Articles: http://www.extremetech.com/article2/0,1697,1152933,00.asp
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
I have to say this: WEP is laughably easy to crack, anyone who uses it to try and secure their wi-fi is wasting their time, if you want anything like security you must use WPA2. The only thing that WEP will protect you from is people looking for free internet with no hassle at all.
These sites both mentioned a very good basic thing to do, change the default username and password. As they said, those can be accessed by anyone. During a networking event I went to in speaking with the presenter he mentioned that a surprising number of professional network administrators used the default username/password. This is a very basic thing to do and will help a lot in securing your network.
They both also brought up encrypting your network, however the extremetech site only ever mentions WEP, which as I said is practically useless in security. compnetworking mentioned both WEP and WPA, and brought up a good point. That is that not all wi-fi enabled devices can use all three of the basic protocols (WEP, WPA, WPA2, in ascending order of security) and that you may need to use a lesser one to accommodate all of your devices.
Again, both brought up changing the default SSID, though this doesn't actually do anything to secure your network unless you're running WPA(2), a default SSID marks your network as easy to crack and therefore more likely to be targeted by hackers, as mentioned by the compnetworking article. If you are running WPA(2) the encrypted password that is first sent involves the SSID in its computation, so if you run a common SSID a hacker may use a precomputed rainbow table to try a bunch of prehashed passkeys rather than having to compute them as they attack.
Both articles brought up turning on MAC filtering, so that only manually keyed in devices could access the network, and they both mentioned that hackers can spoof MAC addresses, however, especially in the case of home networks, it is unlikely a hacker will take the time to do so.
Both articles again bring up disabling your SSID broadcast, to make your network slightly harder to connect to.
Only the compnetwork article brings up disabling auto-connect, which isn't too big of a deal. This has nothing to do with the actual security of your network, so much as to prevent your computer from becoming accessible through someone else's unsecured network.
Both articles bring up turning off DHCP to prevent ease of access by intruders, this makes it slightly more difficult to access the network, and the more devices you have the more work you need to do to connect them all to the network.
Only the compnetwork article mentions turning on firewalls on your devices, though as it says, most modern equipment comes with built-in firewalls and making sure they are turned on is not a big concern.
Both mention placing the router away from windows and the like to prevent a good signal from leaving the house, if intruders don't see a good signal they are much less likely to break into the network.
The compnetwork article mentions to turn off the network entirely during extended periods of downtime, obviously not something to do in the business setting, but if you take a vacation from home you may as well to prevent unauthorized access while you are away.
A major notable difference between the articles is that the extremetech article focuses more on buisness's wi-fi security and anti-wardriving (the act of driving around finding networks and breaking into them) security, while compnetwork focuses more on the home.
No comments:
Post a Comment