Unsecured airwaves

Unsecured airwaves
Comment E-mail Print Share
First Published: Tue, Feb 09 2010. 10 08 PM IST

On a leash: It is easy for hackers to get to information being transferred over the wireless network.
On a leash: It is easy for hackers to get to information being transferred over the wireless network.
Updated: Tue, Feb 09 2010. 10 08 PM IST
Wireless fidelity (Wi-Fi) penetration is growing by leaps and bounds, not only among business houses, but also among residential users. As most households nowadays have at least a desktop, it makes sense to have a Wi-Fi router within homes for flexible Internet access.
But as happens with the Internet, proliferation breeds vices. If the spurt in number of cyber crimes in India is any indication, the possibility of unsecure Wi-Fi networks being compromised is high. Let’s take a look at things you need to be on top of.
Encryption woes
Data transfer over wireless networks is in the air and not confined to any wire. It is easy, therefore, for a hacker to get to the information being transferred over the wireless network. To prevent this, there is a need to encrypt the data in a way that it can only be deciphered by someone who has the decryption key.
Wireless routers have two kinds of encryption: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is considered a weak encryption mechanism as it has many loopholes. It uses 64-bit or 128-bit security keys to encrypt data of which 24-bits are called Initialization Vector (IV). Since 24-bits give only 16.7 million variations, it is comparatively easier to decode the keys. Also, the possibility of using the same IV key more than once is high—making the system vulnerable to hack attacks.
On a leash: It is easy for hackers to get to information being transferred over the wireless network.
WPA is considered much safer than WEP because it has a 48-bit IV that gives around 500 trillion variations, which is very difficult to crack. Also, the IV keys are better protected and never reused.
WPA2 is the advanced version of WPA. Since WPA is a newer technology, it is possible that many routers may not support it, so the user needs to do a firmware update.
The WPA key can be enabled by going to the Wireless Setup tab and selecting the WPA Security option. Using a passphrase, which is an alphanumeric keyword, we can generate one or more WPA keys. The passphrase should be longer than 16 alphanumeric characters and should only be known to the administrator.
Plugging the loopholes
Hackers take advantage of the many loopholes, such as weak passwords, etc., that users tend to overlook while securing their Wi-Fi networks. Configuring the security settings on your Wi-Fi router is time consuming.
Administrator password
All the routers are shipped with default factory settings, which many users do not change while connecting to the Internet. These default settings are known, as they are specific to manufacturers. The first thing you should do while setting the router is change the default username and administrator password, so that it is known only to you.
Enabling WEP or WPA encryption
The need to scramble data while using a wireless network is paramount. You should activate the necessary encryption key. It is advisable to choose WPA or WPA2 encryption rather than WEP if your router supports it. To configure the WPA encryption you have to enter a unique passphrase.
Broadcasting SSID
Service Set Identifiers (SSIDs) are public names of wireless networks. All the client machines communicate within a network using similar SSIDs. Router manufacturers gen-erally give default SSIDs; for example, the Linksys router will have a default SSID “Linksys”. A user should change this default SSID. Broadcasting SSID is a feature that is ideal for businesses and mobile hot spots where users move in and out of networks. For home broadcasting, SSID may make the system vulnerable to attack if the router is not protected by a username and password.
MAC address filtering
Media Access Control (MAC) address is identification for all the hardware connected to your network. In a home network with a limited number of users it is better to find out the MAC addresses of all the machines connecting to the network (enter ipconfig/all in the command prompt to get the whole list). The administrator should then feed these numbers under the “permit only” tab in the Wireless Network Access tab. This will ensure that any system whose MAC address does not pass the filter will not be able to access the network.
Positioning the router
The range of wireless routers may exceed the boundaries of your house, but its strength reduces with distance. It is deemed best to have the wireless router inside the house rather than on the window so that there is very little leakage.
Switching off the router
This may seem a very trivial thing to be included in this section. But remember, you must always switch off your router when you are not using it so that hackers don’t have access to it.
*********
Common Wi-Fi Hacking software
NetStumbler: A Windows-based tool used to locate open wireless networks
Kismet: Displays SSIDs that are not broadcast
Airsnort: Cracks WEP encryption keys
Cowpatty: Cracks WPA- pre-shared key
Wireshark: Sniffs data transferred over a wireless network
Wi-Fi Jargon
Encryption: It’s the process of scrambling legitimate information using algorithms called ciphers, so that the information can be decrypted only by someone or something that has the encryption key.
Service Set Identifier (SSID): It is a name that identifies a particular 802.11 wireless LAN network. For the client machine to connect to the network, its SSID should match with that of the router.
WarDriving: It’s the act of locating and logging on to wireless access points from a moving vehicle using a laptop or a PDA or a cellphone.
This story is brought to you by digit
Write to us at businessoflife@livemint.com
Comment E-mail Print Share
First Published: Tue, Feb 09 2010. 10 08 PM IST