http://arstechnica.com/paedia/w/wireless-security-howto/home-802.11b-1.html
802.11b networks are proliferating like mad. Even though faster wireless networks are now available, 802.11b offers users what they want at a reasonably low price. While the high throughput of other technologies is attractive to large Local Area Networks (LANs) and people wanting to use wireless for high-end home entertainment purposes, 802.11b's 11Mbit/sec is more than enough to hook up a handful of clients in your home to the Wide Area Network (WAN), which in most cases is simply the Internet.
However, as we have seen in War Flying San Diego and War Flying Silicon Valley, many users are not taking adequate steps to secure their 802.11b networks. This guide is going to give a practical overview of the methods you can use to lock down your network as tightly as possible without purchasing additional software or setting up Virtual Private Network (VPN) support. If you want a broader overview of 802.11x technology and its security issues, check out our Wireless Security Blackpaper. It's a great article that covers the hows and whys of wireless security issues, and anyone in IT should read that paper before implementing a wireless solution. This article, however, will be focused on the home/small network.
Before we get started, verify that your wireless LAN is in fact working, and then check to make sure that you're running the latest firmware. Many of the earliest 802.11b routers came with lax security features and extremely weak security key options, but a simple update will probably provide you with the options you need to begin to secure your wireless LAN. And we should note, as well, that keeping up with firmware is always a good idea, because security bugs tend to pop up from time to time, anyway.
Note: 802.11a consumer-end security is, for the most part, the same as that exhibited in 802.11b. Furthermore, depending on your hardware manufacturer, you may or may not be able to follow all of these practices.
Basic strategy: don't be an easy target, and know what you want to secure
802.11x is not without its flaws. If someone wants on your wireless network bad enough, they'll probably get on one way or another. What your average home user needs to do is simply not provide fertile stomping grounds for people who are out for an easy target. You might wonder why anyone would even want access to your network. In most scenarios, your wireless network provides perpetrators with two things: 1) access to your local network (the computers connected up in your house), which if unsecured means access to your data, and better yet, 2) access to the 'net. 11Mbits/sec isn't a bad little heist for someone who wants to spend all night downloading pr0n from your connection, or perhaps they'd rather mail bomb the government or something. It's no matter--just don't be an easy target. We're gonna help.
Thus, strictly speaking, there are two things that a user will want to secure: 1) client-to-router traffic, and 2) cracker-to-router access to the LAN/Internet.
Client-to-Router concerns
In this first instance, your concern is that you don't want someone to be able to see (aka, sniff) the data that travels from your legitimate clients to your wireless router (e.g., e-mail, URLs, your passwords that are plaintext, etc.). The simple fact of the matter is that if a cracker sits within range of your network long enough, with the right tools they will break your basic encryption (if you even have it turned on, which most people apparently do not). Without purchasing rather expensive software, all of the traffic that flows between your wireless laptop (for example) and your router can be seen by a cracker with minimal effort. Therefore, if you work with extremely sensitive data, doing so over a wireless connection is dangerous, unless you are using safe tools. For example, if you want to administrate your UNIX servers via a terminal connection, using SSH makes WEP security irrelevant, since traffic is encrypted via SSH, and SSH is rather strong.
Of course, corporate entities may enlist the help of commercial Virtual Private Network (VPN) software to secure such traffic. See the Wireless Security Blackpaper for more information.
Cracker-to-Router Access to the LAN/Internet
The second issue involves officially becoming part of your network, and enjoying all which that may entail--including free access to the net, any open shares you might have, etc. For most users, this is the issue to worry about. Your average war driver isn't looking to crack into your super secret anime collection. Rather, they want free pipe. In this article, we're going to address both concerns. To keep things clear, we've divided the article into three parts: (1) Lock down must-dos, (2) Additional security options, and (3) Little tricks.
Part I: Lock down must-dos
Lock down must-dos are just that, must-dos. If you do anything, do these. Doing these relatively simple things will instantly make you much less of an easy target. It's a bit like taking off your Where's Waldo? garb cap and removing the kick-me sign off of your back. Keep in mind that almost all 802.11x routers and access points ship from the manufacturer with the weakest security options enabled by default in order for you have the easiest time possible setting that hardware up. The default config is not, I repeat, not secure. In this regard I must applaud Microsoft; the company ships its wireless products with WEP setup by default.
Nota Bene: many of the changes suggested below will have immediate effects on your network. We recommend using a PC with an Ethernet connection to your wireless router to do configuration. Otherwise, if you make a mistake configuring your router from a wireless client, you can cut your own access off and be forced to completely reset your router. Furthermore, for safety's sake, make sure all of your wireless clients have the latest drives for the WLAN cards downloaded and installed (some really old cards may not support WEP out of the box) before proceeding.
Change the admin password and turn off remote management
These are so obvious that we're loath to mention them, but here goes nothing. Your wireless router's default password should be changed immediately. You might think, "well, I have remote access to the configuration disabled, so no one can get to me," but you're wrong. Even with remote management disabled (which it should be, unless you have a very good reason otherwise), anyone who approaches your wireless LAN with a wireless card is "behind" your firewall, not in front of it. So, if you have a Linksys router and the password is still 'admin,' someone sitting in China can't get to it from the Internet, but they certainly can from your back yard or the room next door. And once they do that, they own your wireless LAN (until you hard reset). Change the password, and turn off remote management (which will only prevent people managing your router from the WAN).
Turn off SSID Broadcast
This is the real Job One. By allowing broadcast SSID to associate, you make it easy for your pals to come over and get hooked up on your LAN for some gaming or whatnot, but you also pretty much make it easy for anyone with a wireless receiver to gain access to your network, too. Leaving broadcasting on is a bit like leaving your garage door open at night: anyone passing by looking for trouble can see without much effort that there's opportunity afoot. This is why so many clients with an SSID of 'any' can roam from place to place and find access: broadcast SSID support allows any SSID to bind. That's not good for your security. With a firmware update, pretty much every major wireless router out there now supports this option. Do it!
When you turn this off, your wireless clients will have to be configured with the exact SSID that you have set for your wireless network. This brings us to the next bit...
802.11b networks are proliferating like mad. Even though faster wireless networks are now available, 802.11b offers users what they want at a reasonably low price. While the high throughput of other technologies is attractive to large Local Area Networks (LANs) and people wanting to use wireless for high-end home entertainment purposes, 802.11b's 11Mbit/sec is more than enough to hook up a handful of clients in your home to the Wide Area Network (WAN), which in most cases is simply the Internet.
However, as we have seen in War Flying San Diego and War Flying Silicon Valley, many users are not taking adequate steps to secure their 802.11b networks. This guide is going to give a practical overview of the methods you can use to lock down your network as tightly as possible without purchasing additional software or setting up Virtual Private Network (VPN) support. If you want a broader overview of 802.11x technology and its security issues, check out our Wireless Security Blackpaper. It's a great article that covers the hows and whys of wireless security issues, and anyone in IT should read that paper before implementing a wireless solution. This article, however, will be focused on the home/small network.
Before we get started, verify that your wireless LAN is in fact working, and then check to make sure that you're running the latest firmware. Many of the earliest 802.11b routers came with lax security features and extremely weak security key options, but a simple update will probably provide you with the options you need to begin to secure your wireless LAN. And we should note, as well, that keeping up with firmware is always a good idea, because security bugs tend to pop up from time to time, anyway.
Note: 802.11a consumer-end security is, for the most part, the same as that exhibited in 802.11b. Furthermore, depending on your hardware manufacturer, you may or may not be able to follow all of these practices.
Basic strategy: don't be an easy target, and know what you want to secure
802.11x is not without its flaws. If someone wants on your wireless network bad enough, they'll probably get on one way or another. What your average home user needs to do is simply not provide fertile stomping grounds for people who are out for an easy target. You might wonder why anyone would even want access to your network. In most scenarios, your wireless network provides perpetrators with two things: 1) access to your local network (the computers connected up in your house), which if unsecured means access to your data, and better yet, 2) access to the 'net. 11Mbits/sec isn't a bad little heist for someone who wants to spend all night downloading pr0n from your connection, or perhaps they'd rather mail bomb the government or something. It's no matter--just don't be an easy target. We're gonna help.
Thus, strictly speaking, there are two things that a user will want to secure: 1) client-to-router traffic, and 2) cracker-to-router access to the LAN/Internet.
Client-to-Router concerns
In this first instance, your concern is that you don't want someone to be able to see (aka, sniff) the data that travels from your legitimate clients to your wireless router (e.g., e-mail, URLs, your passwords that are plaintext, etc.). The simple fact of the matter is that if a cracker sits within range of your network long enough, with the right tools they will break your basic encryption (if you even have it turned on, which most people apparently do not). Without purchasing rather expensive software, all of the traffic that flows between your wireless laptop (for example) and your router can be seen by a cracker with minimal effort. Therefore, if you work with extremely sensitive data, doing so over a wireless connection is dangerous, unless you are using safe tools. For example, if you want to administrate your UNIX servers via a terminal connection, using SSH makes WEP security irrelevant, since traffic is encrypted via SSH, and SSH is rather strong.
Of course, corporate entities may enlist the help of commercial Virtual Private Network (VPN) software to secure such traffic. See the Wireless Security Blackpaper for more information.
Cracker-to-Router Access to the LAN/Internet
The second issue involves officially becoming part of your network, and enjoying all which that may entail--including free access to the net, any open shares you might have, etc. For most users, this is the issue to worry about. Your average war driver isn't looking to crack into your super secret anime collection. Rather, they want free pipe. In this article, we're going to address both concerns. To keep things clear, we've divided the article into three parts: (1) Lock down must-dos, (2) Additional security options, and (3) Little tricks.
Part I: Lock down must-dos
Lock down must-dos are just that, must-dos. If you do anything, do these. Doing these relatively simple things will instantly make you much less of an easy target. It's a bit like taking off your Where's Waldo? garb cap and removing the kick-me sign off of your back. Keep in mind that almost all 802.11x routers and access points ship from the manufacturer with the weakest security options enabled by default in order for you have the easiest time possible setting that hardware up. The default config is not, I repeat, not secure. In this regard I must applaud Microsoft; the company ships its wireless products with WEP setup by default.
Nota Bene: many of the changes suggested below will have immediate effects on your network. We recommend using a PC with an Ethernet connection to your wireless router to do configuration. Otherwise, if you make a mistake configuring your router from a wireless client, you can cut your own access off and be forced to completely reset your router. Furthermore, for safety's sake, make sure all of your wireless clients have the latest drives for the WLAN cards downloaded and installed (some really old cards may not support WEP out of the box) before proceeding.
Change the admin password and turn off remote management
These are so obvious that we're loath to mention them, but here goes nothing. Your wireless router's default password should be changed immediately. You might think, "well, I have remote access to the configuration disabled, so no one can get to me," but you're wrong. Even with remote management disabled (which it should be, unless you have a very good reason otherwise), anyone who approaches your wireless LAN with a wireless card is "behind" your firewall, not in front of it. So, if you have a Linksys router and the password is still 'admin,' someone sitting in China can't get to it from the Internet, but they certainly can from your back yard or the room next door. And once they do that, they own your wireless LAN (until you hard reset). Change the password, and turn off remote management (which will only prevent people managing your router from the WAN).
Turn off SSID Broadcast
This is the real Job One. By allowing broadcast SSID to associate, you make it easy for your pals to come over and get hooked up on your LAN for some gaming or whatnot, but you also pretty much make it easy for anyone with a wireless receiver to gain access to your network, too. Leaving broadcasting on is a bit like leaving your garage door open at night: anyone passing by looking for trouble can see without much effort that there's opportunity afoot. This is why so many clients with an SSID of 'any' can roam from place to place and find access: broadcast SSID support allows any SSID to bind. That's not good for your security. With a firmware update, pretty much every major wireless router out there now supports this option. Do it!
When you turn this off, your wireless clients will have to be configured with the exact SSID that you have set for your wireless network. This brings us to the next bit...
