Network security - how to protect wireless LANs from intruders


Using wireless LANs is convenient but raises some security concerns. To know how you can protect your wireless connection from intruders, read the detailed article.

In the present days when offices, universities or individuals prefer wireless networks at home, we almost overlook that with this convenience there are some security concerns also. Since wireless networks are broadcast on radio waves, there is no physical restriction on which system can and which cannot access the network. Though the intent might not be malicious- an intruder might be just looking for free internet access but he can also use this wireless network to see all the data packets that you send to other wireless clients i.e., to snoop on internal communications. Your private network can be accessed by anyone having a laptop or handheld computer if the wireless network is unprotected. But if the methods stated below are implemented, you can lessen the chances of an interloper breaking into your system.

How to protect wireless LANs from hackers?


Configure access points for specific wireless network cards

All wireless networks have self-contained hardware called Access Point (AP). AP connects multiple wireless nodes to a dial up modem or an existing Local Area Network (LAN). Each network card has its own unique MAC address which is hard coded by the vendor. If you configure APs to allow connections from some specific network cards, only those systems which have a trusted MAC address can join the network. This stops a hacker from getting instant access but if he is patient enough to sniff the network, he can log the MAC address in use.

When a rogue wireless card will use your MAC address, all the existing connections will die and you may get an alert that the connection is attempting to reset. However, if an interloper logs your MAC address when the system is off, you will not be able to know about it.

Pick a random Wired Equivalent Privacy (WEP) key

The AP must be configured to use WEP which encrypts the data flowing between the AP and the hosts. The encryption key or network password must be random and not a dictionary word so that it becomes hard for the snooper to guess. Though an interloper can break this key but this won't be too easy or fast. He will have to wait and capture enough traffic to exploit the shortcomings in WEP.

Change the default Service Set ID

The Service Set ID or SSID is the name of wireless network. Since radio waves of multiple wireless LANs can coexist in an area, the SSID differentiates the networks. To set a wireless connection, a user must type his SSID. Most vendors have a global default SSID setting and if an interloper finds out who the vendor is, he automatically gets to know what the SSID is. Thus, you must change the default SSID given by the vendor and choose a name that is hard to guess. The name should not be related to your own name, birthday or business. Infact, it should be a meaningless mix of numerical, capital & small alphabets.

Use Virtual Private Networks

Using Virtual Private Networks or VPNs for communications are the best way to ensure security. It solves all the above stated problems of MAC address spoofing, WEP and SSID insecurities.

Use a firewall or VPN machine to establish a VPN with wireless clients. Apart from an address on wireless network, the clients will have a virtual IP address on the VPN. It is from this virtual IP address that all data packets will pass. VPN packets will be especially encrypted and encapsulated in VPN protocols like PPTP and IPSec to make them invisible to interlopers.

You can create a VPN in many different ways. Some of them include tunneling PPP over SSH channels and using non-standard protocols like Tinc and VTun. As stated before, using VPN is the best way to ensure the safety of your wireless communications. However, the drawback is that it requires every network client to install VPN software. This makes this method a bit inconvenient and difficult to implement.

Read Introduction to wireless networks and wireless security threats


Comments

Guest Author: Balvinder Singh18 Feb 2015

Very important information shared in this article. Thank you very much. What is the price of best Wireless router?



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: