By: Jeff Johnston

Q: How secure are wireless routers for sharing internet between computers? - Carol in London Ontario

A: Wireless routers have received a lot of bad press lately. I have seen a number of reports on different news programs about the insecurity of wireless routers. The fact is wireless routers are secure if they are configured to be secure. The problem with security in wireless routers is that people generally don't configure them to ensure security. The perception tends to be that configuring a secure wireless network is too difficult. The fact is that most wireless routers comes with easy to follow instructions on how to enable encryption on the router to secure the network. If you follow the steps as laid out in the instructions for securing your network then your network is reasonably secure. By default a wireless router is wide open, which means that anyone can hack into your network.

You may think that no one would bother hacking into your home network, but the fact is people do just that. The process is called "War Driving". Basically the hacker drives around with a laptop and wireless network card, his laptop notifies him when it picks up a network connection that he can use and he parks his car and uses the newly found network connection. This allows the hacker to use your internet connection for whatever he wants, hacking into other systems and leaving a trace back to your network, surfing for illegal pornography, or anything they want to do on the internet and not have traced back to them.

One method is to use MAC address filters. Using the management software that came with the router you would be able to specify which specific computers would have access to the router. Because MAC addresses are hard coded to a network card you would be ensuring that only the computers you specify are permitted to use your network. The problem with this method is that it takes a considerable amount of manual configuration, however the instructions for doing this configuration should be included in the documentation for your router.

The generally preferred method for home networks is WEP, or Wireless Encryption Protocol. This method works by establishing a shared key, or password, between the router and the computer. Data is encrypted before being sent over the airways and the key is needed in order to send to the router or receive from the router. In other words, the computer would have to have the password in order to use the connection.

While there is no such thing as the 100% secure wireless network there is certain precautions you should take in order to ensure the security of your home wireless network.

WEATHER CHANNEL commented: good post +20
Member Avatar for TKSS

FYI...WEP is actually Wired Equivalent Privacy.

Here's my thoughts on it:
Bad part about MAC Addresses is that they can be spoofed. My buddy Josh demonstrated a wireless router hack with his laptop and a MAC spoof script. The thing is that most routers will accept a connection to them as long as the MAC addy matches....which means that you could have as many connections as you want as long as the MAC is ok...kinda insecure if you ask me.

As far as encryption...even if you're using 128-bit WEP, part of the key is transmitted in plain-text. This is the initialization vector (IV) used in the hand-shake process. The IV is usually 24 bits, so the security of your WEP encryption is effectively 112 bits. I've seen people crack this encryption in about 8 days...Also, the WEP checksum is linear and predictable.

Did you know that there are readily available programs that can hack you WEP? I can think of three script kiddie programs that anyone can download and use piece of cake...some people have reported that in 3 days they can hack any high traffic WEP and in 7-11 days any low traffic one. To me, if my neighbor happens to be someone who can download a script and use it, then I'm going to be giving him or her free access and giving myself one heck of a headache.

Another point for those with small businesses. If you have a WEP network and then you terminate an employee...guess who still knows that key? Think that if they came across an add offering to buy a key they might sell? They're out there believe me. That ex-employee still knows the key and can sell it or sit outside your office with a laptop and sniff away all day long without you even knowing. That in itself is a reason I will never recommend wireless without lead walls.

Bottom line, I just don't think it is worth it. I can route cables through my walls no problem.

If you want ultimate secure WEP, you'll have to drop a few thousand on Cisco's switching key technology or else just wait until a new standard comes out that has more security.

Whoa, a educated security thread at techtalk,long time no-c, however I will take a sec to correct some things and apply some input. Let's see

That in itself is a reason I will never recommend wireless without lead walls.

WOW.....man I thought you said you work for the DoD in another thread! "Leadwalls"....do what?
Line of site wireless connections are quite secure and very popular with the DoD, remember!
Wireless can be very secure, line of sight using a spread spectrum signal is one example. This requires the attacker to physically be between the terminal and the access point as well as requiring them the pick up singals which are below the noise floor. And if you don't believe me google noise floor and do the math.
If you are worried about threats that can break this, you are going up against some serious heavies. Kiddies, crackers, corporate spies, ect.......

FYI...WEP is actually Wired Equivalent Privacy.

Wow, you are right, It also stands for .......
WEP Wireless Encryption Privacy
WEP Wireless Encryption Protocol (network security)
WEP Wage Earner Plan (bankruptcy)
WEP Water Entry Point
WEP Water-Extended Polymer
WEP Weapon
WEP Well-known Entry Point
WEP West European Politics
WEP Windfall Elimination Provision (Social Security benefits)
WEP Wisconsin Electric Power
WEP Word Error Probability
WEP Work Experience Program (workfare) ect........ God bless google. ;)

Here's my thoughts on it:
Bad part about MAC Addresses is that they can be spoofed.

If they're using MAc address filtering it's trivial to change your MAC adress, it's weak security and just plain bad policy. Any skiddie can blow through that..........
Hacker stratification.
Industry views
Tier I: The best of the best the folks with an IQ high enough to boil water 3X's over. Only a handle full exist.
* The ability to find new vunerablities
* Ability to write exploit code and tools
Tier II: Have the ability to understand the vunerability
* Are IT savvy
* Intelligent enough to use the exploit code and tools with persicion
Tier III: "Skiddies"
* Inexpert
* Ability to download exploit code and tools
* Very little understanding of the acutal vulnerabilty
* Randomly fire off scripts untill something works.
Source: http://www.amazon.com/exec/obidos/t...249753?v=glance
It's a good little book.

If you want ultimate secure WEP, you'll have to drop a few thousand on Cisco's switching key technology or else just wait until a new standard comes out that has more security.

One of my roomates who I work with, he is a senior WAN hardware manager (Cisco, 3Com, Linksys, etc...) he disagrees. Our company contracts to all branches of the military, DoD, Fourtune 500 companies ect....

Did you know that there are readily available programs that can hack you WEP? I can think of three script kiddie programs that anyone can download and use piece of cake.

KoppixSTD

To me, if my neighbor happens to be someone who can download a script and use it, then I'm going to be giving him or her free access and giving myself one heck of a headache.

Yeah, it's ashame that people can't read TFM's anymore and configure properly. ;)


******Edit Directions for changing the NIC's MAC address

/sbin/ifconfig etho down
/sbin/ifconfig etho hw ether 00:A0:CC:64:C7:21
/sbin/ifconfig etho up

WOW, quite the conversation this insatallment of Ask The Computer Geek started.

TKS: While you raise some interesting points you must remember that the question was posed in order to share internet connections between two home PC's. I personally would any company that requires strict security take that into consideration, however the average home users do not need anything more than installed WEP, you claim to have seen this cracked in 8 days, well that is all well and good, but do you really think anyone is going to spend 8 days to hack into a home computer network used for internet sharing?

Member Avatar for TKSS

Good point...I just wanted to give people an opp to understand that its easier than they think to hack WEP.

As far as the lead walls. I was trying to be funny...superman style. But alas, tone of voice and speaking style translates horribly in posts :(

As far as me working for the DoD...yep I do...the USAF. I'm just a local adminstrator for 6 computers. Nothing big. They didn't send me to school. They didn't train me for nothing. I work on avionics in the F-15E. Computers are just my secondary function at work and my passion at home. :)

Member Avatar for TKSS

but do you really think anyone is going to spend 8 days to hack into a home computer network used for internet sharing?

Depends on what they are after and how much patience they have. The good ones always have patience. If I were a hacker and wanted to not get caught, I'd never use my own connection. I'd find some unsuspecting user who doesn't know squat about WANs, LANs, VPNs, or whatever. Then I'd tap right into his connection and get to work. Kinda scary that it really could happen. Of course, I could have a comet dropped on my head when I walk outside the door too.


I remember quite a few years ago, my friends and I would use payphones and laptops to connect to the internet when we were doing our 'investigations.' Since finding out you can seriously mess peoples computers/lives etc. up...I've given up that side of things. However, not everyone is smart enough to get out of it before it gets them. Hence why I feel everyone should be aware that there is a definate (while not widespread) security problem with WEP. But, I'm glad you posted about this...I was set to post something about it as well just before I read the thread :D

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.