Thursday, August 27, 2009

Secure Your Wireless Router

Another one of wireless encryption techniques can be broken: WPA/TKIP. The other one, long considered insecure, is WEP. While the weakness of WPA/TKIP does not directly affect the majority of users, another vulnerability does: few wireless routers are properly secured with wireless encryption and strong passwords.

The recipe is simple:
  1. Set a strong administrative password
  2. Enable WPA2 or WPA/AES encryption
  3. Change your SSID and disable its broadcast
  4. Disable remote administration
  5. Record the password, WPA pass phrase, and the SSID in at least two safe places. If the router is used in a business, add a "wireless settings" page to the network/server documentation and record the information there.
These steps will easily close 99% of the router's attack surface: make it harder to find by strangers, virtually impossible to listen in to, or gain access to the administrative settings.

Wireless routers are common attack targets for the simple reason that you don't have to have physical access to the device in order to probe its defenses. On top of it, most wireless routers are shipped in insecure and vulnerable configurations: easily guessable administrative passwords, easily discoverable, no encryption. Securing a wireless router is important not only to protect your sensitive data, but also to protect it against potential infection where your network and computers can be used to to launch attacks at others.

DV411 Digital Signage Solutions