HOW-TO have a more secure wireless network (counterintuitiv)
Posted: Thu 19 Jun 2008, 04:50
In a nutshell
- Use the highest WPA encryption your devices allow
- Use a full phrase as your pass phrase with spaces, and numbers, upper and lower case. e.g. "Snow white and the 7 Dwarfs".
- Set your router to broadcast the SSID (counterintuitive but true!)
The long explanation:
Regarding encryption:
- Open connections are the riskiest of them all. Like having a house without doors, with your wallet on the table and the keys of the car hanging on the wall.
- WEP gives a false sense of security as it can be cracked in minutes. So for all purposes is no security at all.
- WPA is the best encryption for now
Using a complex passphrase:
- This is your main defense
- You can tape it under the router if you want. After all: if someone has access to the router any other security is useless.
Broadcasting the SSID:
When not broadcasting the SSID the router is broadcasting the id beam anyway, just without the SSID name. So people will know that you have a wireless network.
But... all the devices that have been configured to connect to the router will broadcast the SSID. as if they were shouting "are you my router?"
This opens a big vector of attack as someone may intercept that request, identify the network you want to connect to and spoof it so now you are connected to the rouge network.
So, even as it is counterintuitive always set your router to broadcast the SSID. This way the security is handled by the encryption mechanism and not by false security by obscurity.
Additionally, several wireless devices and drivers have trouble with hidden SSIDs just because fixing it is low priority. after all, everyone should be broadcasting the SSID, isn't it?
- Use the highest WPA encryption your devices allow
- Use a full phrase as your pass phrase with spaces, and numbers, upper and lower case. e.g. "Snow white and the 7 Dwarfs".
- Set your router to broadcast the SSID (counterintuitive but true!)
The long explanation:
Regarding encryption:
- Open connections are the riskiest of them all. Like having a house without doors, with your wallet on the table and the keys of the car hanging on the wall.
- WEP gives a false sense of security as it can be cracked in minutes. So for all purposes is no security at all.
- WPA is the best encryption for now
Using a complex passphrase:
- This is your main defense
- You can tape it under the router if you want. After all: if someone has access to the router any other security is useless.
Broadcasting the SSID:
When not broadcasting the SSID the router is broadcasting the id beam anyway, just without the SSID name. So people will know that you have a wireless network.
But... all the devices that have been configured to connect to the router will broadcast the SSID. as if they were shouting "are you my router?"
This opens a big vector of attack as someone may intercept that request, identify the network you want to connect to and spoof it so now you are connected to the rouge network.
So, even as it is counterintuitive always set your router to broadcast the SSID. This way the security is handled by the encryption mechanism and not by false security by obscurity.
Additionally, several wireless devices and drivers have trouble with hidden SSIDs just because fixing it is low priority. after all, everyone should be broadcasting the SSID, isn't it?