This is the first part in a series of five blogcasts (video demonstrations showing you “how to”) that look at how to secure a wireless network by configuring Wireless Protected Access (WPA) on both the Access Point (AP) and Vista/XP clients.
Note: These instructions are appropriate for typical home networks and very small offices as a static “Pre Shared Key” is used for all devices. Once you move past a handful of machines this approach becomes difficult to manage and less secure as gaining physical access to one device (machine or Access Point) gives an attacker the ability to compromise the entire wireless network.
Note: The demonstration is for a wireless router made by a company named SMC simply because it’s the device that I happen to use at home. There are many other comparable wireless routers and pretty much all of them support Wireless Protected Access (WPA) – their configuration is often similar.
Dispelling some myths:
There are many myths about how to secure wireless networks. Some “experts” advocate hiding the wireless network name (SSID) to improve security – this doesn’t really gain you a great deal as the SSID is broadcast on the network anyway so an attacker could easily discover it using any easily available wireless network hacking tool. Some people even think that the SSID is used for authentication and therefore by hiding it you can prevent unauthorised people from accessing the wireless network – this is nonesense – the SSID is merely an Identifier – a descriptive name for the network. To authenticate something or someone’s identity you typically (though not always – there are other methods) need to both know a secret that no-one else knows – using something that’s in the public domain (an identifier) breaks this premise.
Another myth is that changing the wireless network name (SSID) gains you some security as if a attacker knows which device you have then they may be able to exploit know vulnerabilities (if they exist) for your Access Point to circumvent it’s security. Each network device ships with a built in unique identifying number – known as a (MAC) address. The MAC address of the wireless router is transmitted in clear text on the network and therefore is easy for an attacker to see. Each hardware vendor is allocated a range of MAC addresses – these are available in the public domain. It’s pretty straightforward for an attacker to determine the hardware manufacturer of your wireless network simply by “listening to the network traffic”.
I like to change the name (SSID) of my wireless network simply to make it easy to see which is my network and to make it easier for friends to connect to it when they visit.
The last myth I’ll explore here is that MAC address filtering provides sensible security for a home wireless network. Just like the SSID, the MAC address is an identifier – it’s not intended to be used for authentication. The MAC address of each device is transmitted in clear text hence an attacker can easily “listen in” and find out which addresses are allowed to connect to the access point. It’s trivial to change (spoof) the MAC address of most devices – many network cards can be configured to use an alternative MAC address simply by editing their properties via the Windows Control panel. In addition there are many freely available tools that can be used to reconfigure a device’s MAC address.
Note: MAC address filtering can provide a little benefit IF you have an operational access point without any connected clients – hence the attacker wouldn’t be able to find out which client MAC addresses are allowed to connect to the access point.
Transcript of how to enable Wireless Protected Access (WPA) for an SMC router:
Sign into the router using the default password
Change the admin password – using a passphrase
Enable Wireless Protected Access using a PreShared Key – another passphrase
Save the settings