PC Servicing Singapore

Latest Articles

PC servicing articles
Beware of Trojan Horse!


Securing Wireless Network with WEP

We also offer network and wireless support solutions for your home office or small business.

It is important to secure your home wireless network.

Checklist:
1. Disable the SSID broadcast.
Disable your wifi router from broadcasting it's wireless network name
2. Implement MAC address filtering
3. Change the default password on the access point
For example, SMC broadband router's default password is "smcadmin". Change this to something else.
4. Use encryption, WEP.

What is WEP?

Wireless Equivalent Privacy is an encryption method designed to offer wireless LANs some measure of security. Data sent between the client (a PC or notebook) and the access point is scrambled using either a 64-bit or 128-bit key.

Why do I need to use WEP?

If you don't use WEP then somebody could connect to your wireless network through your router. WEP is pretty much the only way out there to stop that from happening.

Does it cause speed difference?

There is only a slight difference in speed, but is not noticeable. The slow down in the local network speed does not matter at all. Your wireless network will not become the bottleneck anyway as your bandwidth from your ISP won't be anywhere near 11Mbps.

Why do I need to bother using WEP if it causes a little slowdown in speed?

The security gain by using encryption far outweighs leaving a open access point at factory defaults.

How to configure WEP?

You can choose between 64, 128 and 152-bit encryption. Theoretically, the larger encryption is safer as it takes longer for a hacker to crack the security key.

The easier way is to use PassPhrase method. PassPhrase is like a password which you enter it into the router and wireless network adapter on your computer. So decide on a common passphrase to be input into all network devices.

Most access points and clients have the ability to hold up to 4 WEP keys simultaneously. However using passphrase will only generate one secret key for all the 4 WEP keys.

To increase the security, you should randomly decide on 4 different WEP keys.

You need to specify one of the 4 keys as default Key for data encryption.

To set up the router and adapter you will need to set the one of the following parameters:

64-bit WEP key (secret key) with 5 characters
64-bit WEP key (secret key) with 10 hexadecimal digits (0-9,A-F)
128-bit WEP key (secret key) with 13 characters
128-bit WEP key (secret key) with 26 hexadecimal digits (0-9,AF)

Select one of the WEP key as default Key to encrypt wireless data transmission.
The receiver will use the corresponding key to decrypt the data.

For example, if adapter use Key 1 to encrypt data, then router will use Key 1 to decrypt data.

So, the Key 1 of router has to equal to the Key 1 of adapter.

Though adapter (WNIC) use Key 1 as default key, but the router can use the other Key as its default key to encrypt wireless data transmission.

WNIC (encrypt data by Key 1) --------> Router (decrypt data by Key 1)

WNIC (decrypt data by Key 2) <-------- Station (encrypt data by Key 2)

In this case, WNIC transmits data to router which encrypt data by Key 1. The station will decrypt the data by its Key 1.

At the same time, when the router transmits data to WNIC which encrypt data by Key 2.

The WNIC will decrypt the data by its Key 2.


What is MAC address filtering?

This method may cause inconvenience if you have frequent visitors who try to connect to your wireless network with their laptop. The router have to be configured to recognize the MAC address of the client device in advance before it will relay traffic between them.

Most Wi-Fi access points and routers ship with a feature called MAC address filtering.

However, to improve the security of your Wi-Fi LAN (WLAN), strongly consider enabling and using MAC address filtering.

Without MAC address filtering, any wireless client can join (authenticate with) a Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys.

When MAC address filtering is enabled, however, the access point or router performs an additional check on a different parameter. Obviously the more checks that are made, the greater the likelihood of preventing network break-ins.

To set up MAC address filtering, you as a WLAN administrator must configure a list of clients that will be allowed to join the network. First, obtain the MAC addresses of each client from its operating system or configuration utility. Then, they enter those addresses into a configuration screen of the wireless access point or router. Finally, switch on the filtering option.

Once enabled, whenever the wireless access point or router receives a request to join with the WLAN, it compares the MAC address of that client against the administrator's list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN.

MAC addresses on wireless clients can't be changed as they are burned into the hardware. However, some wireless clients allow their MAC address to be "impersonated" or "spoofed" in software.

It's certainly possible for a determined hacker to break into your WLAN by configuring their client to spoof one of your MAC addresses. Although MAC address filtering isn't bulletproof, still it remains a helpful additional layer of defense that improves overall Wi-Fi network security.

What is WPA? (A more secured protocol to protect your wireless network)

The WPA (Wi-Fi Protected Access) protocol is a powerful, standards-based, interoperable security technology for wireless local area networks (subset of IEEE Std 802.11i draft standard) that encrypts data sent over radio waves.

The WPA protocol has been developed to overcome the weaknesses of the WEP (Wired Equivalent Privacy) protocol.

 

Related Article

 

 
Last Update: 17 October 2002