and convenient if you are constantly
on the move, but can also be a window for
hackers. Enable this feature only when you
are actually travelling and really need it.
Step 12: Disconnect the internet
when not needed
If you only need Wi-Fi for home or ofice
networking and do not need to use the
Internet at all times, you could simply
unplug the ISP’s cable from your router or
switch off your ADSL/cable modem.
Step 13: position your router
carefully
As far as possible, position the router in
the center of your room or ofice. The
Wi-Fi signal emanates in a sphere with
the router at its center, potentially making
it accessible from your neighbors’ houses
or even the street outside. If your router
allows you to reduce its signal strength,
keep it at a level suficient for your usage
area. You never know how many people
are actually able to detect and use your
network. Keeping the router at a height
increases the area of broadcast, so keep
that in mind.
Step 14: update the router firmware
Keep an eye on the manufacturer’s website
for recent changes and developments of
the routers irmware and its updates. New
security features might become available.
Make sure you know how to perform this
procedure before attempting it though!
Step 15: Scan for signal leaks from
time to time
Scan the area just outside your home or
ofice for signal leaks from time to time.
You can use a dedicated Wi-Fi sniffer or
any laptop, PDA or cellphone which has
Wi-Fi built in. If you can detect your own
wireless network from the outside, anyone
else will be able to as well.
Wi-Fi frees you from wires and lets you
work conveniently and comfortably, but a
wired network is a safer option. Now that
you have all the information you need, you
won’t have to worry about criminals or
mischief makers abusing your network.
Categories:
HACKING