Results 1 to 28 of 28
Like Tree1Likes
  • 1 Post By just4kix

Wireless Security Primer

  1. #1
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Lightbulb Wireless Security Primer

    This primer is aimed at the non technical people who wish to be informed on the basics of networking and wireless security. I have extracted the information from various sources, Wikipedia being the most common. I have tried to filter away the technical terms and tried to keep the language as simple as possible.

    Hope that you will like this primer.

    First an intoduction to basic networking ...

    What is a computer network?
    A computer network is an interconnection of a group of computers. The interconnection is by means of wires or wireless signals. A network may also consist of peripherals such as printers, scanners, fax machines, etc. There are various types of computer networks (also known as network topology). The most common network is known as Local Area Network (LAN). The other common network coming up rapidly is a Wide Area Network (WAN).

    What is a LAN?
    A network covering a small area, like a home, office, or building can be considered to be a LAN. Current LANs are most likely to be based on Ethernet technology.

    What is a WAN?
    A WAN is a data communications network that covers a relatively broad geographic area (i.e. one city to another and one country to another country) and that often uses transmission facilities provided by common carriers, such as telephone companies.

    What is an IP address?
    In a computer network, every computer/peripheral needs to be identified uniquely so that they can 'talk' to each other. The most common method of talking is based on a protocol called as Internet Protocol (IP). Each computer is identified in the network by a physical number called IP address. The IP address is in the format of nnn.nnn.nnn.nnn.

    What is a router?
    A router is a device that controls the local network. The router is the main point of gateway between the local network (intranet) and the outside world network (internet). When a computer in a network wishes to 'talk' to another computer within the same network or to the outside world, it is the router that receives the communication and channels it to the target.

    What is a switch?
    Switches are extension points inside a LAN. Consider this like a multiple extensions cord. The main job of the switch is to assign physical IP addresses to every computer within its network. A wired computer is usually connected to the switch and the switch is connected to the router.

    What is the difference between wired and wireless network?
    Everyone understands wired connections. The physical wire carries the electrical signals that establish connection between two computers or peripherals. In a wireless connection, the electrical signal is converted into a radio frequency signal and transmitted over the air by the wireless device of the source. The antennae of the wireless device in the target machine picks up this signal and the wireless device converts its back into the electrical signal.

    Now something about Wireless security ...

    What are the security implications in a wireless network?
    Since wireless signals are transmitted over the air, any compatible wireless device that is within the range of the wireless network can receive these signals. Hence it will be possible to tap into these signals and 'know' what is going on. If your wireless transmission is not protected a hacker can get into your network. The implications are small to very big:

    a) The hacker can get into the network and surf the net free of charge. This will not only clog your network but also consume into your upload and download limit. I would consider this as a small to medium risk.

    b) The hacker can visit objectionable or banned sites, post objectionable material on website, etc. But the hacker is not at risk because all this is done from your network. If there is subsequent criminal investigation, records will state that it was from your IP that the 'crime' was committed. This is a high security risk.

    c) The hacker can tap into your bank accounts, know passwords, your online transaction passwords, etc. This may cause a lot of monetary loss to you.

    What should you do about wireless security?
    You should protect your wireless network in such a way that no one is able to 'tap' into your network. There are many methods provided by wireless routers to implement wireless security.

    What methods are available for implementing wireless security?[/b]
    The methods that are available are from the simplest to the strongest. Please note that no security is full proof. The common wireless security features that are available are:
    - MAC (Media Access Control) Address filtering
    - Wired Equivalent Privacy (WEP)
    - Wi-Fi Protected Access (WPA and WPA2)

    What is MAC Address Filtering?
    Every network card (wired or wireless) is assigned a unique physical address. So you can limit the access to your wireless network by allowing only the machines with the known MAC address to connect to your network. This works best for very small networks where there are no more than 5 to 6 machines.

    What are disadvantages of MAC Address Filtering?
    We have to configure MAC Address Filtering in the router by manually adding each and every computer and peripheral MAC address to the list. This is a tedious process. If you wish a new computer to access the network, you have to edit the MAC address list. Secondly MAC Address Filtering prevents access to network only. It is not difficult to 'spoof and clone/copy' a MAC address. Hence this method is not only cumbersome but also not 100% secure.

    What is WEP?
    WEP uses encryption to implement security. The source network interface card (NIC) encrypts the signal before transmission and the target NIC does the reverse. WEP specifies a shared secret 40 or 64-bit key to encrypt and decrypt the data. Some vendors also include 128 bit keys (know as "WEP2") in their products. With WEP, the receiving station must use the same key for decryption. Each radio NIC and access point, therefore, must be manually configured with the same key. The security exists between the two wireless devices only - once the data enters the wired circuit the security no longer applies.

    What are the issues with WEP?
    WEP is vulnerable because keys that remain static. With only 24 bits, WEP eventually uses the same initialization vector (IV). If a hacker collects enough frames based on the same IV, the individual can determine the shared values among them, i.e., the keystream or the shared secret key. This of course leads to the hacker decrypting any of the 802.11 frames. The static nature of the shared secret keys emphasizes the problem. 802.11 wireless network does not provide any functions that support the exchange of keys among stations. As a result, system administrators and users generally use the same keys for weeks, months, and even years. This gives mischievous culprits plenty of time to monitor and hack into WEP-enabled networks.

    What is WPA?
    WPA was designed to enhance the security of wireless networks and to eliminate the limitations of its predecessor WEP. There are two flavors of WPA: enterprise and personal. Enterprise is meant for use with an authentication server, which distributes different keys to each user. Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase.

    Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger initialization vector, this provides greatly improved protection against, and effectively defeats, the well-known key recovery attacks on WEP.

    In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently unsecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "message integrity code") is used in WPA, using an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.

    How is WPA more secure?
    By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with older network cards. Due to inevitable weaknesses of Michael, TKIP will shut down the network for one minute if two frames are discovered that fail the Michael check after passing all other integrity checks that would have caught noisy frames. It will then require generation of new keys and reauthentication when the network restarts, forcing the attacker to start over.

    What is WPA2?
    WPA2 is the next generation of security system in the WPA realm. WPA2 has introduced the Advanced Encryption Standard (AES) algorithm for even more secure networking.
    Neetu800 likes this.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  2. #2
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Please let me know whether this article was useful to you. It will help me in preparing more articles on similar topics.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  3. #3
    Junior Member
    Join Date
    Dec 2007
    Posts
    64

    Default

    Quote Originally Posted by just4kix View Post
    Please let me know whether this article was useful to you. It will help me in preparing more articles on similar topics.
    This was really a informative article. i would say that whole of the article is good and really help full. Keep up the good work.

  4. #4
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Thanks.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  5. #5
    Junior Member
    Join Date
    Feb 2008
    Posts
    1

    Default

    Quote Originally Posted by just4kix View Post
    Please let me know whether this article was useful to you. It will help me in preparing more articles on similar topics.
    This was very useful. One question. If my wireless broadcast is disabled, does it mean that I am not using it? Or more precisely, how can I disable my wireless part and use only the wired part of the router?

  6. #6
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Quote Originally Posted by noob View Post
    This was very useful. One question. If my wireless broadcast is disabled, does it mean that I am not using it?
    Disabling the Wireless SSID Broadcast will simply mean that the SSID will not be visible in the neighbourhood. This will make it difficult for hackers to heck into your network. But there are sniffer programs available that can do the job for hunting hidden networks.

    Note that disabling Wireless SSID Broadcast does not turn off wireless network.

    I do not recommend disabling Wireless SSID Broadcast. Use a better security method such as WPA or WPA2.

    Quote Originally Posted by noob View Post
    Or more precisely, how can I disable my wireless part and use only the wired part of the router?
    As regards to your second question, a wireless router will always enable wireless networking. It cannot be disabled. That is what its main function is.

    Many people are too much paranoid about Wireless networks. Do the following:

    1. Have a strong unguessable 'admin' password.
    2. Change the router IP address to something unusual; don't keep it simple such as 192.168.1.1 or 192.168.2.1, etc. In fact, deviate from 192.168.x.x.
    3. Implement WPA/WPA2 security with a very long key (more than 40 characters)

    ... and it is more or less impossible to break your wireless. Or I will say possible but not probable.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  7. #7
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    I also advise you to read the next part: Wireless Security Primer - II
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  8. #8
    Admin's Avatar
    Join Date
    Jan 2006
    Posts
    8,500

    Default

    Excellent thread is al I can say Keep up the good work.

  9. #9
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Quote Originally Posted by Admin View Post
    Excellent thread is al I can say Keep up the good work.
    Thank you.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  10. #10
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default Wireless Security Primer

    Hi,

    I am new to this community and I found your article to be very informative. Though, I work in IT but, not related to Networks.
    Now I have a Type II modem & with BSNL broadband and I have 2 issues:

    1) I can't recive mails on my mobile through wi-fi...due to user name / password which I can't put it in my mobile &

    2) how to configure my modem(given by BSNL guys....a taiwan product I think)

    Could you help me in sovin these issues...may be I am missing...ideas to configure my cellphone & my modem as well.

    Many Thnx.
    Cheers.

  11. #11
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Quote Originally Posted by leonmallet06 View Post
    Hi,

    I am new to this community and I found your article to be very informative. Though, I work in IT but, not related to Networks.
    Now I have a Type II modem & with BSNL broadband and I have 2 issues:

    1) I can't recive mails on my mobile through wi-fi...due to user name / password which I can't put it in my mobile &

    2) how to configure my modem(given by BSNL guys....a taiwan product I think)

    Could you help me in sovin these issues...may be I am missing...ideas to configure my cellphone & my modem as well.

    Many Thnx.
    Cheers.
    For both of your question, the answer lies in configuring your Type II modem in PPPoE mode. In PPPoE mode, the username and password are stored inside the modem. The modem dials the connection and then there is no need to create a dialer. PPPoE is also known as 'Always ON' connection. Please read the sticky posts in BSNL forums.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  12. #12
    Bronze Member players_player's Avatar
    Join Date
    Jun 2008
    Posts
    295

    Default

    thankx for this post jus4kix... its a really good one!! in such simplified language i was able to understand things even better.

  13. #13
    Junior Member
    Join Date
    Aug 2008
    Posts
    9

    Default

    How can we disable Wireless SSID Broadcast
    :taz:

  14. #14
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Quote Originally Posted by test20082 View Post
    How can we disable Wireless SSID Broadcast
    There is an option to enable or disable SSID right where you define the SSID.

    Disabling SSID is not very useful but that doing that does not annouce you in the wireless network neighbourhood.

    However note that if you disable SSID broadcast even your wireless computer cannot detect it.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  15. #15
    Junior Member
    Join Date
    Aug 2008
    Posts
    9

    Default

    I can't find the disabling option.

    I could see as below:

    Wireless -- Basic

    Enable Wireless - Checked
    Hide Access Point - Unchecked ==> Is this for disabling the SSID broadcast?
    SSID: [Some name]
    BSSID: [ Some value]
    Country/District: India

    Enable Wireless Guest Network - Unchecked
    Guest SSID: Guest

    Also, 2nd question:
    Security tab

    Network Authentication: WPA2 -PSK
    WPA Pre-Shared Key: [Gave the key value]
    WPA Encryption: TKIP
    WEP Encryption: Disabled ==> Can I enable this? What will happen if I enable this, which key would I have to enter to connect to internet. In this case if I also make the WEP enabled, there will be the network security key for this also. So now when I try to connect to wireless network from Start->Connect To, then which key should I have to give, will it be the WEP key or the WPA2 key
    :taz:

  16. #16
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Hide Access Point - Unchecked ==> Is this for disabling the SSID broadcast?
    Make it checked. That will do it.

    But if you have already implemented WPA2-PSK/TKIP security, there is no need to hide SSID. Just make the TKIP long and strong.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  17. #17
    Junior Member
    Join Date
    Aug 2008
    Posts
    38

    Default

    Great article for newbies, thank you very much. Sometimes I need info just like this, because I keep forgetting the basics, lol.

  18. #18
    Junior Member
    Join Date
    Aug 2008
    Posts
    1

    Default

    nice informative article. keep it up.

  19. #19
    Junior Member
    Join Date
    Aug 2008
    Posts
    9

    Default

    Quote Originally Posted by just4kix View Post
    Make it checked. That will do it.

    But if you have already implemented WPA2-PSK/TKIP security, there is no need to hide SSID. Just make the TKIP long and strong.
    Thankx buddy

    Can you give me some information on MAC address and IP address and other similar stuffs that I can do in broadband settings
    Last edited by test20082; 16th September 2008 at 02:54 PM. Reason: Automerged Doublepost
    :taz:

  20. #20
    Junior Member
    Join Date
    Apr 2008
    Posts
    40

    Default

    i have a Dlink 2640 T on PPPoe mode
    i wanted to have a WPA or WEP security, but whenever i try to keep it secure, the internet doesnt work
    is there anyone in the forum who has the same modem and has ensured security
    also i cant use the bridge mode with this modem
    please somebody guide me

  21. #21
    Bronze Member Jaganathsamal's Avatar
    Join Date
    Dec 2008
    Posts
    169

    Default

    Many routers support disabling the wireless part only, mine does. For mac address , go to command prompt (type cmd in the run window) and type ipconfig /all to see ur mac address.

  22. #22
    Junior Member
    Join Date
    Jan 2009
    Posts
    1

    Default BSNL Type 2 modem to connect Laptop

    I got BSNL type 2 wireless modem DNA-A211-1, ADSL2+ Modem.
    I connected the modem with the PC and got the Internet connection. Now I donot know how to connect my laptop with this modem. In the modem the WLAN light is not glowing and my laptop is also not finding the Wireless modem.

    Can anyone help me how to make the WLAN light to glow in the modem and to configurate the Laptop connection through wireless modem with password please.

  23. #23
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Quote Originally Posted by leonmallet06 View Post
    Hi,

    I am new to this community and I found your article to be very informative. Though, I work in IT but, not related to Networks.
    Now I have a Type II modem & with BSNL broadband and I have 2 issues:

    1) I can't recive mails on my mobile through wi-fi...due to user name / password which I can't put it in my mobile &

    2) how to configure my modem(given by BSNL guys....a taiwan product I think)

    Could you help me in sovin these issues...may be I am missing...ideas to configure my cellphone & my modem as well.

    Many Thnx.
    Cheers.


    u modem is configure in brigege mode i think

    u have to configure in ppp0E mode whish will ask u to put your username and password

    and u have to enable wireless

  24. #24
    LEARNER
    Join Date
    Aug 2007
    Posts
    15,263

    Default

    @satishalluri
    No idea how you posted a reply after almost 9 months to @leonmallet06.

    Anyway I saw your post of date, and added further information.
    Please post replies or comments to threads active today, ( click Live Updates ), and go back, if time permits ,for two or three more day's. threads.

    usually it is assumed the problem is solved, if the thread starter does not respond to various posts within a time span. ( say one week ).

    Of course if you add New Information, which is not
    available/mentioned in other posts, it will be useful..
    I don't think I have also added anything new ,
    For @ leonmallet06
    Now I have a Type II modem & with BSNL broadband and I have 2 issues:
    1.
    2) how to configure my modem(given by BSNL guys....a taiwan product I think)
    Please select the modem from the menu.
    BSNL BROADBAND MAIN MENU
    2.
    I can't recive mails on my mobile through wi-fi...due to user name / password which I can't put it in my mobile &
    mention your mobile model make.
    confirm you get connected to BSNL Internet in Wifi mode.
    Last edited by Admin; 19th August 2017 at 08:21 PM.

  25. #25
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Smile

    thanks
    Quote Originally Posted by just4kix View Post
    Please let me know whether this article was useful to you. It will help me in preparing more articles on similar topics.

  26. #26
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Thanks rsprabhu. Please check out my articles (link in my signature).
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

  27. #27
    Junior Member
    Join Date
    Oct 2008
    Posts
    2

    Default great info

    i must say this is a wonderful piece of info for ppl who are not tech savy and still want to play safe!!!!!

  28. #28
    Guardian Angel just4kix's Avatar
    Join Date
    Dec 2007
    Posts
    11,632

    Default

    Thanks, himahuja.
    *** Never argue with an idiot. ***

    All my useful articles and Guides | My DVDs | My Blu-Rays | My Blogs
    -------------------------------------------------------------------------------------------

Similar Threads

  1. Replies: 1
    Last Post: 19th February 2012, 11:25 PM
  2. Wireless Security Primer - II
    By just4kix in forum Broadband How to
    Replies: 52
    Last Post: 17th August 2009, 10:08 AM
  3. wireless security
    By mohdirfanz in forum BSNL broadband
    Replies: 3
    Last Post: 23rd October 2008, 06:25 PM
  4. Wireless Security Primer
    By just4kix in forum Computer hardware and software tips and tricks
    Replies: 8
    Last Post: 23rd February 2008, 09:45 PM
  5. Wireless Security Primer - II
    By just4kix in forum BSNL broadband
    Replies: 9
    Last Post: 25th January 2008, 09:26 AM