Home
News
Support
Download
Glitches
SPAM
E-Mail Settings
E-Mail Warnings
Spyware info
Antivirus
High Speed
PC Cleanup
New PC
Music Download?
Wireless Routers
Got A MAC?
Speed Test
Hard Drives
Rates
Mission
Company Profile
ComSouth Goals
Recycle that Old PC
Contact us

 

There are a number of different brands and models on the market, below is a sample of them:

Linksys   -  steps for programming WRT-54

D-Link

Netgear

Belkin

Before installing and using a wireless solution make sure you have at least one PC wired to the router. 
In this way you will be able to make adjustments to the settings should they be required. 
Also secure your network:

  1. Changed the default SSID
  2. Turn off Broadcasting
  3. WEP key or other encryption
  4. MAC filter

Good Article: http://www.dailywireless.com/features/secure-wireless-lan-021507/

Some Phun Stuff: http://lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

Don't think you can't get hacked?  Look what you can make out of a pringles or soup can!  HERE

Below is an older article and the 10 steps may be a bit much but it goes into more detail than my 4 steps above.

Ten Steps to a Secure Wireless Network
02.25.03   (February 2003)
  

By Konstantinos Karagiannis
Businesses and home users are quickly adopting wireless networking—and for good reason. It's cheap, convenient, easy to set up, and provides great mobility. In fact, more than one third of PC Magazine readers have already installed wireless networks in their homes. The freedom from tangled cables is intoxicating but comes with a price. A wireless network can broadcast far outside your building. With a powerful antenna and some widely available hacking software, anyone sitting near your installation—or even driving by—can passively (without alerting the target) scan all the data flowing in your network.

We pointed out a year ago in "Wireless LANs at Risk" (April 9, 2002) that most wireless setups have no security measures in place. By all accounts, little has changed. But this doesn't have to be the case. Here are ten security techniques you can implement right now.   (7 Years later nothing has changed but there are more of them out there)

 

1. Control your broadcast area. Many wireless APs (access points) let you adjust the signal strength; some even let you adjust signal direction. Begin by placing your APs as far away from exterior walls and windows as possible, then play around with signal strength so you can just barely get connections near exterior walls. This isn't enough, though. Sensitive snooping equipment can pick up wireless signals from an AP at distances of several hundred feet or more. So even with optimal AP placement, the signal may leak. Keep reading.   (Don't Broadcast SSID ) www.netstumbler.com You can get a program like the hackers use ...

2. Lock each AP. A lot of people don't bother changing the defaults on their APs, and maintaining the default administrator password (like admin for Linksys products) makes your system a good target. Use a strong password to protect each AP. For tips on creating substantial passwords, go to www.pcmag.com/passwords and click on Password Dos and Don'ts.  (Change the login password)

3. Ban rogue access points. If an AP is connected to your home or office network, make sure you or the network administrator put it there. Bob in Accounting isn't likely to secure his rogue AP before he connects it. Free software like NetStumbler (www.netstumbler.com) lets you sweep for unauthorized APs.

4. Use 128-bit WEP. Passively cracking the WEP (Wired Equivalent Privacy) security protocol is merely a nuisance to a skilled hacker using Linux freeware like AirSnort (http://airsnort.shmoo.com). Still, the protocol does at least add a layer of difficulty.  (WEP is like putting a lock on a screen door, but it's better than nothing)

5. Use SSIDS wisely. Change the default Service Set Identifiers (SSIDs) for your APs, and don't use anything obvious like your address or company name. For corporate setups, buy APs that let you disable broadcast SSID. Intruders can use programs such as Kismet (www.kismetwireless.net) to sniff out SSIDs anyway (by observing 802.11x management frames when users associate with APs), but again, every bit of inconvenience helps. (Change it to something other than your name so it does not point to you) 

6. Limit access rights. Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only. Enterprising individuals can spoof MAC addresses, however, which brings us to the next tip.  (MAC Filtering ensures that other computers cannot connect to your wireless)

7. Limit the number of user addresses. If you don't have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have. Then if everyone in the group tries to connect but some can't, you know there are unauthorized log-ons.  (Default for Linksys is about 40, way too many for a small business or home)

8. Authenticate users. Install a firewall that supports VPN connectivity, and require users to log on as if they were dialing in remotely. The Linksys BEFSX41 router ($99 list) is a great choice for this. Tweak the settings to allow only the types of permissions that wireless users need.  (Advanced, you probably would be not reading this article or any steps below if you understood how to do this or needed to do this)

As a side benefit, VPNs help prevent users from being fooled by malicious association attacks. In this type of assault, the perpetrator sets up a machine that pretends to be an authorized AP, in the hope that someone will be tricked into logging on. If you connect to an AP and don't get the VPN log-on prompt you expect, you know something's amiss.

9. Use RADIUS. Installing a RADIUS server provides another authentication method. The servers tend to be expensive, but there are open-source options, such as FreeRADIUS (www.freeradius.org), for UNIX-savvy administrators.

10. Call in the big boys. If you have billion-dollar secrets to protect, such as the formula to Coca-Cola, you should have wireless-dedicated hardware security in place. For instance, AirDefense (www.airdefense.net) is a server appliance that connects to sensors placed near APs. The system monitors activity and protects all traffic on your wireless LAN—but it doesn't come cheap.

A Wi-Fi Virus Outbreak? It's Possible

If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas, according to researchers.

Robert McMillan, IDG News Service

Thursday, January 03, 2008 05:00 PM PST
If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.

The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.

"The issue is that most of these routers are installed out of the box very insecurely," said Steven Myers, an assistant professor at Indiana University, who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy,

The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.

Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.

The team used what is known as the Susceptible Infected Removed (SIR) model to track the growth of this attack. This methodology is typically used to estimate things like influenza outbreaks, but it has also been used to predict things like computer virus infections, Myers said.

Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36 percent of passwords can be guessed using this technique.

Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years now. Routers that were encrypted using the more-secure WPA (Wi-Fi Protected Access) standard were considered impossible to infect, Myers said.

Myers' model is based on data compiled from the Wireless Geographic Logging Engine (WiGLE), a volunteer-run effort to map Wi-Fi networks around the world, which has over 10 million networks in its database.

Using this data, they were able to map out large networks of made out of Wi-Fi routers that were each no more than 45 meters (49 yards) from the network -- in other words, close enough for an infection to spread. The largest such network in New York included 36,807 systems; in Boston it was 15,899; and in Chicago: 50,084.

Because New York is such a dense city with a relatively low percentage (25.8 percent, according to the researchers) of encrypted routers, it was particularly susceptible to this type of attack. San Francisco, on the other hand, where 40.1 percent of routers are encrypted and which had a lower density of routers was less susceptible.

Myers says that because the attack would be technically complex, he doubts that criminals will attempt it any time soon. There are simply too many other, easier ways to take over computers, he said.

Still, he thinks hardware makers should take note. "The bigger point for developers and people making wireless information technology is to realize that there are serious security issues."



If you need us to install it the right way, feel free to call us and we will give you a quote.


 

 

[Home] [News] [Support] [Download] [Glitches] [SPAM] [E-Mail Settings] [E-Mail Warnings] [Spyware info] [Antivirus] [High Speed] [PC Cleanup] [New PC] [Music Download?] [Wireless Routers] [Got A MAC?] [Speed Test] [Hard Drives] [Rates] [Mission] [Company Profile] [ComSouth Goals] [Recycle that Old PC] [Contact us]

Send mail to tomdawson@comsouth.net with questions or comments about this web site.
Copyright © 2007 ComSouth Computer Services
Last modified: 02/11/08