Tuesday July 12, 2005 Secure That WAP!
One of my neighbors just bought a brand new wireless access point
(WAP). How do I know? Well, a wireless network called NETGEAR started
showing up on the list of wireless networks at home. I'm guessing that
the neighbor isn't too wireless networking savvy since the WAP appears
to be set to its defaults (default password, default SSID, no WEP, no
WPA, nothing).
I don't think that my neighbor reads this blog, but still, here are some basics of wi-fi security:
- Change your access point's administrative password!
Otherwise, anybody with Google access can learn the default user name
and password and simply hijack the network for their own use. - Change your network's name. This will help you differentiate your network from your neighbor's NETGEAR network.
- Configure your network to use encryption.
Use WPA if you can. At minimum, use WEP. Create as long a key or
password as your equipment will allow. It's not fool proof, and both
encryption methods have been broken. Still, it does make it harder for
someone to connect to your network. That may be enough to drive a
wardriver to an easier network to break in. - Configure your computer(s) to connect to the new network using encryption. Most wi-fi enabled operating systems do have utilities that make it relatively easy to connect.
Of course, there's a lot more that you could do. You could choose not
to broadcast your network SSID (or name), and you could restrict access
by MAC address. Any decent access point will allow you to secure it
through a web based administrative interface.
Wi-fi is by no means absolutely secured. Even with all these
precautions taken, a determined attacker can still break into your
network through different means. The idea here is to make it just
difficult enough to drive a would be attacker to go to an easier target.
I still have to figure out what I want to do with my neighbor's
network. Maybe I should just let it be, but I would feel bad to leave
someone wide open to attacks like that. Any suggestions?
-- Fred
Update: Corrected the encryption method. Thanks to dav for his comment below.
( Jul 12 2005, 05:40:14 PM MDT ) Permalink Comments [4]
how about leaving him a polite note... either in his mailbox (if you can guess which neighbour it is) or in a shared folder in one of his LAN-attached machines?
Then again, that guy in Florida did just get a felony conviction for parasiting on someone else's wireless network, so disregard that second suggestion.
Posted by Robin Wilton on July 12, 2005 at 11:53 AM MDT #
That conviction in Florida does weight on my mind. It certainly has an impact on what I would or could do to help that person. I guess that a polite note on the door might be an option.
An idea there would be "wardriving for profit". You drive around, sniffing networks that are left unprotected. When you find one, you leave a few pamphlets or leaflets on the neighboring houses with contact information and an offer to secure their network for $x. That might even be ok since it would involve the detection of open networks rather than breaking in. Definitively an idea worth considering.
-- Fred
Posted by Frederic Jean on July 12, 2005 at 12:06 PM MDT #
Posted by dav on July 18, 2005 at 01:48 PM MDT #
Posted by skellious on March 04, 2006 at 10:46 AM MST #