About wireless networks

Hello everybody!

This post is about wireless networks, and their protections.

The typical user, after buying a new router, go home, plug in, and it works. But it's wrong, because the default setting is for wireless networks is the no protection. (Open wifi). It means, that everybody can connect to your network ("steal the internet"), and the advanced hackers can break into your personal computer, steal passwords, save keystrokes, steal your important data etc.

To avoid this, some clever engineers developed the encryption and authentication for the IEEE 802.11 networks. The rest of the article I'll write from the encryptions, because I think it is known by everybody.

WEP: Wired Equivalent Protection. It's so deprecated, a WEP key can be cracked in about two minutes. After collecting a number of valuable data, we can crack the key with a statistical attack. However we can use a dictionary attack, but if we got enough data, the cracking is 100% precise. In a clientless WEP network we have to create our own packages to reinvest it to the network, and the router will send back a lot of valuable data.

WPA/WPA2: Nowadays the best protection to our WLAN's. It gives a big protection, if I remember correctly, we cannot attack a clientless WPA/WPA2 network. In this protection method we cannot use statistical attack, but dictionary attack. We must deauthenticate a connected client to get the "handshake" from the router, what we can crack with dictionary attack, rainbow-table attack, or brute force attack (but I don't suggest this, if you want to crack WPA, because with a strong password it takes ages to crack it)

The ideal protection for our Wireless network:

• Disable SSID broadcast! The person, who wants to connect must know the SSID. (In aircrack-ng we can see only the length of the SSID)
• Use authentication and encryption! WPA2-PSK TKIP+AES is the best.
• Use strong passwords! Mixed with lowercase, uppercase, numbers, special characters. My password's length is 14, mixed with them.
• Modify the router's access page's username and password to your own.
• Only permit to login to the access page from your personal computer.
• Use MAC filtering! Permit your own devices' MAC, disable the others.
• If we don't want to manage our router from remote networks, disable remote access.
• Reduce TX power, so you can access your WLAN in your house, but not on the street.
• If you use DD-WRT, disable info site+anonymous ping request.
• If you use DD-WRT, and don't want to use remote console access, disable telnet and ssh. But if you want it, I suggest ssh, but modify the default port number to  >10000. (a light portscan don't go up to 10000)
• If you use ssh, limit its access to avoid Denial of Service and bruteforce attack.

I hope I wrote everything :-D. Greetings to my network knowledge teacher :-). If you use these points to protect your wifi, it takes a very long time to crack it, so the hacker will stop cracking and go away =).

If you liked this post, feel free to hit the Like button, and if you want it, I'll make an article about aircrack-ng.

Bye!

---