Best way to crack wep . WEP, WPA, and WPS - Which is Best for a Wireless Home ...
Good Wi-Fi security is simple: Enable WPA (ideally WPA2) and set a strong password. Other common tricks for increasing a Wi-Fi networks security can easily be bypassed. They may deter more casual users, but a strong WPA2 password will deter everyone.
Image Credit: Nick Carter on FlickrWEP EncryptionThere are several different types of wireless network encryption, including WEP, WPA, and WPA2. Routers being sold today still ship with option to use WEP encryption this may be necessary if you have very old devices that cant use WPA. WEP can be cracked very easily. WEP prevents people from directly connecting to the network, so its superior to using an open Wi-Fi network. However, anyone that wants access to your network can easily crack the WEP encryption and determine your networks password. Instead of using WEP, ensure youre using WPA2.
If you have old devices that only work with WEP and not WPA such as the original Xbox or Nintendo DS theyre probably due for an upgrade. Hidden SSIDMany routers allow you to hide your wireless networks SSID. However, wireless network names were never designed to be hidden. If you hide your SSID and connect to it manually, your computer will constantly be broadcasting the networks name and looking for it. Even when youre on the other side of your country, your laptop will have no idea if your network is nearby and it will continue trying to find it.
These broadcasts will allow people nearby to determine your networks SSID. Tools for monitoring the wireless traffic in the air can easily detect hidden SSID names. SSID names arent passwords; they just tell your computers and other devices when theyre in range of your wireless network.
Rely on a strong encryption instead of a hidden SSID. Weve busted this myth in the past. For more, read: Debunking Myths: Is Hiding Your Wireless SSID Really More Secure? MAC Address FilteringEvery network interface has a unique ID known as a Media Access Control address, or MAC address. Your laptop, smartphone, tablet, game console everything that supports Wi-Fi has its own MAC address.
Your router probably displays a list of the MAC addresses connected and allows you to restrict access to your network by MAC address. You could connect all your devices to the network, enable MAC address filtering, and only allow the connected MAC addresses access. However, this solution isnt a silver bullet. People within range of your network can sniff your Wi-Fi traffic and view the MAC addresses of the computers connecting. They can then easily change their computers MAC address to an allowed MAC address and connect to your network assuming they know its password. MAC address filtering can provide some security benefits by making it more of a hassle to connect, but you shouldnt rely on this alone.
It also increases the hassles youll experience if you have guests over who want to use your wireless network. Strong WPA2 encryption is still your best bet. Static IP AddressingAnother questionable security tip making the rounds is using static IP addresses. By default, routers provide an integrated DHCP server.
When you connect a computer or any other device to your wireless network, the device asks the router for an IP address and the routers DHCP server gives them one. You could also disable the routers DHCP server. Any device connecting to your wireless network wouldnt automatically receive an IP address.
Youd have to enter an IP address by hand on each device to use the network. Theres no point in doing this. If someone can connect to the wireless network, its trivial for them to set a static IP address on their computer.
In addition to being extremely ineffective, this will make connecting devices to the network more of a hassle. Weak PasswordsWeak passwords are always a problem when it comes to computer security. If youre using WPA2 encryption for your Wi-Fi network, you may think youre safe but you may not be. If youre using a weak password for your WPA2 encryption, it can easily be cracked.
Passwords like password, letmein or abc123 are just as bad as using WEP encryption if not worse. Dont use the minimum password length of 8 characters. Something between 15 to 20 characters should probably be good, but you can go all the way up to 63 characters if you like. You can also create a longer password by using a passphrase, or password phrase a sequence of words, like a sentence. Assuming youre using WPA2 with a strong password, youre all set. You dont have to put up with the hassle of hidden SSIDs, MAC address filtering, and static IP addresses to secure your network.
For more a more in-depth guide to securing your wireless network, read: How To Secure Your Wi-Fi Network Against IntrusionI already use a 25-character pass phrase for my WiFi and its total nonsense at that (no dictionary words). So youd think my network is secure. But I also use the MAC address filter technique too. That way, if someone actually does crack my networks password (pass phrase) then theres still that other hurdle to get past.
But really. The best defense is to just turn off the WiFi if you dont really need/use it. If you can wire all your devices to an Ethernet port then your only invasion point will be from the Internet itself. And thats plenty good reason to keep those firewalls up and system/AV updates always coming in. Because quite frankly, WiFi is the least of your problems if you dont keep up with the regular maintenance
Good tips. One thing to remember is that some routers give an option for encryption algorithm along with the WPA2. (It would be AES or TKIP.) Always be sure to use AES and not TKIP or AKS and TKIP, because TKIP is basically just WPA encryption. Also, there is another good way to help secure your WiFi: subnet masks. The key is not to have more addresses available than you actually need. Lets say you only own two devices set your subnet mask to 255.255.255.252.
This way your network is only big enough for two devices. This is when you turn off your DHCP server when your network is different than what the cracker (not hacker there is a big difference I am a hacker not a cracker) tries to connect A. if there are two devices connected, he/she needs to force one of them off in order to use the network, and B. they will have to try and figure out your network settings. You can also use an obscure subnet such as 192.168.5.X 172.16.12.X (dont use the whole 255.255.0.0 subnet mask mix it up a little), 10.25.19.X, (again, the smaller the subnet mask, the better).
The smaller the subnet mask you use, the harder it is for someone to figure it out. Also, change your default gateway from the default to something in the middle of your subnet. Could someone get past these if they wanted to using wireshark and a decent NIC?
Absolutely Is it a whole lot harder than figuring out MAC addressing filters? Without a doubt. (Also, if you have a RADIUS server sitting in your basement like I do, turn on WPA2 Enterprise that will really mess with your next door script kiddie ask me how I know) ;)I hardly ever comment on these even though I read them virtually every day. I must point out that WPA2 has a large security flaw that can easily be abused no matter how good the password.
There are already well known exploits for this. I am not a hacker ethical or otherwise. I do work as a LVL 3 Server engineer and any statements that I make are of my own and do not reflect that of the company I work for.
I am however concerned about security and stay current with the available news on this from multiple different sources. Now for top security just dont use wireless connection as none of them are secure. If you choose to use it turn it off when you are done.
If turning off the wireless network does not work for you active monitoring is the only other option that you have as at least you can see when people are attacking your network and can choose to unplug or turn off the wireless network at that point. Also know that most people dont know how or care to know how to access your network. For those that do, even a script kiddie can bypass your security. And for the love of all things wrong in IT change the username and password on the router if you do any thing more than leaving the network completely openHi, thank you for the information. I have a wired router and a wireless router. I would love to use the wired router for work, (I work from home), and my personal computers and just use the wireless router occasionally when I use my laptop, tablet or ereader.
I dont know much about networking so at the moment I am just using the wireless access, could you give me information on how to hook the wireless router to the wired router? Both routers are D-Link. I have looked at several books but they all just deal with one or the other type of router. Thank youElizabethJingles, which security flaw are you referring to? I often see people mention how WPA2 is flawed and broken, but few people actually mention what security flaw they are referring to. The only flaw I can think of WPA2 currently is the WPS problem.
If WPS is disabled on the router it doesnt present a risk though. Peter that is a known flaw no matter the security setting you use. As I do not know in depth the information How To Geek would like to mention on here I will avoid an in depth explanation and say. A quick search for WPA2 Reaver will show a well known exploit that is so simple my grandmother could operate. Elizabeth,I dont think this is the best place to get an answer and would preffer to give you my email to resolve that issue as quickly and easily as I could. As that is an egregious thing to do i wont.
I would recommend taking this question to the forums or contacting your ISP (internet service provider). As both of those have befits and risks I can not really recommend one over another. What I can say is that most routers are fairly alike and you should be able to run a cat5/ cat6 (Looks like a large phone cord) from the router to your computer.
This will add no more security but as this fulfills your question it will work. Further you said you work from home, as I do not know if you are a small organization or are part of a large company securing your traffic over the internet should be a much larger concern. And my advice for you if you can is consult the IT department at your company on how to do this.
Jingles:The Reaver exploit is specifically geared towards WPS if WPS is turned off, then Reaver will not work. You could try rainbow tables, word lists, etc. even brute force, but the best security you can have is to use a strong password.
Elizabeth:Its actually pretty easy. There should be a single port labeled WAN or Internet on both routers, and a few ports grouped together (normally with a number above them). Those few ports are switching ports.
I would set up your wired router connected to your modem, and your wireless to your wired. Plug the modem into the WAN or Internet port on the wired router, and then run a cat5 between the switching ports on the wired router, and switching ports on your wireless router. Then configure the wireless router so that the DHCP server (or automatic addressing as some call it) is turned off.
These articles might help you:http://www.instructables.com/id/How-your-home-network-works/http://www.instructables.com/id/How-to-troubleshoot-your-home-network/whoever thinks Im a nerd:I stand by what I wrote 100%, although I did forget to mention to turn off the WPS, however Peter has already mentioned that. Please read RFC 1983 in terms of hacker and cracker before you make yourself look like a fool, because right now all you look like is a troll and a complete idiot. Just so you guys know, this article mostly contradicts the article you linked to at the bottom here for a more in-depth guide to securing your network would be very confusing for someone who wants this information but doesnt quite fully understand wifi securityAgreed, andycidau, but that is to say there is a flaw in the original article. The article offers valid points and is easy to fallow. That is why I commonly use it as a knowledge base for those around me.
That said saying that WPA2 is any more secure is a gross overstatement of terms. For some reason when I post this full comment, it isnt appearing, so I will post it in sections:Jingles:The last time I checked, the reaver exploit was for WPS if that is turned off, then the reaver exploit wouldnt work. There is always an exploit for everything, most of them are pretty easy if you can find them. And lets face it, once they break down the front door, do any of us think that the No Trespassing sign is going to stop them? All you can really do is have a good strong password, use the latest encryption algorithms, install updates, and change your password all the time. There are things you can do to slow them down, but there will always be someone someplace that can get past it.
Jingles, I believe that thegeekkid is correct about WPS. If WPS is turned off on the router, then it cant be exploited at all. Also, there are several different ways to implement WPS and only a few of them are insecure. Unfortunately, they are also the easiest ways to implement WPS so most router manufacturers were unfortunately vulnerable. With WPS disabled, the only (publicly) known way to break into a WPA2 network is by brute forcing the key.
With a sufficiently long/complex enough key its not going to be brute forced easily even using some of the cloud computing cracking techniques that have been in the news the last few months. I am not trying to go into this to deeply but i can if need be. Though I feel there are better places for it and would love to engage the topic there. And I was referencing Reaver a jump off point for those who choose to learn more canThat said strong passwords for both the wireless connection and on the router and a bit of monitoring the activity on your network are best for a large amount of readers. +1Jingles last comment. I was a little confused about why you were posting about Reaver thanks for clearing that up.
My last job involved quite a bit of ethical hacking. Granted, I havent done much in the last year with it, but you cant tell me its changed that much in the last year. ;)I have pen-tested numerous routers with WPS and have found that passphrases typically appear within 30 seconds to 24 hours tops. Most ISP provided wifi/router combos come with pre-defined generic WPS pins putting them in the #1 category of garbage to own. Something not mentioned in the article is third party firmware. Typically you cannot shut off WPS on a lot of routers but 3rd party firmware can make this easier.
Disabling wifi is a great solution but very crippling. The bottom line is one should plan out their security. If a script kiddie bypasses the WPS in 1hr and then there is no further security in place, they would be a lot more inclined to continue their attack. Now if you had disabled WPS, filtered MACs, limited subnets, obscure IP ranges, Intusion Detection, proxies and so on, the only ones that will be interested in continuing the attacks are the ones who are determined and gifted. I wouldnt sweat your network security that much, if there is a will, there is a way. Short of going offline, there is not much you can do to stop the determined.
There are more security steps to take on individual computers that are out of the scope of this topic. Forgot to mention, that with those extra security steps, you could easily increase an attack length from 30 seconds to 3 months or possibly longer. Mind you, with a few good CUDA GPUs, you would be back down to a matter of days, even with a 25 character passphrase.
+1Out_Cold I couldnt have said it better myself :)One other thing too that I just thought about with the third party firmware (such as DD-WRT; which is what I use), you can limit the power that you AP emits. If you limit the power so it only works in your house and not anywhere outside of your house, you severely limit the script kiddies and some war drivers. (There are ways even around this I have a wireless NIC that can pick up networks from a pretty decent distance but at that point you are limiting them by what hardware they have not their skills.)I agree with many of you above, 1) if a determined hacker want to hack you, you can not stop him, unless you unplug your host, and bury it in a led container somewhere.
2) all you can do is slow the determined ones down, and monitor your network. 3) you can prevent your network being an easy target, and most people will leave you alone, unless you are wide open. 4) turning off wifi is not practical for people with phones, tabs etc, but what you can do is to segregate the wireless network.
we have a separate isp that we use for wifi, and another for LAN.. separate firewalls, separate networks. I never in my life could understand the need for hackers, or the need of hacking, after all every one of those makes a very good programmer in his/her own right and is capable of producing excellent programs for sale or to give away, programs that would/will enrich the humanity and make the living a little bit more bearable for all. Than why hack???
and make other peoples life miserable??? Just adding my 0.02 (US) to the mix.. Expanding on something thegeekkid said: A friend of mine was unable to use his wwi-fi in his own apartment because the sheetrock in the walls embedded with wire mesh, a bit finer than chicken fence.
This gives rise to an idea for keeping your signals mostly in-house: If you are building or remodeling, put some wire-mesh embedded sheetrock on all walls that enclose the house but not on internal walls. You have wire screens on