Presentation on theme: "Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network."— Presentation transcript:
Wireless LAN Wireless base station has to signal its existence so clients can connect (you laptop or other devices) Attackers of wireless LANs therefore need to be kept out!
Types of attacks Attack laptops and workstations on the network Steal information being transmitted over your wireless network Steal Internet access through your Internet
What Happens When Your Laptop and Workstation are Attacked? Attacker attempts to steal data from hard drives Attacker attempts to damage the data on the hard drives Attacker plants malicious software to attack other computers Attacks can be traced to your computer, not his or hers!
Attacks to steal Internet access Attackers computer joins your network, uses your Internet gateway Attacker could be (for example): –Downloading copyrighted music files –Downloading child pornography –Broadcasting spam –These can be traced back to your Internet connection
How easy is it to attack a wireless LAN? Very easy All an attacker needs is a laptop computer, a wireless card and some software A directional antenna will increase the range over which the attacker can access your network Directional antenna can be made from a Pringles potato chip can! Attackers drive around with their computers looking for open wireless networks
Why is it so easy to invade a wireless LAN? Ease of setup Default settings allow even people with limited technical skills to set up and run a basic wireless network Allows wireless users to use open, public networks (usually for Internet access) Ex. Such as the one at your local Starbucks
How do you keep attackers out of your home wireless LAN? Secure the network Change the service set identifier (SSID) of your base station Change your base stations password Shut off your base stations SSID broadcast Enable encryption (WPA or WPA2)
Changing your SSID To access the LAN you need the service set identifier (SSID) of your base station Changing the default SSID reduces the chance the attacker will be able to guess it (it may be called default, Linksys ex.) Works best with other security measures
Change your password To access the LAN you need the base stations password Changing the default password (oftenadmin or password) drastically reduces the chance the attacker will be able get into your network
Close your network Shut off SSID broadcast Reduces chances that the attacker can see your network at all Like parking your car in a closed garage –If the thief cant see it, he wont know that its available to steal
Enable wireless encryption Encrypt your network traffic –This has to be done on the base station and all access points, wireless adapters, etc. All devices use the same WPA or WPA2 keys WPA or WPA2 (Wi-Fi Protected Access) Dont forget yours; write it down
WPA & WPA2-Personal Choose this option to protect your network with Wi-Fi Protected Access. Choose Password and enter a password between 8 and 63 characters. Wireless client computers using WPA or WPA2 can join the network.
Setting up wireless security Make security changes in all devices (routers, access points, adapters, etc.) through a wired link –If you change a device setting through a wireless link, you could lose the connection when you apply the changes –Set up devices in this order: Base station (Cable/DSL modem) Access points –Test each device for connectivity before you install it in its final location
Wireless security is not perfect However, many simple measures can be taken to make the job harder Wireless LAN security is not perfect but if you make it difficult enough, attackers will pick other targets
Lets Get to Work! Change Default Administrator Passwords and Usernames Change the Default SSID Disable SSID Broadcast Turn on WPA Encryption
Default User Names and Passwords Linksys Comcast User Name: comcast Password: 1234 Linksys User Name: [none] Password: admin NetGear User Name: admin Password: password D-Link User Name: admin Password: admin Cisco User Name: cisco Password: cisco Apple Airport Extreme User Name: [none] Password: admin
Good Web Site of How Tos http://spotlight.getnetwise.org/wireless/ wifitips/ http://spotlight.getnetwise.org/wireless/ wifitips/
Verizon Wireless http://www22.verizon.com/residentialhel p/inhomeagent?cmp=emc-cons09008 http://www22.verizon.com/residentialhel p/inhomeagent?cmp=emc-cons09008 In-Home Agent is a PC application that provides you with fast, easy solutions for Internet questions. It's 24/7 support at the click of your mouse! Looking for MAC version click on the link