SecuringAWireless Home Network

Wireless Facts

Range about 50 - 200 feet from access point

Securityanyone can eavesdrop on an unsecured wireless network

What is a LAN?

A LAN is a local area network

What is the difference between a wired LAN and a wireless LAN?

Simple home wired LAN

Simple home wireless LAN

Why do you have to Secure your home LAN?

Wireless LAN

Wireless base station has to signal its existence so clients can connect (you laptop or other devices)

Attackers of wireless LANs therefore need to be kept out!

Types of attacksAttack laptops and workstations on the

networkSteal information being transmitted over

your wireless networkSteal Internet access through your Internet

What Happens When Your Laptop and Workstation are Attacked?

Attacker attempts to steal data from hard drives

Attacker attempts to damage the data on the hard drives

Attacker plants malicious software to attack other computers

Attacks can be traced to your computer, not his or hers!

Attacks to steal Internet access

Attacker’s computer joins your network, uses your Internet gateway

Attacker could be (for example):– Downloading copyrighted music files– Downloading child pornography– Broadcasting spam– These can be traced back to your Internet

connection

How easy is it to attack a wireless LAN?

Very easyAll an attacker needs is a laptop computer,

a wireless card and some softwareA directional antenna will increase the

range over which the attacker can access your network

Directional antenna can be made from a Pringles potato chip can!

Attackers drive around with their computers looking for open wireless networks

Why is it so easy to invade a wireless LAN?

Ease of setupDefault settings allow even people with

limited technical skills to set up and run a basic wireless network

Allows wireless users to use open, public networks (usually for Internet access)

Ex. Such as the one at your local Starbucks

How do you keep attackers out of your home wireless LAN?

Secure the networkChange the service set identifier (SSID)

of your base stationChange your base station’s passwordShut off your base station’s SSID

broadcastEnable encryption (WPA or WPA2)

Changing your SSID

To access the LAN you need the service set identifier (SSID) of your base station

Changing the default SSID reduces the chance the attacker will be able to guess it (it may be called default, Linksys ex.)

Works best with other security measures

Change your password

To access the LAN you need the base station’s password

Changing the default password (often ‘admin’ or ‘password’) drastically reduces the chance the attacker will be able get into your network

Close your network Shut off SSID broadcast Reduces chances that the attacker can see

your network at all Like parking your car in a closed garage

– If the thief can’t see it, he won’t know that it’s available to steal

Enable wireless encryption Encrypt your network traffic

– This has to be done on the base station and all access points, wireless adapters, etc.

• All devices use the same WPA or WPA2 keys

WPA or WPA2 (Wi-Fi Protected Access) • Don’t forget yours; write it down

WPA & WPA2-Personal Choose this option to protect your network with Wi-Fi Protected

Access. Choose Password and enter a password between 8 and 63

characters. Wireless client computers using WPA or WPA2 can join the

network.

Setting up wireless security Make security changes in all devices (routers,

access points, adapters, etc.) through a wired link– If you change a device setting through a wireless

link, you could lose the connection when you apply the changes

– Set up devices in this order:• Base station (Cable/DSL modem)• Access points

– Test each device for connectivity before you install it in its final location

Wireless security is not perfect

However, many simple measures can be taken to make the job harder

Wireless LAN security is not perfect but if you make it difficult enough, attackers will pick other targets

Let’s Get to Work!

Change Default Administrator Passwords and Usernames

Change the Default SSID Disable SSID Broadcast Turn on WPA Encryption

Default User Names and Passwords

Linksys Comcast User Name: comcast Password: 1234 Linksys User Name: [none] Password: admin NetGear User Name: admin Password: password D-Link User Name: admin Password: admin Cisco User Name: cisco Password: cisco Apple Airport Extreme User Name: [none] Password: admin

Good Web Site of How To’s

http://spotlight.getnetwise.org/wireless/wifitips/

Verizon Wireless

http://www22.verizon.com/residentialhelp/inhomeagent?cmp=emc-cons09008

In-Home Agent is a PC application that provides you with fast, easy solutions for Internet questions. It's 24/7 support at the click of your mouse!

Looking for MAC version click on the link

Comcast Wireless

http://customer.comcast.com/help-and-support/internet/securing-wireless-network/