After the few incidents of Indian Mujahideen hacking into Internet account of unsecured WiFi connection it is very important for everyone to make WiFi secured and this article will show you How to protect your WiFi from hacker.
Indian Mujahideen sent out in the aftermath of the Ahmedabad and Delhi blasts, who hacked into unsecure WiFi networks to send out the terror e-mail.
Well I have been using WiFi for past three years and before I could use I read couple of articles on the web to check the best security and how to enable the same.
Anyone can get into your WiFi connection if your WiFi is not secure, before we start about how to secure the WiFi, let’s check if your WiFi is secure or not.
Right click on small wireless network icon on your Task Bar, below image shows icon marked in red:
This will bring small menu as shown in below image, select “View Available Wireless Networks” from the menu.
The image below demonstrates two WiFi networks which Windows discovered. If you notice that SS wireless network is ‘Unsecured wireless network’ where as KuchBhi.com wireless network is ‘Security-enabled wireless network’ which is secured
Which means any one can connect to SS WiFi without any security Key, where as KuchBhi.com needs a valid security key to connect.
Now that you know SS is not secure which can be same case of your WiFi router.
Following are the steps which will help you secure your WiFi network:
Router / Access Point
This is the main configuration unit. If anyone gets access to this, changing any settings like passwords, encryption and MAC address is very easy. Most routers have default passwords and SSID´s. This SSID’s and password should be changed by the owner to make the entire system more secure.
1. Default Login
The first task should be to change the default user login to something else. Most of the routers normally come with default usernames and passwords like admin / admin or similar. The router can be configured using a web browser and the routers IP. These username and password are used while accessing the configuration screen.
NOT all router software are fool proof, you must always visit the manufactures website and look for updates for your router / access point. The updates includes security updates and other updates as well, recommended to check every once in a while.
3. Infrastructure / Ad-Hoc
With infrastructure mode enabled all device connected to the wireless LAN communicate through the access point / router while the Ad-Hoc mode allows for direct communication. Disable Ad-Hoc mode if available.
The SSID, Service Set IDentifier, identifies your router. Most companies use default ones which comes with the router like Linksys, wireless or WLAN or they use their company name, which are easy to guess. Choose a more secure password, best is a combination of letters and numbers.
The most important part is to disable the SSID Broadcasting, which transmits its ‘SSID’ name to everyone in range.
Wireless clients searching for a network connection can ‘discover’ it automatically. If you know the SSID then you can configure your computer in that way. It does not make sense to change the name but leave broadcasting on.
Note: It is still possible to sniff the SSID, as it still sends in clear text when a client associates with the router / access point.
Turn off Broadcast pings on the access point / router this makes it invisible to 802.11b analysis tools.
6. MAC Address Filtering
Every network device has a unique MAC address. The access point / router can be configured that it only accepts connections from the list of Mac address(es) specified.
Note: It’s possible to sniff your Mac addresses and fake those, don´t rely on this alone.
On windows open the command prompt and enter the command ipconfig /all
The Physical Address is your MAC address, make sure you selected the right device, a WLAN PCI card for example.
To fetch the MAC address for any other operation systems other then Windows go to this website.
7. Remote Management
Remote management is used to access/modify and configuration of Router / Access Point from any client machines using login id and password, it is recommended that this is disable, for any configuration one must connect physically to a machine via a network cable.
8. WPA, WPA2 or WEP
Nowadays most of the WiFi access point offers WAP, WPA2 and WEP types of accesses, if WiFi offers WPA2 encryption then use it.
WPA2 uses AES encryption. If the router/access point does not support WPA2 then one can choose WPA and as last resort use WEP. After selected type of security, make sure a password is assigned which is more or less immune against dictionary attacks and choose the highest available encryption option (232 ->104 -> 40)
9. WLAN Coverage
Most of us use WiFi either at home or in offices where the range is small so it does not make sense most of the time to provide WLAN coverage for a wider area than your own apartment/floor. It is recommended that lowering the transmit level and the use of directional antennas to reduce the area your WLAN covers will help in providing WiFi signals to specified area.
11. It is recommended that the encryption keys and the SSID are changed very frequently.
12. Most of the WiFi at home and offices are kept on for 24 hours, it is recommended that the WiFi is turned off when not in use.