Monday, May 19, 2014

Securing Wi-Fi Connections




       Nowadays, Wi-Fi has been significantly increasing in every household.It seems that it has become part of our everyday life.There are many Internet Service Providers (ISP) offering instant Internet with Wi-Fi Ready Connections. But company installer failed to educate the users of the possibility of being hacked.These Wi-Fi ready connections arrived at your home with pre-configured settings leaving the user unaware that this set-up is less secure and vulnerable to hacking.

   Let's take the case of the popular PLDTMyDSL Internet package offered by PLDT ( Philippine Long Distance Company ), this Internet Wi-Fi ready uses the pre-configured SSID ( Service Set Identifier ) or commonly called Username which is PLDTMyDSL and a pre-configured " password " which is based on the last 5 characters of a device MAC  address.For example a PLDTMyDSL device has a MAC address of 00:11:22:33:44:55 the the pre-configured password for the wi-fi is PLDTWIFI34455, take note of the last 5 characters of MAC. A techy person or lets say a hacker who is equipped with Wi-Fi scanning device may scan all the Wi-Fi connections in the vicinity with PLDTMyDSL, and it will automatically shows the MAC address of every Wi-fi active thus enable them to connect with the so called pre-configured password.


Scanned Wifi Connection showing the target.



It's easy. Although there are many ways to hacked a Wi-fi password.. So let's put some security better than nothing and do not depend only in pre-configured security. Here are some important tips in securing Wi-Fi for Home Users.  

  1. Create a strong password with alphanumeric and special characters, uppercase and lowercase so it won't be easily brake by Brute Force Hacking. ex P@sSW0Rd1127
  2. SSID Cloaking- Hiding the username or choose not to broadcast it. Usually, when you connect to a wi-fi you will see the username, in this option when the user try to scan for active connection your wi-fi username is hidden in public. But this not doesn't mean you are already safe, as I've said there many ways and advance method. In hacking, time is important. One technique to avoid is prolong the time period when hacker try to bypass your network security.
    SSID On/Off Fucntion.
  3. MAC Address Filtering - This option puts  you in control which client or device is only allow to connect to you Wi-fi..Every device capable of connecting to network or the Internet has a unique identifier called MAC address. By applying this option you will have an inventory all of your device that is allowed to connect, see the image below. Device that is not listed will not be able to connect to your wi-fi even if they know your password.
    Mac Address Filtered

    4. Use WPA2 Encryption / Authentication instead of WEP and WPA only. WPA2 has better and stronger encryption compared to WEP or WPA. This kind of encryption is not easy to hack. While WEP and WPA can be easily hacked. But, if your Wi-fi is an old one you will not have  the option of WPA2.
          WPA2 has two options, one is WPA2-PSK/EAP which is designed for home users like you see                   above and the other is WPA2-Enterprise widely used in Business and not likely easy to configure.


5.  Don't use WPS ( Wi-Fi Protected Setup ) it is the most easiest way to configure a network  security  but vulnerable to Brute force Hacking.  Most router is configured in this way by default. So, it would be better to turn it  off. But newer models abandon this design because of security flaws.


 
 6. Secure your "router" or "modem-router"- Your router is your gateway to the Internet, so it must be secure also.How ? Every router has a so called I.P address..How do you know your router I.P  address and access it.
                     
In Windows hold down this key "windows logo + r" it will show RUN window then type CMD and enter


Type ipconfig then enter

This is my router default gateway 192.168.2.1, it may vary depending on your config.

Open any web browser Firefox or Chrome and the like, type the I.P address exactly in the box, ex.192.168.2.1 then enter, a page will appear corresponding your router.It will ask for username and password. Most routers have default username of "admin" and password of "admin" or username of "user" and password of "user".(without the quotation mark).But sometimes it depends on your router, see your documentation or google it for the default user and pass corresponding the brand and model.Your router is a depository of all your configuration, this is your first line of defense,including wi-fi config and it serve also as a firewall.So if your router has a default password better to change it for added security.





So far this are the Basic Overview of Securing your Wi-Fi Connections. But this basic knowledge will deter or avoid any incoming attack from black hat hackers. Because, " Wireless Network by design have many insecurities which are easy to exploit ", so we must lay a strong foundation.

As Thomas Kempis said,

"The loftier the building, the deeper the foundation must be laid."

_________________________________________________________________________________


                                                 


No comments:

Post a Comment