Thursday, 17 May 2007

Wireless Networking

So I'm sat at home, I boot my laptop, and my wireless network card instantly detects 3 of my neighbour’s wireless networks. None of them I would consider as being secure.

Being a member of ISC2 and I have strict ethical code of practice to adhere to, so I would never dream of hacking any networks or PCs without the written permission of the owners. However without using any specialist software I can tell these networks are not secure. One of the networks even has zero security, meaning anyone with a Wi-Fi network card could attach to and use it, and getting free broadband access and possible access to files on any PCs in that household,very bad indeed.

The other two wireless networks my laptop picks up do have some security, but not enough. The fact I can see their SSID names is not a good sign, the broadcast of a SSID name is great starting point for any would be amateur hacker out there. Even worst, one of these networks is using the default wireless router name, which probably means they are using the default passwords, far too easy.

If I only knew who these people were, I would tell them, I think it could be any one of 12 houses around my house, I'll try asking around.

This sort of issue isn't uncommon, I often find businesses who don't secure their wireless networks, allowing easy access to their data, which in some business cases in terms of the data protection act, is illegal.

Words of advice

1. When picking an SSID, use letters and numbers, don't call it "My Network" or "Company Name WiFi"
2. Configure your Wireless Router to NOT broadbcast your SSID name.
3. Ensure you are using WPA encryption and use a non dictionary password word at least 12 charactors long. Don't ever use WEP, it's broken and can be compromised in less than minute.
4. If you really want to be secure (like me), configure access on your Wireless Router by filtering your WiFi devices using MAC address (network hardware address) access lists.

No comments:

Post a Comment

Any comments with weblinks, or promoting/advertising company products and services will be rejected