How do encrypt my wireless network?

Discussion in 'privacy general' started by cheater87, Jul 1, 2006.

Thread Status:
Not open for further replies.
  1. cheater87
    Offline

    cheater87 Registered Member

    can someone tell me how? i don't my computer to be hacked.
  2. Alphalutra1
    Offline

    Alphalutra1 Registered Member

    Login into the remote administration of your router (probably http://192.168.1.1 ) then look for the wireless security part. Enable WPA-PSK or WPA2 encryption and make a password of completely random characters and numbers with a length of 63 for your password. Also change the default password on your router. A good idea to get maximum distance is to change your signal channel to either 1 or 11 instead of 6. Do not disable SSID broadcast or enable MAC filtering. Worthless precautions that only cause connectivity issues.

    Cheers,

    Alphalutra1
  3. cheater87
    Offline

    cheater87 Registered Member

    i have a laptop where is the router on that?
  4. Alphalutra1
    Offline

    Alphalutra1 Registered Member

    You have to BUY a router of your own, have your own internet connection, then use the router to share it with multiple pcs. That is how you create a secure access point.

    If it is not your router and you are at a public hotspot, I ssh to my linux box at home then use a ssh tunnel to get to my squid proxy then use my own internet connection. That way everything is nice and encrypted with the blowfish cipher, the public hotspot can't see what websites I go to:ninja: , and no one can sniff out my passwords when they are "in the clear".

    If that sounds like too much, enable your firewall, don't let it have any permissions, and hope noone sniffs your passwords in public hot spots. If you are stealing your neighbors wireless, than I can't help you.

    Cheers,

    Alphalutra1
  5. Notok
    Offline

    Notok Registered Member

    I actually disagree with that, I've not had any issues with these. If you enter the MAC address right and set up the connection properly, these shouldn't pose any inconvenience. Just set up the connection and make sure it's stable first, then turn those on.

    These may not provide real strong security, but it's a first line defense that will keep casual intruders out.. there's nothing that will keep a determined hacker out. I've also seen some of the lower-end routers and access points that will drop your connection when another attempts to connect (depending). If one of your neighbors has a flakey connection and a laptop with a high tendancy to roam...

    The router is probably the box connected by a network cable to your modem. To connect to it, you'll need a computer already connected to the network that the router/access point is on. On that computer go to Start > Control Panel > Network Connections, double-click the connection to the wireless network, go to the Support tab and look at the address it says for the "Default Gateway", which is probably 192.168.1.1. Type that address in your web browser, and you'll connect to the router. You will, of course, need the password to the router. Keep in mind that anyone else that uses this router/access point to connect will need to have their system re-configured as well, once you enable the encryption, so be sure to let them know what you're doing first.
  6. Alphalutra1
    Offline

    Alphalutra1 Registered Member

    First line of defense is a strong password for administration of your router and proper implementation of either WPA or WPA2.

    It is impossible to hide a SSID. It will always send packets to and from the client pcs which are easily found by many programs, including netstumbler.

    MAC addresses are easily cloned and can be sniffed by crackers.

    So, why cause inconveniance for yourself by making it harder for you to connect to your AP but creating a mere annoyance for a hacker o_O

    Excuse me? WPA is an uncrackable cipher at the moment. The only way it can be defeated is by bruce force attacks. If you have a passphrase of 63 random characters, then there is no way if cracking technology stays the same that someone will be able to access your AP in millions of years.

    Add in the newer WPA2 with AES encryption and throw in a RADIUS server for fun, and put that millions of years into billions.

    What router did this occur with, and was any type of encrytion enabled? I have never seen an access point fail because there was an aborted attempt by a client to connect to it. Also by cheaters silence, it seems that it wasn't his wireless router :ninja:

    Alphalutra1
  7. charincol
    Offline

    charincol Registered Member

    The argument that hiding SSID and using MAC filtering is a good first line of defense for the casual mistaken connection is irrelevant. If an outsider "accidently" connects to your wifi router without realizing it just because it is known, they are in almost any case not knowledgable enough to get through your second or third line of defense (So what difference would this "first line of defense make if you have others.)

    If however, if you have SSID off and MAC filtering enabled and someone does connect, they are looking for it and most likely are trying to hack in and this "first line of defense" is nothing more than a thin paper wall. You better have a Hell of a lot better security than just this so-called good "first line of defense" because it just got steamrolled into oblivion (Again, what difference does this "first line of defense make.)

    I recently watched a friend, only using tools easily available on the net, without much effort find a corporate network and see that it used WEP for security. He could have easily in a few minutes cracked the encryption key and connected to it. It took little effort to do.

    If you do not use at a minimum WPA-PSK security, then you really have no "first line of defense" for your wifi. And yes, it does keep intruders out. Any "professional" hacker will tell you they will not bother a network with WPA. Yes, it is crackable, but it would take more time and effort that anyone is willing to put into it right now or the near future.

    People either need to "buck up" and take the time to do it right and effectively, or not do it at all and not bother setting up a "paper wall".
  8. Notok
    Offline

    Notok Registered Member

    I have to wonder why you would think these things are so grossly inconvenient. If you already have a stable connection, you shouldn't have to look at it again, and these won't pose any kinds of problems if you enable them after everything else is done (including resolving any connection issues). If you're connection isn't that stable, then I'd say sure- leave them off.. until you can get a new access point/router. Maybe if you've got business class gear that's made to handle hundreds of connections then you'd never experience this, and maybe it would be more convenient to leave them off, but if you're dealing with a $40 Netgear in a home situation, then you might just save yourself some headache. On a practical level it's going to be the niusance neighbor or wannabe wardriver that it's going to deal with most, for which these measures would be enough to deflect.

    You make it sound as though I'm arguing against using encryption, which is not the case. Use what you have, there are more than just uber-hackers that might try to connect to your network.
    Last edited: Jul 10, 2006
  9. charincol
    Offline

    charincol Registered Member

    I never meant they were grossly inconvenient, just that for all practical intents and purposes a waste of time and irrelevant to any real wifi security.

    I would hate for someone to think they would be "safe" by using security that isn't really secure and then have something malicious happen to them because of it. These days, someone with a big enough antenna on their laptop can gain access to wifi from over a mile away.

    Yes they can, and yes they do.
  10. LockBox
    Offline

    LockBox Registered Member

    Sorry, they can't and no, they don't.
    A ragenge extender can maybe double the regular WiFi range, but that's it.
    One mile for a WiFi Signal? No way.
  11. Notok
    Offline

    Notok Registered Member

    It's defense-in-depth, aka layered security, and I'd rather my access points expend their resources on my traffic than theirs. I'd guess that 99% of the attempts that you'll encounter in the real world will be stopped by those measures, but I would certainly hope that nobody here would think I'm suggesting anything less than adding these to as strong of encryption as possible.

    I'll agree that if you're having problems then it's not worth losing sleep over, but if you've already got a stable connection then it will pose no real inconvenience beyond what it takes to enter the MAC addresses, and may well be worth it (depending) IMHO.
  12. charincol
    Offline

    charincol Registered Member

    Here is an article over a year old by George Ou (who is lot more knowledgable on this than I am) titled "The six dumbest ways to secure a wireless LAN" http://blogs.techrepublic.com.com/Ou/?p=43. Someone asks him about it later and in this article "Are WiFi security myths good for deterrence?" http://blogs.zdnet.com/askbloggie/index.php?p=23 he brings up the most logical reason why SSID hiding and MAC filtering are just plain worthless. WPA is pretty convenient security to use and yet with a random passphrase long enough (because dictionary attacks are the only way to crack it) it is impossible in your or your grandchildren's lifetime's to break it with current hacking tools. WEP is more inconvenient and crackable in a few minutes. MAC filtering is even more inconvenient (and turns nightmarish the more nodes on a network - I do realize this is more focused on home networks) and can be cracked along with SSID hiding in a matter of seconds without being a computer guru using easily available tools on the net.

    There are about 6 ways your SSID is broadcast and and by hiding your SSID in your router's configuration, your only turning off one of those. Your SSID is still being broadcast 4 or 5 other ways.

    To say that these are okay for a common home wifi and you only need to worry about your neighbor getting into your home wifi is balderdash. Also why do you want to use anything that is more inconvenient and provides lesser security for anything?

    "One mile for a WiFi Signal? No way."
    Gerard, where do you get your info from, the cartoon network? (And I am asking that in all sincerity because over a mile is easily possible.) In 2004, teenagers at the DefCon hackers conference in Las Vegas were able to make a wifi connection over 55 miles in distance http://www.wired.com/news/culture/0,1284,64440,00.html and in 2005 made a new world record in making an almost 125 mile 802.11b connection for over 3 hours. Of course they were using highly customized antennas. But here is another article that mentions how in 2005 at the next DefCon hackers conference, hackers ran around and tried to pick up a 1000 wifi networks in 2 hours http://www.itweb.co.za/sections/internet/2005/0508081002.asp?S=Reuters&A=REU&O=FPW using antennas like these http://seattlewireless.net/index.cgi/DirectionalYagi and here is video showing guys hacking into a bluetooth enabled phone from over a mile away http://www.youtube.com/watch?v=x2h0shuImsA&search=bluetooth and downloading the address book (Can anyone say, Paris Hilton?) Here is another article that mentions how your wifi driver software on your laptop can be explioted to gain access without you even being connecting to a wifi network http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html. So, I reiterate, yes hackers can hack into your wifi network from over a mile away, and yes they do.

    There was a time when most internet security minded people thought that a simple firewall and common AV were enough to keep out malicious junk because, "I don't have anything of interest on my machine that a real hacker would want." Things have changed. Now those same people (which include people here at Wilder's and other security forums) believe differently because of the alarmng statistics that show such things like most home computers having a zombie bot of some kind (adware, spyware, trojan) running undetected and phoning home.

    I'd say that the same mindset of internet security of about 8 years ago exists today about wifi security, and that it needs to change real quick, especially by security minded people. The botton line is, good security is good security, and bad security is bad security, and what may be good security today, may be bad security tomorrow.

    It makes more sense to only enable WPA/WPA2 on your home network which is the most convenient and bulletproof security measure on most home wifi routers today, than to mess around with other methods that may end up being more time consuming and inconvenient and provide little to no wifi security. My D-Link wifi router broadcasts "default" as the SSID and only has WPA-PSK enabled and there is no known methods for breaking into it because my passphrase is over 20 characters including upper and lower case letters, numbers and characters that is easily remembered by me that would take at least thousands of years to crack with current available resources.
  13. Genady Prishnikov
    Offline

    Genady Prishnikov Registered Member

    What you say is true, but your "Cartoon Network" crack is an attitude you don't usually find here at Wilders. Nobody here knows it all - including you. This may come as a shock to you, but you will one day learn something here and write something that's incorrect. Let's hope someone more knowledgable will be a bit less jerky, and kinder, than your "Cartoon Network" comment.
  14. charincol
    Offline

    charincol Registered Member

    My cartoon network remark was returned in kind to the comment "Sorry, they can't and no, they don't." which was a very condescending statement that I received as telling me that I didn't know what the heck I was talking about. When someone tells you, "Sorry, [Whatever it is you just said is BS!]", isn't that person basically telling you that your statement is wrong just because they FEEL that it is wrong for whatever reason and think that automatically puts them in a position of intectual superiority over you because you are obviously being dumb in their opinion?

    Where was Gerard Morentzy's facts to back up his statement that I was wrong? Did he do the research like I did before he made his statement? Apparently not. I do not make statements that I tout as fact without having learned about it first. I do not immediately dismiss someone's else's remarks here or anywhere else just because I think they are ridiculous. And I certainly don't think I know everything, I just may be more diligent than others in finding information.

    Six months ago I knew next to nothing about wifi. I didn't even know what WEP was because I hadn't bothered or really needed to learn about it. When I first started using wifi, I thought that SSID hiding, MAC filtering, and WEP were good enough. Then I learned a little more about it, and decided, based on facts, that my wifi security sucked. So, I changed my wifi security methods having realized how naive I had been about it previously.

    My question concerning the cartoon network was a valid question to a statement that was not fact-based and walk the sophomoric line.

    I stand by my claim that enabling WPA if it's available on your connection is the only encryption and security needed for home wifi today. If it's not available, then get it.
  15. Escalader
    Offline

    Escalader Registered Member

    Well well, I decided if anybody out there cares, to scap my wireless home network.

    I'm all via ethernet cables now and a Linksys router for the 3 PC's at home.

    While the cable guys were installing the new DSL service, they showed me all the secured and unsecured networks on in my neighbourhood and how they ride them to send personal email! they just use their own lap tops in the truck!

    On the ones that are "secure" take 45 seconds to crack the 128 bit security codes in the wirless modem whether they rotate the codes every so often or now.

    What I want now is a good software firewall for in and out trafic and a good encription package (free or not) so I can do selective or not file/folder encription of private data. Any ideas or references you can point me to? Has anybody reliable done a comparison encription software study lately?

    Escalader
  16. Genady Prishnikov
    Offline

    Genady Prishnikov Registered Member

    That is true, with WEP. That's why nobody would recommend WEP these days. WPA is the only way to go. Nobody's going to crack that in 45 seconds!
  17. Escalader
    Offline

    Escalader Registered Member

    Re: How do encrypt my router based network?

    Hi Again:

    I've made some security progress, but have a few (dumb?) questions:

    1) What in simple terms is WPA? firmware? software or Hardware?
    2) I've scrapped wirless now have alpashied hardware firewall with my linksys router with all computers hooked in via ethernet wires?
    3) Just install ZA Pro.


    Now what? Do I stll need a WPA encription tool? or do I already have it?

    Escalader ( happy labour day)
  18. Devinco
    Offline

    Devinco Registered Member

    Re: How do encrypt my router based network?

    Hardware and firmware within the wireless router and wireless network cards.
    more info here: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

    What is alpashied? applied? activated?
    If you have deactivated the wireless setting within your router, then you will connect with ethernet cables.

    Good. Password protect it and configure it well.

    No. You don't have to be concerned about securing your wireless network because there isn't any after you turn it off in the router and remove (or deactivate) the wireless network cards in each computer.

    Enjoy Labor Day! :D
  19. Escalader
    Offline

    Escalader Registered Member

    Re: How to protect my hardwired router based network?

    Thanks for the advice, I now have to figure out how to deactivate wireless network cards! I like to learn stuff.

    Sorry about my spelling error, I have an Alpha Shield hardware firewall device.
    It blocks 99% of inbound intrusion attacks. Leaving the 1 % to be caught by the ZA Pro software!

    Unless I learn something specific to stop me I intend to place the H/W firewall in front of the router, thus protecting all PC's on my mini network. If it is true that 30% of intenet trafic is "evil", then this should give the router 30% less work.

    Comments at your convenience!

    Escalader
  20. Toby75
    Offline

    Toby75 Registered Member

    I learn so much from this place..thank god this forum exists!

    I have a question.....I have a laptop that's about 4 yrs old and doesn't support WPA....so I'm stuck with WEP....what exactly do I need to upgrade to WPA...is it a matter of getting a new wireless card that supports it or is there more to it than that.

    If I won't be able to upgrade what is the best possible alternative for securing a network?...I've heard of many alternative ways to do it but which one/s are more practical?

    Regards,
    Toby
  21. Devinco
    Offline

    Devinco Registered Member

    Indeed, this site is one of the best blessings of the information age we live in. You ask a question and you get an answer from people all over the world. It's like magic!

    You will need to disable the built in wireless in you laptop BIOS.
    Yes, you will need a new wireless card and your Wireless Access Point(Router) will need to support WPA also.
    Try to get ones that support WPA2.

    There are several things that can be done and have been mentioned in other threads.
    None of them provide real protection from a determined attack. They are mostly for preventing casual access to your wireless LAN.
  22. Toby75
    Offline

    Toby75 Registered Member

    My router supports WPA2...so I just need the wireless card upgrade....thanks :cool:
  23. Escalader
    Offline

    Escalader Registered Member

    If I were you (and I'm not) based on what I have experienced personally with the phone companies wireless modems, and flawed encrption methods:
    1. Scrap wireless idea outright, unless there is some real reason to have it
    2. If you must have , get the weakest possible range for it!
    3. alter the user id and password for the modem
    4. some of the firms McAfee for 1 have software that perports to secure wireless
    5. Assume you PC will be compromised by it and encrpted, back up change paswwords frequently

    If you know all this I appologize in advance, everything else written here by others is bang on target!

    Avoid it if you can, if you must don't use it for anything important like say banking.
  24. Toby75
    Offline

    Toby75 Registered Member

    I need my wireless connection...have 3 laptops in the family that all use it. It's much better than tripping over RJ45 cables which I've done several times in the past. :p
  25. Escalader
    Offline

    Escalader Registered Member

    Toby:
    That being the case, I withdraw my point 1.

    The remaining advice I leave as is. These networks are convenient and as you point out "trip free". But I hope not to see a post in the future how your bank account has been hacked.

    Maybe you guys only surf and play games to it doesn't matter about privacy and security so much. It depends on what you do applications wise on these lap tops.

    Your email could be compromised, but if that doesn't matter go for the gusto!
Thread Status:
Not open for further replies.