After a few incidents of Indian Mujahideen hacking into Internet accounts of unsecured WiFi connection it is very important for everyone to make WiFi secure and this article will show you How to protect your WiFi from hackers.
Indian Mujahideen sent out in the aftermath of the Ahmedabad and Delhi blasts, who hacked into unsecured WiFi networks to send out the terror e-mail.
Well, I have been using WiFi for the past three years and before I could use I read a couple of articles on the web to check the best security and how to enable the same.
Anyone can get into your WiFi connection if your WiFi is not secure, before we start about how to secure the WiFi, let’s check if your WiFi is secure or not.
Right-click on the small wireless network icon on your Task Bar, below image shows the icon marked in red:
This will bring a small menu as shown below image, select “View Available Wireless Networks” from the menu.
The image below demonstrates two WiFi networks that Windows discovered. If you notice that SS wireless network is an ‘Unsecured wireless network’ whereas KuchBhi.com wireless network is a ‘Security-enabled wireless network’ which is secured
This means anyone can connect to SS WiFi without any security Key, whereas KuchBhi.com needs a valid security key to connect.
Now that you know SS is not secure which can be the same case with your WiFi router.
Following are the steps which will help you secure your WiFi network:
Router / Access Point
This is the main configuration unit. If anyone gets access to this, changing any settings like passwords, encryption, and MAC address is very easy. Most routers have default passwords and SSIDs. These SSIDs and passwords should be changed by the owner to make the entire system more secure.
1. Default Login
The first task should be to change the default user login to something else. Most of the routers normally come with default usernames and passwords like admin/admin or similar. The router can be configured using a web browser and the router’s IP. These usernames and passwords are used while accessing the configuration screen.
Not all router software is foolproof, you must always visit the manufactures website and look for updates for your router/access point. The updates include security updates and other updates as well, recommended to check every once in a while.
3. Infrastructure / Ad-Hoc
With infrastructure, mode enabled all devices connected to the wireless LAN communicate through the access point/router while the Ad-Hoc mode allows for direct communication. Disable Ad-Hoc mode if available.
The SSID, Service Set IDentifier, identifies your router. Most companies use default ones that come with the router like Linksys, wireless, or WLAN or they use their company name, which is easy to guess. Choose a more secure password, the best is a combination of letters and numbers.
The most important part is to disable the SSID Broadcasting, which transmits its ‘SSID’ name to everyone in range.
Wireless clients searching for a network connection can ‘discover’ it automatically. If you know the SSID then you can configure your computer in that way. It does not make sense to change the name but leave broadcasting on.
Note: It is still possible to sniff the SSID, as it still sends in clear text when a client associates with the router/access point.
Turn off Broadcast pings on the access point/router this makes it invisible to 802.11b analysis tools.
6. MAC Address Filtering
Every network device has a unique MAC address. The access point/router can be configured so that it only accepts connections from the list of Mac addresses (es) specified.
Note: It’s possible to sniff your Mac addresses and fake those, doesn´t rely on this alone.
On windows open the command prompt and enter the command ipconfig /all
The Physical Address is your MAC address, make sure you selected the right device, a WLAN PCI card for example.
To fetch the MAC address for any other operating system other than Windows go to this website.
7. Remote Management
Remote management is used to access/modify and configure Router / Access Point from any client machines using login id and password, it is recommended that this is disabled, for any configuration one must connect physically to a machine via a network cable.
8. WPA, WPA2, or WEP
Nowadays most WiFi access point offers WAP, WPA2, and WEP types of access, if WiFi offers WPA2 encryption then use it.
WPA2 uses AES encryption. If the router/access point does not support WPA2 then one can choose WPA and as a last resort use WEP. After selecting the type of security, make sure a password is assigned which is more or less immune against dictionary attacks and choose the highest available encryption option (232 ->104 -> 40)
9. WLAN Coverage
Most of us use WiFi either at home or in offices where the range is small so it does not make sense most of the time to provide WLAN coverage for a wider area than your own apartment/floor. It is recommended that lowering the transmit level and the use of directional antennas to reduce the area your WLAN covers will help in providing WiFi signals to specified areas.
11. It is recommended that the encryption keys and the SSID are changed very frequently.
12. Most of the WiFi at home and offices are kept on for 24 hours, it is recommended that the WiFi is turned off when not in use.