Tuesday, November 16, 2010

How to Cast Out Wi-Fi Intruders

Are you sure you’re the only one enjoying your home network? Here’s how to detect trespassers and block them from pilfering your bandwidth.

You love the convenience of your home Wi-Fi network, and guess what? You may not be the only one. If you haven’t adequately secured your network, it’s possible that others—your neighbors and various other passers-by, for example— are happily gobbling up the bandwidth you pay for.

Now, to be honest, you’re probably not using it all, and sharing is the neighborly thing to do. In fact, many routers will help you do just that (share, not be neighborly). Of course, it would be equally considerate if that guy down the hall offered you some cash to use your network.

That said, you may have some very good reasons for keeping your network locked. So, we’ve gathered some tips for finding out if people are using your 802.11-based signals as their own, and how you can block them out for good. (Note: Every model of wireless router has a different interface; even those from the same company are different. However, all have similar tools. )

Stop Broadcasting Your Name
Most Wi-Fi routers broadcast the SSID, or Service Set Identifier, by default. This is the name of your wireless network, and broadcasting it is how Wi-Fi-enabled devices, such as laptops and phones, find networks. You can, however, turn off broadcasting. It’s as simple as that. This is not foolproof (and it won’t prevent anyone who already knows
your network’s name from getting online), but it helps keep casual Wi-Fi stealers away. They’ll go for the lower-hanging fruit (e.g. another open network).

If users do have your current network name and you’d rather they didn’t, change the SSID. That will keep the crooks confused, at least for a while. Name it something like “LocalPrecinct212” and maybe they’ll be extra nervous about connecting. Change it frequently to keep them guessing. (This is usually a moot point if encryption is activated.) Keep in mind; if you do turn off broadcasting of your SSID, you make it a giant pain for yourself to add new devices to the network. It may not be worth the hassle.

Limit the IP Addresses
Networks use IP addresses to “talk.” A temporary IP address is assigned to each connected device by the router, using the Dynamic Host Control Protocol (DHCP). This can be a real time saver. However, if you want to take total control of your network, assign static IP addresses of your own to each network device—that means every laptop, phone, game system, and stray geegaw that uses Wi-Fi to get online. Unless you’re a total control freak, this can be more hassle than it’s worth.

The next option: Limit the number of IP addresses the DHCP will dole out. If you know you have six products connected to your network, then only let it assign six addresses. Remember that IP addresses cover wired and wireless products, so you have to include all of your Ethernet-based hardware in that list, which could include desktop PCs, TVs, game consoles, and more.

Finally, most new routers will do a DHCP reservation. This ensures that every time a device connects to the network, it gets the exact same IP address. Without reservations, the address could change. Keeping them the same makes it easier to communicate over the network, especially if you’re using a PC as a server for video to an Xbox or PS3, for example.

Block the MAC
You can check the MAC addresses listed for each device that is talking to your router against the MAC addresses physically stamped on the hardware you own. If you see a MAC listed that doesn’t match your equipment, then you may have a trespasser.

Next, find the MAC Address Filters in your router settings. Tell the router to allow only the MAC addresses you want. This requires entering a new MAC address every time you introduce a new Wi-Fi-based product to your network. Also, this isn’t foolproof, as MAC addresses can be spoofed with the right tools, but that’s usually something serious hackers, not casual wireless crooks, do.

Conversely, your filter may be set to deny access to the MAC addresses you list, like those you know are not your own but appear on your DHCP list.

Encrypt Those Airwaves
Naturally, the best method for preventing people from accessing your network while making it easily accessible to you and your friends is to encrypt it using the well-established Wi-Fi Protected Access (WPA), which comes in all modern network hardware.

However, you may have some old-school products lying around that only support the old and notoriously crackable WEP. You can use that, too, but it will leave your network a bit more vulnerable. It’s still better than nothing. Consider it a closed door with a broken lock; it’s better than no door at all.

You may also have products that use Wi-Fi Protected Setup (WPS). This works with WPA. Push a button on the router, then a corresponding button on a Wi-Fi product, and the two will auto-generate a nigh-invulnerable password that even you don’t know. You’ll just need a master password on the router. Not all Wi-Fi hardware supports this, so you may be better off picking your own super-strong password.

Perform Some Magic
Cisco Network Magic Pro 5.5 ($39.99 direct) remains our Editors’ Choice for home-network activity tracking and more, including intrusion detection. It works with just about any home network (especially those with Cisco and Linksys routers) to help you get stronger and more secure connections. Plus, it gives you a glimpse of who shouldn’t be there in the on-screen network map.

In fact, the latest version uses a home network administration protocol (HNAP) to control security settings on most routers. When it works, it’s a quick way to fix security problems. Some other tools that could help you include Who’s On My WiFi and AirSnare.

Source of Information :  PC Magazine November 2010
How to Cast Out Wi-Fi IntrudersSocialTwist Tell-a-Friend
Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 comments: on "How to Cast Out Wi-Fi Intruders"

Post a Comment