SCF Advanced Search



Members
Stats
  • Total Posts: 31374
  • Total Topics: 9431
  • Online Today: 1379
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: SCF Mythbusters: Top 5 Wi-Fi security myths  (Read 3139 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7441
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
SCF Mythbusters: Top 5 Wi-Fi security myths
« on: 13. October 2013., 10:09:31 »


Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that’s outdated and no longer secure or relevant, or that’s simply a myth.

We’ll separate the signal from the noise and show you the most current and effective means of securing your Wi-Fi network.

Myth No. 1: Don’t broadcast your SSID

Every wireless router (or wireless access point) has a network name assigned to it. The technical term is a Service Set Identifier (SSID). By default, a router will broadcast its SSID in beacons, so all users within its range can see the network on their PC or other device.

Preventing your router from broadcasting this information, and thereby rendering it somewhat invisible to people you don’t want on your network, might sound like a good idea. But some devices—including PCs running Windows 7 or later—will still see every network that exists, even if it can’t identify each one by name, and unmasking a hidden SSID is a relatively trivial task. In fact, attempting to hide an SSID in this way might pique the interest of nearby Wi-Fi hackers, by suggesting to them that your network may contain sensitive data.

You can prevent your router from including its SSID in its beacon, but you can’t stop it from including that information in its data packets, its association/reassociation requests, and its probe requests/responses. A wireless network analyzer like Kismet: http://www.kismetwireless.net/ or CommView for WiFi: http://www.tamos.com/products/commwifi/ , can snatch an SSID out of the airwaves in no time.

Disabling SSID broadcasting will hide your network name from the average Joe, but it’s no roadblock for anyone intent on hacking into your network, be they an experienced blackhat or a neighborhood kid just goofing around.

Myth No. 2: Enable MAC address filtering

A unique Media Access Control (MAC) address identifies every device on your network. A MAC address is an alphanumeric string separated by colons, like this: 00:02:D1:1A:2D:12. Networked devices use this address as identification when they send and receive data over the network. A tech myth asserts that you can safeguard your network and prevent unwanted devices from joining it by configuring your router to allow only devices that have specific MAC addresses.

Setting up such configuration instructions is an easy, though tedious, process: You determine the MAC address of every device you want to allow on your network, and then you fill out a table in the router’s user interface. No device with a MAC address not on that table will be able to join your network, even if it knows your wireless network password.

But you needn’t bother with that operation. A hacker using a wireless network analyzer will be able to see the MAC addresses of every computer you’ve allowed on your network, and can change his or her computer’s MAC address to match one that’s in that table you painstakingly created. The only thing you’ll have accomplished by following this procedure is to waste some time—unless you think that having a complete list of the MAC addresses of your network clients would be useful for some other purpose.

MAC-address filtering might help you block the average Joe from connecting to your router from an unauthorized computer or other device, but it won’t stop a determined hacker. It will render your network more difficult for legitimate users to work with, however, because you’ll have to configure your router every time you add a new device to it or provide a guest with temporary access.

Myth No. 3: Limit your router’s IP address pool

Every device on your network must also be identified by a unique Internet Protocol (IP) address. A router-assigned IP address will contain a string of digits like this: 192.168.1.10. Unlike a MAC address, which the device sends to the router, your router will use its  Dynamic Host Control Protocol (DHCP) server to assign and send a unique IP address to each device joining the network. According to one persistent tech myth, you can control the number of devices that can join your network by limiting the pool of IP addresses your router can draw—a range from 192.168.1.1 to 192.168.1.10, for instance. That’s baloney, for the same reason that the next claim is.

Myth No. 4: Disable your router’s DHCP server

The flawed logic behind this myth claims that you can secure your network by disabling your router’s DHCP server and manually assigning IP address to each device. Supposedly, any device that doesn’t have one of the IP addresses you assigned won’t be able to join your network. In this scenario, you would create a table consisting of IP addresses and the devices they’re assigned to, as you would with a MAC addresses. You’d also need to configure each device manually to use its specified IP address.

The weakness that negates these procedures is that if a hacker has already penetrated your network, a quick IP scan can determine the IP addresses your network is using. The hacker can then manually assign a compatible address to a device in order to gain full access to your network. As with MAC address filtering, the main effect of limiting IP addresses (or assigning them manually) is to complicate the process of connecting new devices that you approve of to your network.

Myth No. 5: Small networks are hard to penetrate

This myth suggests that reducing your wireless router’s transmission power will make it harder for someone outside your home or place of business to sneak onto your network because they won’t be able to detect it. This is the dumbest security idea of them all. Anyone intent on cracking your wireless network will use a large antenna to pick up your router’s signals. Reducing the router’s transmission power will only reduce its range and effectiveness for legitimate users.

No myth: Encryption is the best network security

Now that we’ve dispensed with five Wi-Fi security myths, let’s discuss the best way to secure your wireless network: encryption. Encrypting—essentially scrambling—the data traveling over your network is powerful way to prevent eavesdroppers from accessing data in a meaningful form. Though they might succeed in intercepting and capturing a copy of the data transmission, they won’t be able to read the information, capture your login passwords, or hijack your accounts unless they have the encryption key.

Several types of encryption have emerged over the years. Wired Equivalent Privacy (WEP) provided the best security in the early days of Wi-Fi. But today WEP encryption can be cracked in a matter of minutes. If that’s the only security your router provides, or if some of your networked devices are so old that they can work only with WEP, it’s long past time for you to recycle them and upgrade to a newer standard.

Wi-Fi Protected Access (WPA) came next, but that security protocol had security problems, too, and has been superseded by WPA2. WPA2 has been around for nearly 10 years. If your equipment is old enough to be limited to WPA security, you should consider an upgrade.

Both WPA and WPA2 have two different modes: Personal (aka PSK, an acronym for Pre-Shared Key) and Enterprise (aka RADIUS, an acronym for Remote Authentication Dial In User Server). WPA Personal is designed for home use and is easy to set up. You simply establish a password on your router and then enter that password on each computer and other device that you want to connect to your Wi-Fi network. As long as you use a strong password—I recommend using 13 or more mixed-case characters and symbols—you should be fine. Don’t use words found in the dictionary, proper nouns, personal names, the names of your pets, or anything like that. A strong password might look like this: h&5U2v$(q7F4*.

Your router might include a push-button security feature called Wi-Fi Protected Setup (WPS). WPS enables you to join a device to your WPA2-secured wireless network by pushing a button on the router and a button on the client (if the client also supports WPS). A flaw in WPS leaves it vulnerable to brute-force attacks, however: http://www.kb.cert.org/vuls/id/723755
If you’re particularly security-conscious, you might consider turning off WPS in your router.

Enterprise-mode WPA2 is designed for networks run by businesses and organizations. It provides a higher level of security than WPA, but it requires a RADIUS server or a hosted RADIUS service.

(PCW)

Now that you understand the best way to secure your network, spend a few minutes making sure that your router is configured properly. :police:


Samker's Computer Forum - SCforum.info

SCF Mythbusters: Top 5 Wi-Fi security myths
« on: 13. October 2013., 10:09:31 »
Sponsored Links:




devnullius

  • SCF VIP Member
  • *****
  • Posts: 3522
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: SCF Mythbusters: Top 5 Wi-Fi security myths
« Reply #1 on: 18. October 2013., 14:27:07 »
Luckily, these were all myths unknown to me  O0

devnullius
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

piipo

  • SCF Newbie
  • *
  • Posts: 8
  • KARMA: 4
Re: SCF Mythbusters: Top 5 Wi-Fi security myths
« Reply #2 on: 10. March 2016., 10:29:17 »
Had fun by reading it, I do know its 2016 now. But I'm still curious and this is why I raised this question.

Question:

So all 5 myth will be covered if we encrypt with WPA/WPA2 ?

be well,
piiPo


devnullius

  • SCF VIP Member
  • *****
  • Posts: 3522
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: SCF Mythbusters: Top 5 Wi-Fi security myths
« Reply #3 on: 10. March 2016., 20:43:19 »
Had fun by reading it, I do know its 2016 now. But I'm still curious and this is why I raised this question.

Question:

So all 5 myth will be covered if we encrypt with WPA/WPA2 ?

be well,
piiPo



That's just encrypting the traffic you generate. This article shows other misconceptions people should do to protect themselves. We explain why that reasoning is false and ads no security - so why bother?

:) enjoy reading
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

gicc chan

  • SCF Member
  • **
  • Posts: 10
  • KARMA: 3
  • Gender: Male
Re: SCF Mythbusters: Top 5 Wi-Fi security myths
« Reply #4 on: 29. September 2016., 14:57:50 »
DONT USE PUBLIC WIFI :)

mmgpotax

  • SCF Member
  • **
  • Posts: 26
  • KARMA: 3
  • Gender: Male
Re: SCF Mythbusters: Top 5 Wi-Fi security myths
« Reply #5 on: 08. June 2017., 15:37:08 »
A good information, I continue to enter my network and although my protection is WPA2, so it is connect to my network. If someone has a solution, I would appreciate it. Greetings.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising