Wireless network security
Wireless networks are incredibly useful and flexible but are notorious for their poor security. This is an innate problem with this medium because an attacker does not need to be physically on the premises. Normal wired ethernet relies on physical security of the wires to stop an attacker launching an attack from the inside. To create a wireless network with a similar level of security requires careful planning and some extra steps which may not be obvious to wired network administrators.
The following are techniques that can be used to provide a more secure wireless network, mainly for 802.11a/b/g networks though many of the techniques can be adopted to other forms of wireless networking.
- Signal shaping is both easy to do and difficult. It is the process of shaping the signal that is outputted from the access point so that it only covers the areas it needs to. This is to prevent the signal leaking to areas where an unauthorised user can receive signals. This is to alleviate the problem of people wardriving. Unfortunately, this is difficult to carry out if your access point doesn't allow you to alter the strength of the signal. It is also difficult to guage where the signal is going. Be careful because the signal is obviously going to be 3D. It will go up through the ceiling and down through the floors (only really a problem if you are elevated, say in an office building or flat).
- RADIUS is a way of preventing unauthorised machines attaching to an access point. This is done using the MAC address of the adaptor trying to connect. It also stops crackers from impersonating another Access Point and attaching to your AP (to create a wide wired network).
- Another popular method is to use encryption at a higher layer of the OSI model, namely between the TCP/IP and the WEP/WPA layers. Popular ways of doing this are using VPN's.
A wireless router contains an embedded OS and needs to be secured as well. A wireless router is an attractive target because the traffic from all devices are present and redirecting DNS request to the attacker's own server. It contains its own operating system which may have vulnerabilities. The default configuration may place convenience over security. The following guidelines will help secure a home wireless NAT router.
- Change the default essid.
- Change the default username and password needed to configure the router. Another wireless router with the same essid could prevent a host from joining your wireless network.
- Update the router's firmware. A wireless router has its own embedded operating system. Often it is uCLinux. An older router may have an old version of the OS which has known vulnerabilities.
- Use WPA encryption. WEP is not secure because it exposes the key.
- Use a 64 hexadecimal digit random pre-shared key (PSK). An English pass-phrase will contain only 1 or 2 bits of entropy per character. Use the /dev/random device to supply the key. Another method is to roll three dice. Substitute 0 for 16, 1 for 17 and 2 for 18. The letters A to F should be substituted for numbers 10 to 15.
- Disable universal plug and play (uPNP). Universal plug and play enables a program to reconfigure the router.
- Disable WAN side configuration. Some router enable configuring the router from the internet.
- Disable Wireless configuration. Only allow configuring the router via a wired port which requires physical access to the router.
- Use the HTTPS protocol. Configure the router's web interface to only allow configuration through the HTTPS protocol. Don't use the HTTP protocol because it is unencrypted.
These guidelines are for securing a home wireless network. A larger corporate network should not use a shared key.
See also
- WLAN - how to get this problem at all