Wireless security problem I didn’t know about
Wireless Security problem I didn’t know about
I use a wireless router for my laptop connection. On my iBook, I have an Airport card. My son, Morgan, has an Airport Extreme card for his connection, while Ash connects with a cable to the router. I learned a couple of things the other day while listening to the Security Now podcast.
First, I learned that disabling SSID broadcast doesn’t work for security. It also makes your network run slower because the router is invisible. That makes it not worth the supposed benefit. The other item I thought was good, but isn’t, is Mac Address filtering. On most routers, you can tell the router which Mac Addresses are allowed to connect to the router. This means I can tell our router that only my iBook, Morgan’s Mac Mini, and Ash’s G4 can connect. The way it can tell is by looking at the Mac Address the computers tell the router they have.
So this doesn’t work at all. Why? The mac address of a computer is in the packets of data being sent back and forth between the router and computer. All you have to do if you are a hacker is sniff and collect the packets. You now know the mac addresses that are allowed to connect to the router. The kicker is that most any computer these days can report any mac address you tell it to. By default, they report the correct one that is actually assigned to your computer, but you can change it.
What can you do? Encryption. Almost all routers can do WPA encryption. Note that this is different from WEP encryption, which is better than nothing like closing a door without a lock is better than nothing. You want WPA encryption, which is basically unbreakable by hackers. You just use the same password for the router and your computer and you are all set. Remember that this means the password is your weak link in the security chain. You absolutely must pick a good password. WPA passwords can be up to 63 characters, and you should use them all. The 64th character is automatically a dollar sign, so you can’t use it.
Find a good random password generator that will handle a 63 character password. I know, you’re saying “I can’t remember a 63 character password!” Remember that you don’t have to. Put the password in a text file. You only have to type it in once on the router and once on the computer and you’re done. You won’t have to type the password every time you want to connect. Once you have the password in, you can copy and paste it from the text file if you need to set up a new computer. If you do this, set up a really really difficult password, your network will now be as secure as you can get it while still being connected to the internet.
