How To, And How Not To, Kind of Half-Heartedly Secure Your Wireless Network
Saturday, December 6th, 2008So we finally got our own internet for the house.
It’s BigPond cable broadband with the wi-fi net gateway option so we don’t have to have a million network cables running all through the house like back in the good old days. And thus so, we have successfully added to the band of happy little access points that seem to be peppered around the various units and houses surrounding us.
Most these days popping up seem to be of the WPA or WPA2 variety (essentially the same thing), though there are still a few of the tired old WEP strains still kicking around in the wild. We even managed to spot one or two of the rare unsecured, unencrypted access points, sitting and waiting, inviting, though at least they seemed to have evolved the ability to filter MAC addresses in the event of any attempted interfacing.
Well, first off, MAC filtering might sound like a pretty good defence mechanism against parasites and leeches, blocking packets from any and all devices excepting the trusted few. Unfortunately it is quite easy with a program like Macshift for a device to masquerade as another device, thus fooling the little unwary access point into serving tasty data — a bit like those cuckoo birds that trick other birds into raising their young.
WEP is not that much better. It’s been dead for years. Most can be successfully penetrated within ten minutes using linux, a bit of know-how and the aircrack suite.
WPA seems pretty solid at the moment, and that’s what we’re using. If you can capture a handshake between a client and an access point you can run a dictionary attack if their password is pretty simple, or a brute force attack, which can take considerably longer — at worst up to a few billion years of computation.
We didn’t want to make ours too difficult to crack however (where’s the fun in that?), so you’re welcome to come down Brunswick Street and give it a try. SSID is currently beaconing as “rocknroll” and we’ll even give you a special clue: the passphrase is a line from a song befitting the SSID.
The prize is free internet! At least until we change the password 🙂
But seriously, if you know you’re the jealous type with who your wireless access point associates with, use WPA encryption and a long password, preferably one with a random series of letters, numbers, and special characters. Then people would probably have more luck physically breaking into the house and plugging a network cable in directly than they would trying to hack your wireless.
Stay safe!