India Broadband Forum

just4kix

Last week, I wrote this article on improtance of Wireless Security. We all would agree that security should be of paramount importance but when it comes to implementation we are sometimes too lazy to do it. I have posted in this guide (Setup of ADSL Modem/Router UT-300R2U with Linksys Wireless Router WRT54G) steps on how to implement WPA or WPA2 security. It is not difficult at all and should not take more than 5 minutes.

However all security will be of no use if:

a) Your wireless router's password is known
b) People can freely access your wireless router

In this blog, I intend to discuss on how to plug this basic security hole as much as possible. Note that nothing is secure - a determined hacker can and will hack into networks. But considering that most of us live in residential neighbourhoods and expect that people living around you are not experts are hacking some of the methods discussed here should suffice.

Although this blog is being posted in the BSNL forum (because most people view this forum the most), the contents apply to any wireless network.

The following two steps are not an alternate to wireless security. Indeed you must implement wireless security over and above the following.

Steps to make your router password strong:

There are enough articles on the internet on how to build a strong password. Those of you who work in corporates are even aware that corporates now insist on very strong password policies. To reiterate these policies, you can make your password strong and secure if you do the following:

a) Make your password at least 10 characters long
b) Use a healthy mix of uppercase and lowercase letters, numbers, special characters, etc.
c) Avoid using dates of any kind such birthdays, anniverseries, etc.
d) Avoid using full or part of your or your family members' name or surname in your password
e) Do not use names of places of importance to you
f) Do not use repetitive characters
g) Finally change your password every 45 days or so

Make your wireless router inaccessible as far as possible

The best way is to disable Wireless SSID broadcast. But this will be of as much inconvenience to you as to everyone else. Herein, I will suggest some other methods to make your router inaccessible.

a) The first step is the name of your Wireless network (SSID). This is the name that appears in your wireless network on your PCs when you switch on wireless. Most of the times, we do not change the default name - the default names are often like 'default', 'linksys', 'netgear', etc. Change your network name to something weird. This will make the potential hacker think that your network is hard to crack.

b) Change your wireless router's IP address to something unguessable. And this is the main trick. A potential hacker knows that IP address of wireless router is likely to be 192.168.1.1 or 192.168.2.1 or 192.168.0.1, etc. A few tries and the hacker gets the router's login page. The username is almost always 'admin' and if the password is not strong - wham! the hacker is in and can see all your setup, WPA keys, etc.

Once the WPA key is known the hacker does not need to login again on your wireless router because it is unlikely that we will change WPA key again and again. The hacker has the WPA key and that is all is needed.

So the key is change your router's IP address to something unguessable such as 129.241.167.91 - well anything really - all those four digits could be any number from 0 to 255.

The above steps side by side with wireless security should be quite sufficient for most.

p/s Please rate this article and post your views, suggestions, diagreements, etc. I would like to hear more and more on this.

__________________

niraj8241

bro i know many tips and tricks as to how break all the security issues.

there are many softwares available as to how we can guess any ones router config.


except a cisco router........

just4kix

I agree that no security is perfect. I said so in my fourth para.

niraj8241

actually wireless is still not a good solution to opt on

Admin

What do you suggest for me if I want to go and use my laptop in my living room? Pull a 50 meters Ethernet cable and run it across three floors?

niraj8241

but what will be the condition if some one has hacked ur network and is surfing at a random rate and will resiult u in a huge bill.... and same bandwidth prob is there with wireless one.

and with the fact of using a ethernet cable

1. no chance of hacking and so no huge bills

2. up to date bandwidth

just4kix

I do not understand you when you say - bandwidth problem with Wireless. Can you explain how? Wireless networks operate at 54 mbps. Even the best ISPs the world over do not offer that much speed.

And your whole argument is much flawed. It is as if stating that one should not buy a good mobile handset just because it is liable to stolen.

niraj8241

bandwidth prob is not there when u are there in a viable condition, when condition goes rough the bandwidth goes down, sometimes even half........

(-N-)

i would like to meet ppl who break into wpa/wpa2 encryptions!
i seen ppl break into wep encrypted connections in less than 10 mins but... wpa is no no for many ppl as it uses 64 hexadecimal characters and it will take hours,days,may be even years to break!
its not worth many of the hackers precious time and resources to hack a simple 2mbps internet connection!

-also for windows networking processes the ip address has to start from 192.168.xx.xx,it doesnt take a mastermind to find the ipaddress of a network!especially since most ppl use the dhcp server on their routers!

-turning off wireless broadcast is just the most basic simple defence! most hackers can get ur hidden ssid with a sniffer in seconds!but changing the name from the default name is a good idea!

just4kix

Thanks for the valuable inputs (-N-).

I have changed the IP address of my wireless router to something totally different as suggested in the post. It works!!

skolat

This is really a good article to read. I have BSNL type 2 modem, Can some one help me in config and restricting the access to outsiders. Since i am new to network's and not from IT backround I am not able to understand most of the terms.

just4kix

If you read the other guides in this section, they will explain the procedure for those router models.

Each router may have a different setup page and look and feel, but the principles are always the same.

skolat

Thanks Just4kix, With help of your article, I managed to configure my connextion with WPA-psk security today. Thanks again. But my IP address reads as 192.168.x.x, can i change to different IP#, say 192.454.234.324...eg? as a constant (static) ip #?.

just4kix

Yes. But each number cannot exceed 255. You IP can be anything like:

[1~255].[0~255].[0~255].[0~255].

Remember that this is the internal or local IP for the router. Your ISP will give your modem/router another IP address called as real or external IP. You cannot change that as it is assigned by the router of the ISP.

skolat

As i learnt from your article, changing the IP address will help in redusing the risk of getting hacked...Is it advisable to change the IP address? if yes would you be able to let me know procedure to change the same? Thanks

just4kix

It is not necessary to change IP address but it is useful to change it. Just to make it clear, changing IP address does not guarantee safety. It is an additional safety measure. If I were to give an analogy of cars, wearing safety belts and having airbags is the real safety. Some cars also have ABS that provide additional safety. This is just like that.

Of course, the real safety is staying within speed limits and not drinking and driving.

But I am digressing.

To change IP settings of the router, go to it's web configuration page and navigate to LAN settings. Sometimes it is also available in the main page itself. Please refer my guide on Linksys WRT54G in this section.

sauptikc

Will do as suggested.

Oigen

Good points. Of course that it doesn't matter what security you have in place if everyone knows your passwords.

ensine

Its a really cool article. I have already changed the router password. Now I will change the IP also.
I was trying to switch from WEP to WPA. Mine is Linksys WRT45G router.
Will you spare some of your time to explain how to configure?

Thanks in advance...

just4kix

Please read the guide posted in this very sub-section.