Wifi Security Primer: What You Really Need To Know

In the early days of the internet security really wasn't much of a problem. Internet connectivity was maintained through the use of modems and telephone land lines. Security was fairly easy to take care of then, for a hacker to take control of your computer or gain access to the files you didn't want seen, they had to almost be connected directly to your machine or have a wiretap in place.

But, as technology advances, we find that there are always those unscrupulous people who will try to exploit and steal anything they can. Such is the case with wireless internet access. In the starting days the developers realized the possibility, and built in some protections, but as they develop the new protections they are repeatedly beaten down. In this article we will discuss the ways of securing your wireless connection, and how to tell if your wireless has been hacked.

The Local Area Network (LAN) in your home consists of a modem, which will be connected to the internet through a cable, and to your wireless router by a cable. Your LAN will have all the computers, printers, and any other peripherals connected together. The wireless router will contain a list of the allowed clients, guests, and peripherals called the Dynamic Host Client Protocol (DHCP.)

Every device designed to have access to a LAN will have a built in Media Access Control (MAC) address that they will broadcast to the LAN when connected to it. These MAC addresses can be considered like a signature...each is different, but all are subject to forgeries. Called MAC spoofing, faking a MAC address is a very simple thing for most hackers. Your router will use these MAC addresses to assign IP addresses to every MAC on your LAN.

When you installed and first set up your wireless router, you may have been given the option of setting up the Wireless Encryption Protocol key (WEP.) This key can be anywhere from 8 to 25 digits, and if you set it up you have to use it every time you log on to the internet. While this is a good deterrent for the casual hacker looking to surf, the video I embedded in this hub will demonstrate how easily...and fast WEP can be exploited.

Wifi Protected Access (WPA, or WPA2) is a more secure way of keeping intruders off of your connection or LAN. Unlike WEP though, WPA uses a different kind of authentication process, and the “handshake,” or the file that contains the encrypted password is only transmitted one time. In order to get the “handshake” the hacker must make you log off the internet, or reboot your computer, in order to catch you when you log back on. Then the hacker can use what is called a “dictionary attack” to find the password contained in the file. This can be a very time, (and resource) consuming process, so many hackers won't even attempt to hack a WPA secured network.

Another method of security that is becoming much more popular along with WPA is the use of hiding your SSID, or Service Set Identifier. This is the name you gave your router or network, mine is Vic-N-Shel's Home. This SSID is always transmitted by your router, into the atmosphere...but, it doesn't have to be. If a hacker doesn't have this there is no way to log on to your wireless...but there ways around this too.

DHCP assignment is another way of securing you network, but it isn't easily accomplished. You must have the MAC addresses for all the equipment you will have connected...laptops, printers, desktops, etc. To do this I would recommend you find a person comfortable with setting this up for you. It is easily goofed up and in the end you could create a situation where nobody has access to the internet.

Personally, I never keep anything I couldn't afford to lose on my computer. There is no banking accounts, or financial information kept on any of my machines. But not everyone can do this. I keep an unsecured network connection in my home...it helps the neighbors that DO keep their information on their computer. If there's one easy connection, hackers will be lazy and take the easy route.

If you can't keep an unsecured network, or don't want to, here are my recommendations:

1. Use WPA/WPA2 security with a password at least 8 digits long. A dictionary attack on something like this could conceivably take weeks or months.

2. Hide your SSID. This can be beaten, but it's not very easy.

3. If you think you have been hacked, change the password. Also, get monitoring software, it's cheap (free in most cases) and you will know when someone unauthorized is on.

4. Dictionary attacks rely on a fixed set of words, and there are a lot of hacker dictionaries and brute force materials available to the hacker. Using oddball characters in the password helps reduce the chances that the dictionaries will have your password. Use things like “3's” for the “E” or a “1” in place of an “I.”

Wireless internet access is inherently insecure, so there are no real guarantees that you cannot be hacked. It falls back to the old saying about keeping honest people honest. But, these steps will serve to keep all but the very best hackers out. Using any two of the protocols I outlined above in combination with each other will be sure to keep your personal LAN secured and hack free.

Really the best way to be secure is to use a VPN - or a Virtual Private Network which we will get into in another hub. To learn about about VPNs visit this site VPN Reviews