Wireless Home Network: To Secure or Not to Secure, That is the Question.

On 10.01.11, In blogging, computers, cryptography, Internet, Wireless Access, By Dan Calloway

by DAN CALLOWAY, Editor-in-chief, TCW
Published on 1 October 2011

WEAVERVILLE, NC – With all the confusing terminology associated with wireless networking–and especially home networking–it’s difficult for the everyday layman to implement any form of security on their home wireless LAN (WLAN) let alone determine whether they really need it. This article will help you to understand the terminology a little better and will answer the age-old question whether your WLAN needs to be made secure or not.

The answer to that question is a resounding YES! Most definitely, home networking systems, which include a Broadband modem, host computers and wireless laptops, iPods, TiVo’s, and other devices need to be made secure over the wireless/wired router that you are using to establish your wireless Local Area Network (LAN). The device that needs the greatest security is the router that establishes the wireless LAN that connects all your host computers and devices behind your ISP.

Today’s routers come in many different models and manufactures, but they can be categorized into three basic groups for the purposes of networking standards. These are 802.11a, 802.11b/g, and 802.11n. The latter version is replacing its predecessors because of its improved security features, enhanced performance, and ability to handle much faster networking speeds (802.11n is capable of speeds in excess of 100Mbps). If you are investing in a router for your home whether it is a Cisco router or another manufacturer, go with the 802.11n standard if your devices will support it. Be careful, however, as some older laptops and even some of the newer netbook devices have Network Interface Cards (NICs) that don’t support 802.11n.

When deciding to setup your home network, keep in mind the following networking terminology that you will encounter:

  •     WLAN – Wireless Local Area Network (Your network that supports all your wireless devices so that they connect wirelessly to your router and, ultimately, to the outside world).
  •     Broadband Modem – This is the device that brings your ISP’s service into your home (this could be a phone line, a cable connection, or satellite).
  •     Router – The device that is connected to your Broadband modem and that routes your incoming Ethernet traffic over the WLAN to your host computers and other devices regardless as to whether they are wired connected or wireless. Usually, the router also serves as the means for making your subscriber connection to your ISP service and also acts as the server that issues IP addresses to your host computers and other devices so that they can talk to one another and to the outside world.
  •     IP Address – This is the 32-bit Internet address of your host device that is often referred to as a dotted quad. This address uniquely identifies your host computer on the LAN and/or WLAN for your home network. An example of an IP address would be 50.51.120.149.
  •     DHCP – Dynamic Host Configuration Protocol. This is the protocol that your DHCP Server (usually your network’s router) uses to issue IP addresses (dynamically) to your host devices so that static IP addresses don’t have to be assigned manually (or statically) by a network administrator. When a new device is introduced to your network, the DHCP Server will automatically detect the device and issue a unique IP Address to it within the range of IP addresses that are specified.
  •     Network Security – the encryption methodology and protocol used to secure a home network so that traffic that traverses the network and that passes to and from your WLAN or LAN to the outside world is not human readable if intercepted. This security is setup on the router.
  •     Wireless Broadcast Name – This is the name that you give your home Wireless network and, which is also referred to as the SSID (Service Set Identifier). This name is broadcast within and without your WLAN so that others may connect to it if you want them to.
  •     Ethernet – The term associated with a family of networking technologies that were developed for LANs and WLANs beginning in the early 1980s. The cables that connect your wired networking devices to the router are referred to as Ethernet cables.
  •     Protocol – Also referred to as the Communications Protocol, is a system of rules and digital message formats that allow for the exchange of data between and among host computers, routers, servers, and other devices on the typical network as well as other telecommunications systems.

After you have established your home wireless network, it is important to implement a strong form of security on that network. Why is this essential? In today’s world, there are individuals and governments that want to obtain your private information and, especially your financial information. In addition, if a hacker can breach your network, they can then use one or more of your host devices as a relay to attack other networks. Thus, it is absolutely necessary that security be established on the router, which creates the means for your home wireless network to function. How is security identified and what do the basic terms mean?

Security on a home wireless network can be established in several different ways using several methodologies and protocols. The basic forms of network security methodologies today are: (1) NO Security, (2) WEP – Wireless Equivalency Protocol (the weakest form of security and has since been deprecated), (3) WPA – Wi-Fi Protected Access, (4) WPA2 – Wi-Fi Protected Access II, (5) EAP – Extensible Authentication Protocol, and (6) LEAP – Lightweight Extensible Authentication Protocol. By far, the most secure means of tightening down your home wireless network would be to use WPA2 and AES + TKIP encryption. AES stands for Advanced Encryption Standard, which is a 256-bit encryption standard used by the military. TKIP refers to the Temporal Key Integrity Protocol, which is a very strong encryption protocol used in wireless networking.

The WPA2 combined with AES or TKIP, or both would make for the strongest security possible on a home wireless network. Just keep in mind that some devices may not support the use of AES and TKIP when used with WPA2 and you may have to decide between AES and TKIP when creating a secure network. If this is the case, then I highly recommend using AES over TKIP because of its hightened encryption capabilities.

Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

Rebuilding a Network LAN — Lessons Learned

On 04.18.10, In cryptography, Data Backup, Security, Wireless Access, By dancalloway

by DAN CALLOWAY
Published 18 April 2010

WEAVERVILLE, NC – I have a wireless home Local Area Network (LAN) consisting of a ProLine 6100 DSL broadband modem/router, Cisco WRT54G 802.11B/G wired/wireless router (acting as the Broadband gateway and DHCP server) operating in the 2.4 GHz range on Channel 6, and connecting one Dell Inspiron B130 laptop wired for admin console purposes running Windows XP, one Dell Inspriron B130 laptop connected wirelessly running Ubuntu Linux 9.10, one Acer Netbook connected wirelessly running Ubuntu Linux Netbook Remix 9.10, and two MacBooks connected wirelessly running MacOS 10.6.3 (Snow Leopard).

I chose to configure my Home network LAN by bridging the ProLine 6100 Broadband modem so that I removed the router functionality of that device but retained the NAT layering of the resultant switch after bridging. The Cisco router was configured with no wireless security being applied but, instead, a MAC filter list was setup on the router with an access-list permission statement that allowed only those devices whose MAC addresses were in my MAC filter list to access the router and thus connect to my LAN. The MAC address is a layer-2 address that is hard-coded into every wired and wireless NIC (Network Interface Card) by the manufacturer and is unique. No two NICs have the same MAC address worldwide. With MAC filtering in place, if someone attempts to connect to the wireless LAN, if the MAC address of their wireless NIC is not resident in my router’s MAC filter list, they won’t be able to connect to it. This is certainly true unless someone is smart enough to spoof the MAC filter list. I always thought that it was too difficult to spoof the MAC address to access a wireless network but after yesterday, I’m convinced that someone with the right tools and skill set can do it fairly easily. So, what I thought was a secure network wasn’t really secure at all.

Yes, day-before-yesterday, an apparent attack on my home LAN resulted in our losing connectivity to our Broadband service. The network intruder was apparently able to reset my Broadband Proline modem/router (while bridged), and totally reconfigure my Cisco WRT54G router, eliminating the MAC filter list contents, which contained well over 20 entries for other devices in my home in addition to my PCs that access the network for communication purposes to other services. Fortunately, all our PCs run Linux or MacOSX 10.6.3 (Snow Leopard) and, so, the intruder was not able to breech security on those boxes.

It took me the better part of the morning yesterday to rebuild my home wireless LAN. I have bridged the ProLine 6100 once again, and rebuilt the configuration of my Cisco WRT54G router. I am back online but have learned some very important lessons as a result of the attack on my wireless LAN:

(1) Never underestimate the persistence of hackers or their abilities to breech a wireless home network. This includes your neighbors who might try to steal your wireless connection.

(2) MAC filtering on a wireless router to prevent access to the router is not as secure as WEP security for the network.

(3) Save your router’s configuration by backing up the Config.bin file and putting it in a location that you won’t forget so the router’s configuration can be easily restored from the backup in the event the configuration is destroyed. This will save tons of time in rebuilding your router’s configuration.

(4) Apply some form of network security, preferably WPA-PSK (Wireless Protected Access – Preshared Key) rather than WEP (Wired Equivalency Protocol) on your LAN to secure the network in addition to MAC filtering.

Wikio
Wikio
Tagged with:
 
3 Comments
Please Leave A Response

Introduction to Cryptography and PGP

On 08.31.09, In cryptography, By Dan Calloway

by Dan Calloway
Published August 31, 2009 at 3:20pm EST; The Chronicler’s Web

Data that can be read without any special measures is called plaintext or cleartext.  The process of hiding or disguising plaintext so that it cannot be read by humans is called encryption.  Encrypting plaintext into an illegible format is called ciphertext.  Encryption is used to hide information from those for whom the information is not intended, and that includes those who can see the encrypted data.  The process of reverting the ciphertext to plaintext so that it can be read by humans is called decryption or deciphering.  Thus the steps in the process are taking plaintext and encrypting it into ciphertext, and then decrypting the ciphertext back into plaintext.

public key cryptosystems

public key cryptosystems

Cryptography is the science of using mathematics to encrypt and decipher data.  Cryptography allows one to encrypt data that travels across the Internet (an insecure means of transmission) to the intended recipient so that it cannot be read by anyone for whom the data is not intended.  Although cryptography is the science of securing data, its companion, cryptanalysis, is the science of analyzing encrypted data and breaking the secure communication.  Cryptanalysis involves a combination of analytical reasoning, the application of mathematical tools, finding data patterns, almost infinite patience and determination, and serendipity. The study of both cryptography and cryptanalysis together is known as cryptology.

Cryptography can be either strong or weak depending on two factors:  time and resources, needed to reveal the plaintext from the ciphertext.  The result of strong cryptography is ciphertext that is extremely difficult to unravel and revert back to the plaintext from which it originated without special tools or a back door, which allows one to bypass the cryptographic security of the encryption.  But, just how strong is strong cryptography?  Strong cryptographic strength is loosely defined as the measure of cipher strength that even employing all the known computers in the world today making over a billion checks per second would not result in the deciphering of the ciphertext created by the encryption process into plaintext before the end of the known Universe.  One would think that strong cryptography would hold up to even the wittiest and smartest cryptanalyst.  However, we cannot predict the computing power of tomorrow, and, thus, we must assume that no encryption, regardless of its strength, is impenetrable.  What we can say is that the cryptographic strength employed by applications such as PGP (Pretty Good Privacy) is among the strongest known to man. (more…)

Wikio
Wikio
Tagged with:
 
5 Comments
Please Leave A Response

Go To Top »
Get Adobe Flash playerPlugin by wpburn.com wordpress themes

SEO Powered by Platinum SEO from Techblissonline