Wireless Security

From experience (and analyzing the airwaves), quite a number of people ignore security when they get their wireless networks setup. Well, all that security is inconvenient I suppose but do you know how far your wireless access point or router transmits to? This is more apparent in a condominium or apartment setup where you not only have neighbors beside you, you also have to worry about neighbors above and below you. At one point, before I moved to a house, I could pick up networks three floors up. While the signal strength is not good, breaking into it was simple was it used WEP and a five character password.
More than half my surrounding networks at that point had no security! and worse still, many still had their default linksys, dlink or belkin setup IP addresses, usernames and passwords! I taught someone a lesson by changing his wireless router password and within a few days, the router got setup with WPA.
WPA itself is not invulnerable and I’ve successfully got into a few WPA networks around my condo unit with BackTrack because their WPA passwords were nothing more than simple strings like “linksys” or “mynetwork”.
Anyways, after I got my soon-to-be-replaced Belkin wireless router up, I went around my house with inSSIDer and kismet. What you see below is inSSIDer’s scan of my neighborhood. First thing I normally do is to lower the transmit power to ensure my router doesn’t broadcast further than my main gate. My Belkin router doesn’t do that but it’s going to be replaced in a few days so no worries. Secondly, to ensure good connectivity, you make sure there’s no channel overlaps. You can see my hopefaithandlove network all by itself on channel 1. You also can see most other networks have none (gasp!) or purely WEP security. Finally, I normally make the WPA2 key long enough. My method is to pick a favorite verse from the bible. If you want tighter security, don’t leave spaces, substitute occasional numbers for alphabets, and perhaps throw in a Greek or Yiddish word in the process! Better still if you have more resources, go with WPA-Enterprise with a Radius authentication server… client certificates, the works! Ah, a totally different ballgame. For me, I stick to WPA2, put my wireless on a separate VLAN so that if someone gets into my wireless network, all they can do is get to the internet. Not good but better than having the ability to hit my main PC or File server.