 | | Welcome to Windows 7 Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows 7. The Windows 7 forum also covers news and updates and has an extensive Windows 7 tutorial section that covers a wide range of tips and tricks. | Windows 7 - Wireless Security: How To Protect Your Network
Wireless Security: How To Protect Your Network |  Wireless Security: How To Protect Your Network
Why Secure Your Network? Securing your network is an important step in keeping most hackers out of your wireless network. Adequate wireless security can keep interlopers, such as neighbors or attackers, from hogging network bandwidth (a form of denial-of-service), compromising sensitive information (such as identities, important passwords etc.), using the network for illegal downloads or introducing viruses...  ********************************************** Table of Contents Features of a Secured Wireless Network Securing Your Network (General) Securing Your Network (Linksys) Securing Your Network (D-Link) Securing Your Network (Belkin) Common Types of Wireless Threats Glossary of Terms Further Reading ********************************************** Features of a Secured Wireless Network Securing a wireless network usually comprises the following features: 1. A solid form of encryption such as WPA2 or WPA 2. Non-Broadcasted SSID 3. NAT Firewall Optional (not available in all routers), but these do add to security: 1. Turning off DHCP - Use Static IP Addressing 2. Using MAC Address filtering 3. Using Access Control Lists 4. Using Inbound Filters 5. Disable WAN Pinging  Note The use of filters and ACLs might slow the router or access-point throughput or performance. **********************************************  Information This tutorial assumes the router/ap is already setup. Securing Your Network (General)  Tip Only configure the security settings of your wireless device through a direct Ethernet connection. Be sure to save the settings before navigating away from the page. 1. Login to your router by typing its ip address in your web browser. Common router ip addresses: 192.168.0.1 (D-Link, Netgear) 192.168.1.1 (Linksys) 192.168.2.1 (Belkin, SMC) Default router logins: user:admin password:admin (Linksys), no password (D-Link) 2. Rename SSID I recommend doing this before turning off the SSID 3. Select channel Most commonly used, so do not use these: 1 6 11 (United States). 4. Select 802.11 mode 802.11N only or mixed 802.11N & 802.11G 5. Turn-off SSID (or change it to invisible) 6. Enable WPA or WPA2 Personal. Recommend using WPA2 Personal since it uses the AES cipher, which is harder to crack. WPA uses the TKIP cipher, which is more compatible with legacy or older devices. I do not recommend using WEP since it is easy to hack. 7. Create an alphanumeric pass-phrase (password) for WPA2/WPA  Tip Change the administrator settings & Save the router settings to a computer (handy if you need to reset the router) ********************************************** Securing Your Network (Linksys) Information These steps should work for all Linksys routers with the 802.11G or 802.11N standard. Confirmed to work for the WRT series of routers. 1. Log in to the router by typing 192.168.1.1 into a web browser Username: admin Password: admin 2. Click on the “Wireless” tab to access wireless security settings 3. Click on the “Basic Wireless Settings” sub tab Wireless Network Name (SSID) <= Rename this from it’s default name Wireless Channel <= Choose any channel other than 1 or 11 Wireless SSID Broadcast <= set this to disable 4. Click on the “Wireless Security” subtab Security Mode <= choose either WPA or WPA2 Personal (Recommended) WPA Algorithms <= choose AES for WPA2 or TKIP for WPA WPA Shared Key <= see step 7 under “Securing Your Network (General)” 5. Click on the “Administrator” tab 6. Click on the “Management” sub tab Password <= this is where you change your login password Information The following steps work with all E series routers equiped with Cisco Connect. 1. Log in to the router by typing 192.168.1.1 into a web browser Username: admin Password: (leave blank) 2. Click on the “Wireless” tab – to access wireless security settings 3. Click on the “Basic Wireless Settings” sub tab Configuration View <= click on manual Network Mode <= select "Wireless-N Only" only if you do NOT have any devices using 802.11G, otherwise select "Mixed" Network Name (SSID) <= Rename this from it’s default name Channel Width <= select "Auto" Channel <= select "Auto" SSID Broadcast <= select "Disabled" 4. Click on the “Wireless Security” sub tab Security Mode <= choose either WPA/WPA2 Mixed Mode (default) or WPA2 Personal Passphrase <= see step 7 under “Securing Your Network (General)” Tip Be sure to click "Save Settings" to apply your changes at each screen! ********************************************** Securing Your Network (D-Link) coming soon... ********************************************** Securing Your Network (Belkin) coming soon... ********************************************** Common Types of Wireless Threats Accidental Association Network security can be compromised through accidental behavior. Users with a notebook connected to a wired or wireless network can unknowingly connect to an overlapping wireless network. Such a connection is called "accidental association." It is a security risk because a malicious attacker can use the link created through the unknowing users' notebook to access information in a protected wired network. To neutralize this threat, switch off wireless cards when not in use, maintain all access points or use powerful data encryption. Malicious Association This threat is similar to accidental association with an important difference: The line of attack is not created through the accidental association of a user within a contained network but through the attacker's deliberate malicious acts. The attacker hacks a notebook's wireless card to appear as a legitimate access point. This creates a "soft access point" that the hacker can use to gain access to the network, compromise or steal sensitive data or plant various back doors to further compromise the network. It is crucial for companies to monitor their networks and airwaves to ensure that their computers and access points are only connecting to the company's devices. MAC Spoofing MAC spoofing is another threat. One of the most common ways to secure a wireless network is to use authentication based on a list of authorized MAC addresses. This kind of protection is only effective against low-level threats from an unsophisticated attacker. Security of a network cannot rely solely on MAC address filtering. Using stronger overlapping protection by other methods, system administrators can defend against MAC spoofing. They can do this by detecting when two computers use the same MAC address at the same time or by analyzing a wireless card's vendor data. Denial of Service (DoS) A denial of service attack is when a malicious user sends out large amounts of bogus requests that flood the airwaves, making access points unable to cope with the volume. These attacks can be made by household items that use the same frequency as the wireless network, such as a microwave oven, or through more advanced means. They work by targeting access points and flooding them with premature successful connection messages, log off commands, failure messages or other kinds of fake requests. Man in the Middle The most advanced type of attack on a wireless or wired network is the "man in the middle" attack. The attacker attempts to insert himself as middleman between the user and an access point. The attacker then proceeds to forward information between the user and access point, during which he collects log on information. The attacker then forces the parties to reauthenticate; during that process, he inserts himself into the network as the victim user. The user is then disconnected and the attacker can proceed with his attack. This kind of attack is very hard to detect, but the threat is lowered by using forms of endpoint authentication---such as a mutually trusted third party certification authority. ~ Source: The Types of Wireless Security Threats | eHow.com ********************************************** Glossary of Terms 802.11 802.11 is a group of wireless specifications developed by the IEEE for wireless local area network (WLAN) communications. It details a wireless interface between devices to manage packet traffic to avoid collisions. Some common specifications include the following: 802.11a, 802.11b, 802.11g, 802.11n Access Control List Access Control Lists (ACL) are rules applied to a router that will determine traffic patterns for data. DHCP Dynamic Host Configuration Protocol (DHCP) is a protocol which dynamically assigns IP addresses and more to hosts, which includes computers. MAC Address A Media Access Control Address (MAC Address) is a physical address used to define a device uniquely. Network Address TranslationNetwork Address Translation is the process of translating your multiple, internal IP addresses to a single registered IP address on the outside of your network. SSID The SSID is the name (or identification) of a wireless network. Static IP Addressing A static IP address is a manually configured permanent IP address given to a specific host. Wide Area Network A wide-area network (WAN) is made up of interconnected LANs. It spans wide geographic areas by using WAN links such as telephone lines or satellite technology to connect computers in different cities, countries, or even different continents. Wireless Gateway Wireless Gateway is a device that can share an Internet connection, serve DHCP, and bridge between wired and wireless networks. Wireless Gateway may also be called as wireless router, base station, or access point. WPA: Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a data encryption specification for 802.11 wireless networks that replaces the weaker WEP. Created by the WiFi Alliance before a 802.11i security standard was ratified by the IEEE, it improves on WEP by using dynamic keys, Extensible Authentication Protocol to secure network access, and an encryption method called Temporal Key Integrity Protocol (TKIP) to secure data transmissions. WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use. WPA2: Wi-Fi Protected Access 2 Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA. It is the official 802.11i standard that was ratified by the IEEE in June, 2004. It uses the Advanced Encryption Standard instead of TKIP. AES supports 128-bit, 192-bit and 256-bit keys. ********************************************** Further Reading: |  Published by | | Network Engineer Join Date: May 2009 Location: Westminster, Colorado Posts: 477 | |
Tutorial Tools | | | |  | | | | | System Manufacturer/Model Number Compaq
OS Windows 7 Ultimate x64
CPU Intel core 2 duo T 5550 @ 1.83 GHz
Motherboard Intel 965 express mobile chipset
Memory 3 GB DR 2 @ 667 MHz
Graphics Card Onboard with approx 512 MB RAM
Sound Card Onboard
Monitor(s) Displays 15"4 inch widescreen
Hard Drives 160 GB SATA WD.
Internet Speed sucks
|
09-01-2010
|
#2 | |
Dual Boot: Windows 7 Ultimate x64 SP1 & Ubuntu Oneiric 11.10 |
Linksys Router Security
I have some additional Best Practices that I want to add for the Linksys Router. I personally implement all of these. Below are my contributions and the Bold represents the Routers Tab that you should be in:
Basic Setup:
A.) Maximum Number of DHCP Users... if you own two wireless devices then change this number to 2. If you only run one of them at a time, change the number to 1. This way, even if someone can spoof your MAC address, if your logged in, they can't be assigned an IP Address on your Network.
B.) Change your Local IP Address! If someone wants to log into your Router they are going to use the standard web address to access it. (More is discussed on this directly below)
Administrator > Management Tab:
A.) Disable Wireless Access Web (if you have an Ethernet cable). This prevents people with laptops or devices outside from trying to edit your settings. They need to be physically connected to your Router.
B.) Web Access : Enable HTTPS login and Disable HTTP.
Wireless Security:
A.) In addition to disabling the SSID Broadcast, create a complicated Name just like you would your Password. For example, use characters such as _ , ! * ?
B.) Enable MAC Filtering. If you have a desktop, a laptop and a Console or iPod Touch, write down each of these IP addresses and enter them into the Fields provided.
Advanced Wireless Security:
A.) Enable AP Isolation (which is Off by Default on older Linksys WRT54G variants) It allows each of your connected devices to have it's own irtual network, preventing them from connecting with one another outside of the Routers Firewall.
Access Restrictions:
A.) If you don't use it, disable TELNET under Blocked Services
Application and Gaming:
A.) If you use programs such as TeamViewer5 that require certain ports to be opened that can expose your system, be sure to use the Port Forwarding Feature.
Conclusion:
If you combine the two Tutorials you have a pretty darn secure Home Wireless Network. The point is to make the process of hacking your Router so time consuming and difficult that the perp will likely give up and move on to an easy target since plenty exist. | My System Specs | | System Manufacturer/Model Number Dell Inspiron 530
OS Dual Boot: Windows 7 Ultimate x64 SP1 & Ubuntu Oneiric 11.10
CPU Intel Wolfdale Core 2 Duo E8200 @ 2.66GHz (333mhz FSB 1:1)
Motherboard Foxconn G33M02 Phoenix - AwardBIOS v6.00PG
Memory 4GB Dual DDR2 Samsung PC2-5300 (333mhz / FSB 1:1)
Graphics Card ATI Radeon HD 2600 XT GDDR3 256MB (PCIe)
Sound Card Realtek High Definition Audio ALC888 7.1 Channels
Monitor(s) Displays 22" Wide Screen Dell SP2208WFP w/ HDMI, Webcam & Dual Mics
Screen Resolution 1680 x 1050 SD ; 1280 x 720 HDTV
Keyboard Logitech S510 Wireless
Mouse Logitech S510 Wireless
PSU 350W Stock
Case Dell OEM Stock
Cooling Dual 9mm fans
Hard Drives Hitachi Deskstar P7K500 - 500GB - 7200rpm +
Seagate FreeAgent - 1TB - 7200rpm
Internet Speed DL: 36.01 MBs / UL: 5.8 MBs (Optimum Boost)
Other Info Network Interfaces: Broadcom 802.11g NIC (4318) ; Intel 82562V-2 10/100 ; Bluetooth 2.0 +EDR
|
3 Weeks Ago
|
#3 | |
Windows 7 Ultimate x86/Ubuntu |
Here is my Wireless Configuration:
If anyone can help me secure it/make it faster, I will really appreciate it:
The devices I use are an iPhone. 1 Netbook and 2 PC's. | | My System Specs | | OS Windows 7 Ultimate x86/Ubuntu
CPU Intel Core i5 2500k at 3.3 GhZ
Memory 2x4GB DDR3 1333Hz
Graphics Card Ati Radeon 6770
Sound Card Speakers
Monitor(s) Displays 1x 15" HD 572
Screen Resolution 1024x768
Keyboard Wired Keyboard
Mouse Wired Mouse
Cooling 3x Fans
Hard Drives 2x500GB
Internet Speed 10MB/s
Other Info Netbook: Dell Inspiron Mini
Wireless Security: How To Protect Your Network problems?
All times are GMT -5. The time now is 03:08 AM. |  |
