Thursday, April 17, 2008

Wireless Security

Home Wireless Security Settings Tips

ENABLE WIRELESS ENCRYPTION:

Enabling Wireless encryption is essential otherwise every one within your Radio Frequency (RF) range (and remember the Wireless network world record distance is 125 miles!), at best can capture your traffic compromising surfing habits, gathering usernames and passwords and at worst sharing illegal images or hacking over your Wireless network for which you are legally responsible.

DO NOT USE WEP (WEP is trivially broken)

DO NOT USE A DICTIONARY BASED WORD FOR YOUR WPA/WPA2 PSK

DO USE WPA2 (BEST) or WPA (NEXT BEST) WITH A NON-DICTIONARY PSK

Note: Use AES encryption where you can, it's the strongest available.

DISABLE SSID BROADCAST:

Ensure you disable the SSID broadcast on you Access Point this will hide your Wireless access point from casual WARDRIVERS. While it is still trivial for a proficient WARDRIVER to determine the SSID it makes him/her work that little bit harder and there may be easier targets in the neighbourhood.

ENABLE MAC FILTERING:

Ensure you configure your MAC filters, this will tie your access point down to only those devices with the MAC addresses you specify.

CONS: MAC addresses can be spoofed fairly trivially in both Windows and Linux.

UPDATE FIRMWARE:

It is essential to keep you Access Points firmware up to date. Vulnerabilities are discovered daily and it could just happen that your Access Point is compromised through a newly discovered exploit this is not restricted to Wireless attacks and may even occur via a wired interface

ENABLE SECURITY FEATURES:

While this may seem obvious ensure all of you Access Points security features have been enabled, many Access Points security settings default to non-enabled for functionality purposes.

CHANGE DEFAULT PASSWORD:

The default password for your Access Point should be changed at the earliest opportunity, to a strong non-dictionary based word to ensure no attackers are able to reconfigure settings.

ENABLE HTTPS :

Management of the access point should be carried out via HTTPS (which is encrypted) in preference to HTTP (which passes traffic in clear text) to prevent your Access Point management username and password from being compromised.

LOGGING:

Ensure that logging is enabled (it is too often disabled by default) on your Access Point and check those logs regularly. Logs will hopefully give you an indication of whether or not you have an unwelcome visitor.

PARANOID?

I believe that the 7 settings already discussed (if carried out as described) will make your Access Point more than reasonably secure. For the truly paranoid (and we count ourselves among them) however, we have 2 more.

DISABLE THE DHCP SERVER:

Rather than have the Access Point's DHCP server issue wireless clients (which could include a wireless attacker) with all the configuration necessary to join the network (and thus the Internet) we prefer to statically configure these settings on the client. We also prefer to use a IP range that is not easily guessed (i.e. not 192.168.0.X or 192.168.1.X etc.) whist still in the private address range.

POWER OFF WHEN NOT IN USE:

If you're going away for the weekend or on holiday, turn off that Access Point. If its not active, it's not going to be compromised.

Disabling wireless client machines when not is use is equally important. For example an Access Point with no clients can make discovering a hidden SSID truly challenging.

The images displayed are taken from a Linksys WRT54G Wireless Access point and are included as a rough guide as to the settings discussed.

No comments: