Introduction and background

Wireless networks are not just since Intel’s Centrino campaign and last but not least by the numerous offers from the Internet service provider to the periphery, which enjoys considerable speed increasing popularity. No wonder is also everything so beautifully simple. The W-LAN router, in a few minutes with the Internet married, can bring quickly and easily on the Internet the whole family, without having to run annoying cables. In particular the access point with integrated router function (often even rudimentary hardware firewall) offer in the meantime a number of useful features for the unadulterated pleasure in a home network.

Unfortunately, it often happens that the safety device it forgotten. Exactly they one is on for wireless connections so immensely important, because of much easier outside a network comes, as it was the case in conventional, wired networks, and is. Without the necessary security measures, it’s a snap to dial in a wireless network, and to use any Internet connections for foreigners with the corresponding equipment in a few seconds. In addition to financial consequences incurred one so in the case of volume or time tariffs, criminal aspects not should be left. So, undisturbed all sorts of things at the expense of the network operator could be hold on an open Wi-Fi and its Internet connection. The parasite on illegal terrain, goes one is below probably faster than one would like and absolutely ignorant State monitoring.

In a spontaneous test just over 100 W-LAN networks in an even more moderately populated area of Hanover could be detected using a mounted wireless LAN antenna on the roof of the car not even 30 minutes, of which approximately 45% due to missing security options were fully accessible. Some Internet connection would have been also possible in a few seconds. Among them were not only private networks, but also many corporate networks. A similar picture was in the Berlin City Centre.

Such open W-LAN to detect caused beginning of 2002 worldwide a stir, as itself in the cities of souped up increasingly cryptic chalk drawings on the walls of houses buried, that attention to such network and invited to free surfing. In July 2002 focused on the magazine of der Spiegel on the name of Warchalk (Engl.: “War chalk”) baptized sign language in an article. Little has done itself however – not just our results indicate that.

The current wireless components provide all inattention despite three important security options that can be set up around ten minutes. Namely, these are the network ID (SSID) the WEP encryption, MAC filtering and that make invisible. We want to play our part in this article “Safer surfing”.

WEP encryption

1St: enable WEP encryption

A basic function of i802. 11 standards and the appropriate hardware is the encryption of the data by WEP (wired equivalent privacy). There are usually two different thicknesses, the 40-bit (64 bit), and the 104 bit (128 bit) strong encryption. With 40 bit encryption the key consists of ten and the 104 bit variant of 26 hexadecimal digits (A hexadecimal digit = 4 bits). The 64-bit or 128-bit be achieved that a 24-bit long Initalisierungsvektor precedes the code, the manufacturers to specify of encryption strength expected this.

Generally, a strength of 64-bit is sufficient for the private sector. 128 Bit cause a slight attenuation of transfer rate on the one hand and problems – in the worst case often until connection crashes. The WEP key must be known to both the access point (router) and the respective client, i.e. in the settings for the wireless card, this must be entered into the profile. In the access point the key from the Web interface can (in the manual describes how to get that time) when the settings are entered for the wireless connection. So 10 hexadecimal digits to select are one of the key. (Hexadecimal = 0-9 and A-F) The key itself should be not too easy knitted. A 1234567890 or 0123456789 is therefore anything but useful. The WEP mode must be on “HEX”. The configuration of other manufacturer devices while differs from the approach to the D-link model examples listed by us in detail. The broad is identical and the documentation should provide information here quickly.

The most access points take on four different keys, of which her you have to decide for one. Small tip on the edge: it hurts not to fill in all the keys and to change once every couple of weeks. This brings additional security in the longer term. The client configured it on the key to the access point is connected. To do this using the supplied configuration tool by vendor, or the wireless network configuration, integrated in Windows (XP only!). Pictures say more than 1000 words, why to which the appropriate examples are listed below with. The configuration tool looks different from manufacturer to manufacturer, but often more differ in their appearance as in the design and function. Thus, the first step would have happened. All in all a time just a few minutes.

It should be noted that WEP provides security not 100% as expected to the beginnings of W-LAN. However, the time required is immense to crack such a key. Sometimes millions sent packages are needed for the calculation of the key, which may take on a home network quickly a few hours up to days. By the way, who has the chance to use WPA, which should do this. WPA (wireless protected access) is an advanced version of WEP and offers significantly greater security with a reinforced Initalisierungsvektor, re-keying and message Integry check total. However, not all wireless components support this standard. Access points offer even a “mixed mode” which allows the simultaneous use of WEP and WPA. The crux of the matter is, however, that the network again is safety at the level of WEP-only. WPA brings something only if all clients support this.

MAC filtering

2.Schritt: Filtering of the physical (MAC) addresses

Virtually every W-LAN access point or router offers the possibility to allow only certain MAC addresses. The MAC address (called also physical address) is for each NIC individually and awarded only once around the world (it should be at least). All network traffic is only possible via this address. At today’s cards, the MAC address is 48 bit (12 hexadecimal points) long and having the format XX: XX: XX: XX: XX: XX built up. Each MAC address of your W-LAN cards can read it in the command prompt with the command “ipconfig all”. Often, the addresses are also on the type plate of the W-LAN card.

Now you have the opportunity to say that he is to allow only your cards from the router. To do this, it strives again in the Web interface and is looking for the corresponding menu. There you can either allow specific addresses, or lock out specific addresses. Here the version which is “allow” in most cases easier. You give your addresses into the mask provided for this purpose and adds it to the list of allowed MAC addresses. The rest is excluded so to speak. While there are the way to avoid the procedure again. So slowly it must be really an immensely important wireless – is much too large for a quick joke. The manual of access points can be also useful.

SSID hiding

3Rd step: Invisible SSID

The third point is that hide the SSID. The SSID specifies the name of the W-LAN network. It is only just a few levels of the network virtually something like the Windows workgroup, lower. Ordinary access points offer the function, not to transmit exactly just that name here. The purpose behind it is quite simply that the network and becomes invisible to the outside in a sense. Although the network is detected by all spoofing tools, but nothing happens once without the SSID. As always, the Web interface is useful. The producers describe this feature often under the label “Broadcast SSID” – Yes or no. In the click event on “no”. So, again only the client have a way to connect, who know the SSID. Thus, one should not necessarily recommend the SSID as well as the WEP key. A click and well. More is not really.

Closing remarks

Another point, which is so obvious, but unfortunately – as we discovered in the short test – was not always given, is the award of a new password for the admin access to the access point or router. Here, you should define a new password is important because you otherwise relatively easily can get access to the Web interface of manufacturer standards without knowledge. Just a few products of Telekom (e.g. T-sinus 154 WLAN router) are affected, as there the default password with “0000″ turns out yet extremely simple. Please ensure that it pay attention.

There are a few more options such as a RADIUS server, which is dedicated only for companies with corresponding server equipment. At home you do not need so little. However, should you bear in mind, that by radio a 100% security is never given, as is the case with normal LAN. If you have the time and the technology, which comes in in well protected systems. The three functions listed provide however reasonable protection for home use and keep almost all attackers at a distance.