Now that we all have wireless routers in our homes and workplaces and we rely on them to order food and clothes online, we need to ensure that our security is not compromised. Hackers or script kiddies may give you a hard time with your wireless network if it is not configured properly.
To perform the settings below, you will need to connect to your router with a web browser, I recommend Chrome to do this but any decent browser would do the trick. I used Linksys routers in this example as they are widely used, but in case you have another brand do not worry, you will probably encounter the same settings in a slightly different environment.
Connect to http://192.168.1.1 in your browser, when the username/password dialogue appears use;
username : “empty” (do not write anything)
password : admin
username : admin
password : admin
If these do not work, please consult your user manual, which you probably threw away months ago or do a Google search like “WRT54GL default password”. This should help you get started.
Anyways, once you are in the router configuration pages, do the following and you will not have much to worry about:
1. Change your default wireless name
Default wireless name assigned by your brand new wireless router is not safe to use, it gives information about its brand and hence known vulnerabilities are easy to check for the hackers. It also allows a brute-force password guessing attack which utilizes rainbow tables (yeah, rainbow tables and sh**, I know stuff), decreasing the time required to guess a wireless network’s password. Use a simple name like wl5 , do not use your name, surname, child’s or your cat’s name. Do not use anything that can be traced back to you.
2. Do not use WEP encryption, use WPA2 if your router supports it.
The problem with WEP encryption is that, the password looks complicated at first sight. You may not even be able to memorize it. This is just an illusion, it takes only 10 minutes to crack a WEP password, thanks to a mathematical error in its formula. Change it to WPA or better to WPA2 if your router supports it. Read on item 3 to see how this should be done.
This is really important, do not use WEP in any case; even it promises to reserve you a nice spot by the sea in heaven…
3. Use a complex password & change it regularly
WPA2 is secure by its nature, but if you give it a simple password like “password1” or your phone number, or your child’s name, you will be hacked. Use a passphrase like “godZillax2189!” which does not happen to be a word within a dictionary or the name of your kid (hopefully). Use AES only encryption as seen in the screenshot below, if your router supports it.
You may also use the Schneider Scheme to create a good passphrase as stated here.
So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.
Here are some examples:
- WIw7,mstmsritt… = When I was seven, my sister threw my stuffed rabbit in the toilet.
- Wow…doestcst = Wow, does that couch smell terrible.
- Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.
- uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure.
You get the idea. Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password to create a lengthy password. Of course, the site has to accept all of those non-alpha-numeric characters and an arbitrarily long password. Otherwise, it’s much harder.
Change your wireless password every 6 months, this is good practice.
4. Disable the WDS Feature
The WDS was a lovely feature, you would press a button on your router and all wireless settings would magically arrive at your computer so you do not have to type or memorize anything. As with anything that includes magic, this button was abused by the hackers recently and is not secure any more. They can now “magically” press the “magical” button if they are close, not in your home close, but close to your building, and get access to your network. Nice job, all we needed was an invisible finger. You will need to disable this feature and/or check with your manufacturer if they have fixed this bug via a firmware update.
5. Update your firmware
As indicated above, WDS in your router may have a bug. Even if you have a bug free version, it is always a good idea to keep your router up to date, as firmware upgrades (generally very small files, downloaded from your manufacturer and uploaded to your router) may help to increase both security and performance. Be sure to check your manufacturer’s site for instructions and follow them to the letter. If this proves to be difficult for you, you can skip this step or ask someone who knows how to do it to help you.
Do not bother to do the following:
1. Do not Try to Hide your SSID (your wireless network name)
This now makes you vulnerable to MiTM (Man In the Middle Attacks), do not try to hide your SSID and become a preferred target.
2. Do Not Bother to Setup a MAC ID Filter
This is now bypassed in seconds, do not bother to set up a MAC filter.
Well you have done it, this concludes our wireless security practice, please use the comments section below if you have further queries.