Friday, March 6, 2009

WIRELESS SOHO

Mighty Tips to keep your SOHO - Wifi Network secure!!


These days wifi networks are found in abundance be it a home, a hotel, a motel, a small office....it is really a benefit and a ease to carry you laptop at any corner or any room and start working if that place is in the reach and you wifi strength covers it....be it in a cafe takin coffee sips and clicks or be it a motel having a hard time as the presentation is tomorrow..wifi has made it all so easy and handy. But after having all these facilities deployed there a few questions that arises??

#) Are you the only one accessing your wi-fi Network?
#) Are you sure no body is sneaking around in your network?

As it is quiet easy to carry around a laptop and use the wifi connectivity in the same ration it is risky too when seen from a security perspective....All the digital transactions made via your laptop might be lying at someone's table ready to be analysed. These days wifi networking devices don't always help your need of security...so above all you your self need to be a bit conscious and take over the charge. Here are few points outlined that might help you in securing ur wifi network and keeping them out of reach of the Dirty Hands.

1)Turn the encryption system on (WPA/WEP whatever your wifi device supports):
Almost all of the wi-fi devices come up with in built encryption techniques. What these encryption system does is they just play a rumble with the data sent over the air and turn them in to sh!ts so that they are transformed in to unreadable formats often termed as craps....There are many different encryption mechanisms employed that exist for the facility today. Generally because of the human nature you will go for the best, conditions are they must work along with your network. All the devices (wi-fi) in the network must share a same encryption key to talk to eachother..so there might be chances that might create conflicts betn two devices that dont support a encryption mechanism used by one...or say the technique that one uses might not be supported by the other..so again her you will have to choose an option that will work for all. If the choices are WPA and WEP only than I wud recommend you to go with WPA ;) the reasons are obvious hehe..


2)Change the default login credentials:
By default every wi-fi vendor does implement some sort of access authentication systems in their devices..the general is a web based authentication that contains a username and a password. The first thing one must after he gets in is change in the default settings (password) and username too if possible. As because these devices are as a nucleus of any wi-fi network high priority must be given to the security of these devices as one mis-configuration might result in a chaos. In general, to configure, maintain and set up these devices a web base platform is provided that needs authentication and/or account information to be accessed for. These platforms generally come with a default set of everything..the login credentials too that are like

Username<==>Password
admin admin
admin NULL(means no password required)
NULL 00000 (they are zeros and must not be mistaken with the letter o)

and so on...so as these are the default set of login credentials and are different with vendors, but are known to public (and attackers more often) so it is indeed a good practice to change them up.

3)Enable MAC address or Hardware address filtering:
Every network device that exist in this world has its own unique identifier that is in no way same to any other device from the same vendor or from any other...these identifers are called physical address OR' MAC address. Access points and routers in the network keep a log of all the hardware addresses of all the devices (wifi cards) connected to them. And these days many of such AP(Access Points) and Routers have an option to restrict connections and or accesses to any hardware address defined in the AP or the router. This is generally a good practice if you dont want average computer users connect to your network and use your resources but if in case a intruder gets hand on the physical address of the devices in your network than s/he can easily make fake addresses and than be a part of your network. This feature is not as effective as it seems, the reason is clear....ah WHY??

4)Change the SSID name:
Wifi devices such as Access Points and wireless Routers use a network name known as the SSID (Service Set Identifier) to make the devices know of them. Generally vendors normally have their name as the default SSID names. For e.g, Dlink has the SSID name as "dlink" Linksys has "linksys" and so on. If you ask that what can one do if my SSID is known than the answer is they might be able to break into....though this is the first step one would take. Moreover there is a logic if someone finds a box with SSID set as default than there are chances that other things are kept default too..rite!! and thus are much more likely to make it a victim. So better change the SSID immediately as you change the password.


5)Hide the SSID from public:
In wireless networking, the AP or the router generally broadcasts the network name (SSID) as discussed above in the air at periods. It was generally designed for businesses and mobile hotspots where wireless clients may roam any where. This feature is generally unnecessary while being in a home or such places. So when not in use it is better to keep it off as it will just do the thing as "Hey do u see me I am a AP/Router and I am here".

6)Do not auto connect to wide open wi-fi networks:
While as it is a good thing and a luck to find open networks....it is a place of high risk in the same ratio..cases have been registered whereby open APs and Routers are setup to acquain victims and than play with them. So better not connect on any free hotspots till you trust them.

7)Disable DHCP in the AP or the Router:
It is generally seen that many of the APs or the Routers that are used are running DHCP server running in them that reduces the hectic job of assigning the IP address to each client on the network manually. But in the other hand it will notify the attacker of the IP address and the all the information being used as he might obtain a valid IP address automatically. So its a good practice to turn DHCP off and assign the addresses manually this wont let the intruder know of the subnet being used moreover user subnets else than 192.168.x.x as this is the most common subnet used.......

8)User firewalls:
As modern wifi devices come along with a builtin firewall and other options it is a good thing to make a use of them denying all unnecessary services and applications in the network...except from those which comes to regular uses.


9)Turn the network when not in use:
Well I needn't tell this but there are ppl who want their wi-fi devices be online always though not in use...why to take risks and provide a long lasting window to the attackers instead it is a better to turn the device off if they wont be in use for a long time.....saves both electrcity bill and your network ..... ;)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)