All services rendered by myself through this Google Site are subject to this disclaimer.

Securing a Wireless Network

Wireless Network Security Tips

Five Tips to Secure Your Wireless Network

1. Set up the network encryption of your network with a WEP, WPA, or WPA-2 pre-shared key.
  - WEP stands for Wired Equivalent Privacy and is the least secure encryption method that is usable.
  - WPA stands for Wi-Fi Protected Accesses and is more secure than WEP, however it is not as secure as WPA-2.
  - WPA-2 stands for Wi-Fi Protected Access 2 and is the most secure encryption method that can be used.
2. Change your wireless modem or router's default SSID. The default SSID is usually the name of the modem or router manufacturer, so it is typically best to change the name to something less generic.
  - SSID stands for Service Set Identifier.
3. Disable the router from broadcasting your SSID. Keeping the SSID from being broadcast can prevent casual users from detecting your network and, therefore, using it unless they have specialized software installed on a device.
4. Turn off your network completely when it's not in use. This is what I refer to as the hardware cut-off approach - unplug the router completely from the wall outlet, and nobody will be able to access your network.
5. Change your wireless modem or router's default administrator username and password. This username and password allows you to make changes to your wireless network through the modem or router's default gateway, so it's a good thing to customize to ensure no settings are changed beyond what you want.
  - Usually a router's administrator username and password are preset to "admin" and "password", so be sure to change it to something less obvious.

Additional steps

These common security steps are not mentioned in the online tutorial

 MAC Filtering: This method of network security allows the user permits and denies network access to specific devices through the use of MAC addresses, which every device that connects to the Internet will have. Most wireless modems and routers that support MAC filtering will allow you to set up blacklists, which allow you to forbid certain specified MAC addresses from connecting, and whitelists, which allow you to only allow certain specified MAC addresses to connect.

 Firmware Update: Like most devices, such as computers and tablets, wireless modems and routers may have bugs and security flaws that will typically be corrected by means of patches and updates to its firmware, which basically functions as its operating system. Ensure that you're staying up to date with the manufacturer of your wireless modem or router and, if the device is provided by your Internet Service Provider (ISP), check with them as well.

This video and its contents are the property of TWiT.tv, TWiT LLC and Leo Laporte as the creators and broadcasters of the Security Now podcast. This YouTube video is being used under the fair dealing exception as outlined in section 29 of the Copyright Act 1988 in Canada and the fair use doctrine under section 107 of the Copyright Act 1976 in the United States for the purpose of private study and education.

SSDP/UPNP Amplification

Simple Service Discovery Protocol (SSDP) and Universal Plug and Play (UPnP) are common sets of networking protocols that permits networked devices to seamlessly discover each other's presence on the network and establish functional network services. SSDP and UPNP devices are "plug and play" in that, when connected to a network, they automatically establish working configurations with other devices without the assistance of server-based network configuration mechanisms, such as DHCP or DNS, and without the special static configuration of a network host.

As a result, while these protocols are incredibly convenient for residential users, especially for some services that require them to be used (ie. BitTorrent, Skype, Xbox Live, ect..), these protocols can also be abused to compromise a local network to be used maliciously in breaches of larger networks (eg. DDOS attacks).

In order to see if you're affected by this sort of vulnerability, you can use GRC ShieldsUP to test your network connection and determine if you are vulnerable. If you are being affected, the best way to correct the problem is to log into the device affected, usually a wireless router or access point, and disable SSDP/UPNP. If you're unsure as to how to disable SSDP/UPNP on your equipment, please contact the manufacturer of your device or your Internet Service Provider (ISP) for assistance.

WPS Amplification

WiFi Protected Setup (WPS) is a network security standard to create a secure wireless home network that aims to make it both faster and more convenient to connect devices to said network. There are a few methods to use WPS.

PIN method, in which a PIN has to be read from either a sticker or display on the new wireless device before being entered into the wireless router or access point.
Push method, in which you have to push a button, either an actual or virtual one, on both the access point and the new device. On most devices, this discovery mode turns itself off either as soon as a connection is established or after a delay of typically two minutes or less, whichever comes first, thereby minimizing its vulnerability.

A major security flaw was revealed in December 2011 that affects wireless routers with WPS, specifically the PIN feature, which most recent models have enabled by default. Since then, many have been urged to turn off the WPS feature on their routers, although this isn't always possible with some routers.

If you are being affected, the best way to correct the problem is to log into your router and disable WPS. If you're unsure as to how, please contact your wireless router manufacturer or your Internet Service Provider (ISP).

Page updated

Google Sites

Report abuse