Originally Posted by
SCSInet
http:///forum/post/3215809
IMO nothing that is sold to consumers. Most wireless security schemes, such as ssid disadvertising, mac whitelists, WPA, WPA2, WEP, etc are pretty easily cracked in a very short period by someone who knows what they are doing, such as the 14 year old next door who has too much time on his hands.
The really secure wireless uses certificates and 802.1x authentication schemes... techie stuff so I won't go into it but the one I deployed at work cost us $20K to procure. Personally, I have my house cabled. I have a wireless system like most folks, but it stays powered off unless I am actively using it, which isn't often. My computers are all connected into my network with physical cabling.
All this aside, the thing is that if someone cracks your wireless, they gain access to your internet connection and your computer, but if you have your computer set up properly, there is little they can do with that, and when you shop websites, 99.99% of them nowadays use SSL to encrypt the traffic going from your computer to the internet. Even if someone was able to crack your wireless and sniff (watch and read what goes by on the wire), they likely won't be able to see things like credit card numbers, etc. Most folks that crack residential networks aren't doing it to steal your info anyway, they just want to mooch off your internet connection.
The range of wireless networks is one of their biggest security advantages. More than likely only one or two houses on either side of you are in range of your wireless. Apartments are scary though. I would rather go without internet than risk a wireless in an apartment..... that or crack my neighbor and mooch off him.
Actually WPA2 has been shown to be quite secure for home environments. It supports the 802.11i encryption standards that have been ratified by the IEEE. I've done some pretty extensive testing against it, and yes, it can be cracked, but you need some pretty sophisticated hack tools to do it. Not something readily available or cheap. One thing I like about WPA2 is the protocol creates a new encryption key for each session, while the older encryption standards used the same key for everybody -- which is why they were a lot easier to crack.
To use WPA2, you need a newer model router/WAP (most of the one's made in the last couple years have it). You also need the lastest service pack on Windows XP, or run Vista or Windows 7. There are plenty of tutorials online that can teach you how to setup and implement WPA2.
If you don't want to go the complicated route by changing your encryption method, there are other things you can change on your router to deter people from trying to hack it:
1. Disable the SSID Broadcast - The SSID is the name your router uses to identify itself on a wireless network. You see yours, along with any others in range of your wireless card, on the wireless connection list when you try to connect to a wireless hotspot. You router turns broadcasting 'on' as a default. Most routers have a way to disable this function so that your SSID doesn't get broadcast. So if someone comes wisthin range of your Access Point, they won't see the name on the list. The downside is you have to remember what your SSID is, and you have to manually attach to your router and enter the name anytime a new device wants to use it.
2. Change the default SSID name - Most router manufacturers like Linksys and Netgear use default SSID's on all their routers. Same goes with AT&T (2WIRE- and some three numbers). Wireless hackers who find these devices know what the default admin passwords are, and the default Network IP's are for these devices, giving them a better opportunity to get into the device. Change your SSID to some random name, and it makes it more difficult to determine what type of router it is.
3. Change the default IP address - Most home routers use the same public IP Address scheme for the admin website, and your DHCP. The two most common are 192.168.1.1 and 192.168.15.1. Change your default subnet to 192.168.45 or some other number between 1 and 254 on the third octet. This keeps someone from knowing what your admin web site is, making it harder to hack the router itself.
4. Change the admin username/password - Most people never change their admin username/passwords on their routers (username - admin, password - admin). If a hacker knows the default admin website IP (see above), then uses the manufacturers default Admin login, they can get on your router and wreak havoc. Change this account to some other name that you know, and put in a password with at least 7 characters, with at least two characters being non-alphanumeric.
