Image via Wikipedia
Early on, wireless networks were encrypted using WEP encryption, until it was discovered even the FBI could crack that in a minute.
Then came WPA, which was supposedly much more secure. However, researchers have figured out a way to break the TKIP key in about 12 to 15 minutes. Experts had known that a brute force dictionary attack could eventually break such a key, however, it was not efficient.
Researchers discovered a way to trick a router into sending them larger amounts of data. More data allows them to break the key much more easily using new mathematical techniques. The technique has already been incorporated into popular Wireless sniffer program Aircrack-ng. The newer WPA2 is considered safe from this attack.
That is the simplest way to increase security. If your router has a WPA2 capability, update to it from WPA. If it doesn’t, check to see if there is an upgraded firmware, or consider switching to a custom firmware if one is available to you that may have it. We like DD-WRT, which has ports for many routers(List of supported devices). When you set WPA2, switch from TKIP encryption to AES only. It hasn’t yet been cracked.
WPA and WPA2 for home use use a passphrase to access the network. Recommendations are that this passphrase be at least 13 characters and not consist of any dictionary word. Too many people, both in securing their networks and other passwords, use weak passwords. Remember, you don’t have to remember the thing. Your computer can do that. You can keep it in a secure file, or a password vault such as KeePass.
Do not set your wireless SSID to anything commonly used. A list of the top 1000 most commonly used ones can be found here. Top ones to avoid: linksys, default, NETGEAR, Belkin54g, Wireless, hpsetup, WLAN, Actiontec, smc, Dlink…All of these give unnecessary information about what type of router you have, as many of these are default ssids. It also tells a malicious individual you may be vulnerable.
There is also MAC filtering, which is touted as a security measure as well. A MAC address is unique to a specific piece of hardware. But since they can be spoofed, this is more of a deterrent than anything else.
Other useful features include AP Isolation. This is a feature available on many routers that disables connections from the wireless device to any devices on the network. It would ensure that a wireless computer could access only the internet, not the internal network. However, if you want to access your internal network, this is not as useful.
If you want to go to Enterprise-level WPA2, you can certainly do so. But it is usually overly complex for a simple home installation and requires an external RADIUS server, which you would have to run. If you have an always-on computer around, this might be an option.
As a final measure, you can always just give up. Bruce Schneier, security guru, runs an open wireless network, and outlines his reasons why, and links to much commentary on the subject in this post. The question of whether or not one should have open wireless is a different one than security. We will say that you can always run a secure network independently of your insecure one, and run security independently of your wireless, or if you are technically proficient, have a gateway portal the way hotels do, that secures your connection.
For example, you can use VPN to connect to your private network for security and route all communications through it. Thus it is encrypted before it leaves your computer for the network. Many businesses use this technique for individuals accessing their files remotely.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=68f0c710-8b40-48c0-8ddf-345d475606d8)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=48a7ff3c-8bf5-4d13-9914-33611e243654)
Gizmodo