digg

Facebook Connect Join Digg About

The ABCs of securing your wireless network

arstechnica.com Sometimes you don't need to know everything about wireless to secure a home or home-office network; you only need to know what's important.

Who dugg this? Made popular Apr 30, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

136 Comments

show profanity settings
expand all
  • HookmasterCH47, on 04/30/2008, -10/+44Or just leave it open and be a good citizen.
  • HookmasterCH47, on 04/30/2008, -5/+32You know what, I hate to do this but... It's not about one specific technology. Sure hiding your SSID isn't really going to work by itself, same thing with mac address filtering... It's called security in layers. Don't just do one thing to stop intruders. Do a lot of little things. Make it a pain in their ass. There's enough wireless signals with poor security that most guys are just going to move on to the next one. And only using WPA2 is stupid too, everything can be hacked if you only have one layer of defense. Plus who is going to hack your lame ass home wifi network. Nobody gives a crap about the kind of porn you look at in your house.
  • relevant, on 04/30/2008, -1/+28that's great in theory until the more unscrupulous people start using your bandwidth for downloading music and movies...things that could potentially make you liable for from copyright owners.
  • rhartman, on 04/30/2008, -5/+29Great uncomplicated guide to Wireless Network security by Ars. The table on page 3 listing encryption standards for the most common media devices is handy.
  • selrahc, on 04/30/2008, -1/+21And if your ISP has bandwidth caps it could end up costing you extra on your monthly bill.
  • totorototoro, on 04/30/2008, -1/+19That overpriced Xbox360 wifi adapter doesn't do WPA2?
  • IllBeBack, on 04/30/2008, -0/+17WEP? I think you must mean WPA or WPA2. And MAC filtering can be spoofed and overcome pretty easily.
  • Tenhi, on 04/30/2008, -0/+17I did this, but apparently it wasn't enough. Some ***** decided to break into my room and steal not only my wireless signal, but also the router itself.
  • stoperror, on 04/30/2008, -2/+17Dugg because I'm sick of being asked to do this for people.
  • ,,|,_, on 04/30/2008, -0/+14My neighbor had an unsecured wireless network and a shared networked printer. I connected to his network late one night and printed something like this... The network was locked down a couple of days later.
  • SkippyDoorknob, on 04/30/2008, -2/+15If I eat the orange you bought at the store, I depriving you of the orange you bought. If I use your wi-fi connection, you can still use it too. (Yes, I realize that I'm cutting into your bandwidth to a certain extent, but still it's not a good analogy)
  • tont0r, on 04/30/2008, -0/+13yeah either that or trying to teach someone how to properly use what they own.
  • schmimd04, on 04/30/2008, -0/+11actually i'm not amazed at all.
  • t3rmv3locity, on 04/30/2008, -1/+12Some don't, and the article was very clear and accurate. You gotta learn it somewhere.
  • Jethris, on 04/30/2008, -0/+9How'd you get the combo to my luggage!?!
  • rmw132, on 04/30/2008, -0/+8I used to work at a major retailer, and you'd be amazed how many people buy a router and their entire mentality is just "well I'll just plug it in and I'm done"...
  • Rivetgeek, on 04/30/2008, -0/+8Prey tell, how exactly do you plan to hack WPA2?
  • FriedTurkey, on 04/30/2008, -0/+8I am glad they finally debunked the "Hiding the SSID". It is just annoying and doesn't secure it from somebody who is really malicious.
  • tont0r, on 04/30/2008, -0/+8you should take the locks off your front door too.
  • zadadka, on 04/30/2008, -1/+9I've done that...played Call Of Duty at the end of the garden in a hammock, complete with a jug of Pimms on the table.
  • blinkfink182, on 04/30/2008, -10/+18Sounds good, then I'll go grocery shopping and let you eat the food that I paid for. Am I being a good citizen?
  • daizaru, on 04/30/2008, -2/+9Why take a chance when great security is 10 minutes out of your day.
  • mwalker05, on 04/30/2008, -0/+7heres the problem. people like you who dont know about network security and identity theft try to give advice. install netstumbler on your laptop then drive around your neighborhood. you will probably find at least a dozen wireless networks, 1/4 wont have any encryption, another 1/4 will likely be WEP. it would take all of 10 minutes to park on the street next to their house, connect to their network, activate a packet sniffer and wait for them to access their online banking.
  • mwalker05, on 04/30/2008, -0/+7i agree. i mean think how much time you waste unlocking your doors. just leave a note saying that the door is locked. im sure you will be fine.
  • Rivetgeek, on 04/30/2008, -1/+8Using wep is like locking your front door with a piece of string tied around the handle
  • fancyj, on 04/30/2008, -0/+7WEP can be cracked in less than 5 minutes, usually less than 1.
  • dudetaz2003, on 04/30/2008, -0/+7For some reason this made me want to set up a RADIUS server
  • IllBeBack, on 04/30/2008, -3/+9And you're not?
  • ErikHarrison, on 04/30/2008, -10/+16Here's the problem with articles like this. There are simply not enough bored ass hackers to go around hacking people's wifi. Sure your neighbors may try to steal your internets, but I would even doubt that the average home user is bored enough to find a WEP key cracker, let alone use one. This, to me, is and always will be a pathetic attempt at scaring joe user into thinking that EVERYONE is out to get them.
  • ultrafez, on 04/30/2008, -1/+7... except for when you want to sit in the garden on your laptop, then you're screwed! Unless you have a nice big extension lead of course.
  • blinkfink182, on 04/30/2008, -9/+15That's because you're a douchebag.
  • nickerbocker, on 04/30/2008, -0/+6You could always use one of these as your WPA key. http://www.grc.com/passwords
  • jer2eydevil88, on 04/30/2008, -2/+8@ultrafez
    There was a time back before the explosion of new users that you would have been correct. Digg does owe it's success in large part to the huge tech enthusiast crowd that made up the original user base. However today we are few and far between as 4chan and myspace users have learnt of Digg and hijacked it from us.
  • teh_techie, on 04/30/2008, -0/+6You guys are missing it... surely he just forgot the /sarcasm tag.

    RIGHT?..
  • rizla420, on 04/30/2008, -0/+4I partially agree with you, but if I "were" to "hack" into someones wifi it would be to hide my location. Screw what they have on their PC's. Get yourself a wifi predator and you can be sitting on someone's network from 3/4 of a mile away. I havent done it myself, but that is one example of what it could be used for.
  • Macskeeball, on 04/30/2008, -0/+4I buried your comment (for the statement that WPA2 is realistically hackable, because it's not), but there was one concept in your post that is on the right track, and that is the idea of defense in depth. By this I do *NOT* mean things such as SSID hiding and MAC address filtering, but rather things like a software firewall on your computer. Using WPA on your router won't protect your system when you connect your laptop to someone else's network. Also, malware could get into one of the systems on your network through some other means, and if that happens you want your other systems protected from that. So, the general idea of defense in depth is definitely a good idea to keep in mind.

    As for the questioning of what person would want to crack your home network, who says that it's a person? It's entirely possible that a neighbor (for example) could unknowingly have malware on their system, and that malware could be trying to do something with your network.
  • fintheman, on 04/30/2008, -0/+4WPA2 + Radius/Cisco ACS/Steel Belted + VPN Tunnel + Mac Filtering + No SSID + MAC Filtering ....ahhh ***** it - run some cable.
  • sparrowkc, on 04/30/2008, -2/+612345
  • KibibyteBrain, on 04/30/2008, -0/+5Yes, but as someone who majored in computer engineering, while I may have studied how to implement AES encryption at one time, I'm not always very adept at explaining these basic things to a general audience. This will be a great guide to send, say, my dad, and is good to know for that reason. I'd imagine that IT guys at small companies who are still trying to get their superiors to approve a budget for a non-WEP security policy at their place of work might have similar needs.
    Also, as mentioned elsewhere, this article is clear and accurate. I've met many, especially older, people in the tech industry who have lots of knowledge picked up since school but its a bit more cloudy than it probably should be.
  • colinnwn, on 04/30/2008, -0/+4Just using WPA2 with a good password makes the rest of your points moot. They can't gain access, so there is nothing to vandalize.

    Change SSID or don't, your call, doesn't matter. Hiding SSID is a potential security vulnerability, since depending on how your wifi client presents connection options and how savvy you are, you could accidentally connect to someone else's network with a hidden SSID also.
  • elipabst, on 04/30/2008, -0/+4LOL. 2 of his 3 points appear in the "Myths" section.
  • daizaru, on 04/30/2008, -1/+5Someone didn't read the article...
  • dukeochutney, on 04/30/2008, -0/+4the Wii supports AES as well just to let everyone know since the article didn't have WPA-AES
  • IllBeBack, on 04/30/2008, -2/+6It's true, no one is going to hack you. The only thing they'll do is steal your bandwidth if you leave your wireless network wide open. Thinking otherwise is just being over-paranoid.
  • hermeslyre, on 04/30/2008, -1/+5Even a tech oriented forum in split into many sections, subforums. In this situation some of the most experienced members in one board may not be quite so comfortable in say networking, probably the easiest of the boards anyways, but whatever. My point is not everyones a memory bank, remembering every little little piece of crap they've learned, and that it's ***** hard to be sponge for everything; Goddamn I find networking boring compared to everything else tech, screw the vocational possibilities. I'm not in this for a job. [/rant] ***** I gotta learn to post, I meant this for the main body.
  • ultrafez, on 04/30/2008, -1/+4I like your style.
  • sparrowkc, on 04/30/2008, -0/+3Bury both, WEP is useless and should never be suggested.
  • colinnwn, on 04/30/2008, -0/+3"And only using WPA2 is stupid too, everything can be hacked if you only have one layer of defense."

    Um, yeah, you're wrong. A randomized 63 character WPA2 key will not be crackable in a reasonable amount of time for several years to come at least, and maybe not until we get quantum computers. All the other security "measures" are, as Bruce Schneider likes to say about the airport, "security theater". Those measures would only slow down the stupidest hacker, and are worthless after implementing WPA2.
  • insertAliasHere, on 04/30/2008, -0/+3More like locking the door, but hiding the key under the mat. It's really just to keep the honest people honest. If you just want to keep random people from leeching your connection, it's fine. If you want real security, you have to step it up. Same with hiding the SSID. Not real security, but it repels the casual leeches.
  • Fetching more discussions...
    Show 51 - 100 of 135 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.