Securing
Wireless Network with
WEP
We also offer network
and wireless support solutions
for your home office or
small business.
It is important to secure
your home wireless network.
Checklist:
1. Disable the SSID
broadcast.
Disable your wifi router
from broadcasting it's
wireless network name
2. Implement MAC address
filtering
3. Change the default
password on the access
point
For example, SMC broadband
router's default password
is "smcadmin".
Change this to something
else.
4. Use encryption, WEP.
What is WEP?
Wireless Equivalent
Privacy is an encryption
method designed to offer
wireless LANs some measure
of security. Data sent
between the client (a
PC or notebook) and the
access point is scrambled
using either a 64-bit
or 128-bit key.
Why do I need to use
WEP?
If you don't use WEP
then somebody could connect
to your wireless network
through your router. WEP
is pretty much the only
way out there to stop
that from happening.
Does it cause speed
difference?
There is only a slight
difference in speed, but
is not noticeable. The
slow down in the local
network speed does not
matter at all. Your wireless
network will not become
the bottleneck anyway
as your bandwidth from
your ISP won't be anywhere
near 11Mbps.
Why do I need to bother
using WEP if it causes
a little slowdown in speed?
The security gain by
using encryption far outweighs
leaving a open access
point at factory defaults.
How to configure WEP?
You can choose between
64, 128 and 152-bit encryption.
Theoretically, the larger
encryption is safer as
it takes longer for a
hacker to crack the security
key.
The easier way is to
use PassPhrase method.
PassPhrase is like a password
which you enter it into
the router and wireless
network adapter on your
computer. So decide on
a common passphrase to
be input into all network
devices.
Most access points and
clients have the ability
to hold up to 4 WEP keys
simultaneously. However
using passphrase will
only generate one secret
key for all the 4 WEP
keys.
To increase the security,
you should randomly decide
on 4 different WEP keys.
You need to specify
one of the 4 keys as default
Key for data encryption.
To set up the router
and adapter you will need
to set the one of the
following parameters:
64-bit WEP key (secret
key) with 5 characters
64-bit WEP key (secret
key) with 10 hexadecimal
digits (0-9,A-F)
128-bit WEP key (secret
key) with 13 characters
128-bit WEP key (secret
key) with 26 hexadecimal
digits (0-9,AF)
Select one of the WEP
key as default Key to
encrypt wireless data
transmission.
The receiver will use
the corresponding key
to decrypt the data.
For example, if adapter
use Key 1 to encrypt data,
then router will use Key
1 to decrypt data.
So, the Key 1 of router
has to equal to the Key
1 of adapter.
Though adapter (WNIC)
use Key 1 as default key,
but the router can use
the other Key as its default
key to encrypt wireless
data transmission.
WNIC (encrypt data by
Key 1) --------> Router
(decrypt data by Key 1)
WNIC (decrypt data by
Key 2) <-------- Station
(encrypt data by Key 2)
In this case, WNIC transmits
data to router which encrypt
data by Key 1. The station
will decrypt the data
by its Key 1.
At the same time, when
the router transmits data
to WNIC which encrypt
data by Key 2.
The WNIC will decrypt
the data by its Key 2.
What is MAC address
filtering?
This method may cause
inconvenience if you have
frequent visitors who
try to connect to your
wireless network with
their laptop. The router
have to be configured
to recognize the MAC address
of the client device in
advance before it will
relay traffic between
them.
Most Wi-Fi access points
and routers ship with
a feature called MAC address
filtering.
However, to improve the
security of your Wi-Fi
LAN (WLAN), strongly consider
enabling and using MAC
address filtering.
Without MAC address filtering,
any wireless client can
join (authenticate with)
a Wi-Fi network if they
know the network name
(also called the SSID)
and perhaps a few other
security parameters like
encryption keys.
When MAC address filtering
is enabled, however, the
access point or router
performs an additional
check on a different parameter.
Obviously the more checks
that are made, the greater
the likelihood of preventing
network break-ins.
To set up MAC address
filtering, you as a WLAN
administrator must configure
a list of clients that
will be allowed to join
the network. First, obtain
the MAC addresses of each
client from its operating
system or configuration
utility. Then, they enter
those addresses into a
configuration screen of
the wireless access point
or router. Finally, switch
on the filtering option.
Once enabled, whenever
the wireless access point
or router receives a request
to join with the WLAN,
it compares the MAC address
of that client against
the administrator's list.
Clients on the list authenticate
as normal; clients not
on the list are denied
any access to the WLAN.
MAC addresses on wireless
clients can't be changed
as they are burned into
the hardware. However,
some wireless clients
allow their MAC address
to be "impersonated"
or "spoofed"
in software.
It's certainly possible
for a determined hacker
to break into your WLAN
by configuring their client
to spoof one of your MAC
addresses. Although MAC
address filtering isn't
bulletproof, still it
remains a helpful additional
layer of defense that
improves overall Wi-Fi
network security.
What is WPA? (A more
secured protocol to protect
your wireless network)
The WPA (Wi-Fi Protected
Access) protocol is a
powerful, standards-based,
interoperable security
technology for wireless
local area networks (subset
of IEEE Std 802.11i draft
standard) that encrypts
data sent over radio waves.
The WPA protocol has
been developed to overcome
the weaknesses of the
WEP (Wired Equivalent
Privacy) protocol.
Related
Article
|
