An improperly configured wireless network can present massive consequences for anyone. Consequences can range from freeloaders using your internet – to malware, data theft, and liability for illegal activity. If your network is left open and unsecured, you are practically inviting freeloaders to use your internet; you wouldn’t leave your doors open and unlocked at night, would you? You might know your neighbors well, but you do not want to be responsible for them or their kids downloading movies on your network. More dedicated hackers would prey on networks might prey on wireless networks using old weak encryption or might even try to guess weak and common passwords regardless of what kind of encryption you are using.
Methods of Attack
You should not only worry about those who live around you, there is a method called ‘wardriving’ that hackers use to prey on wireless networks. Wardriving involves people driving around, searching for and trying to gain access to networks while in a vehicle. Obviously open networks can be joined with ease, however there are more complex methods for more knowledgeable hackers. They use software such as Aircrack to obtain a handshake with a wireless network. The handshake is the exchange of the encrypted key between the client and the wireless router. The handshake is retrieved by sending de-authentication packets to disconnect devices from the wireless network; they then wait for a device to reconnect (most will automatically). Once a device attempts to reconnect, Aircrack captures the handshake as a .CAP file. The .CAP file can then be cracked with Aircrack using the CPU or converted to another format to crack, using a more efficient method, such as GPU cracking with software like Hashcat. There are many different methods to cracking passwords such as bruteforce, dictionary, or mask attacks. Bruteforcing will try keep trying random combinations of letters, numbers, and symbols until it properly guesses the correct password. Dictionaries can have millions of words, common passwords, or even default router passwords inside of them. Mask attacks allow someone to specify the parameters of the password that they want to bruteforce, this includes: length, type of characters, or a part of the password that they know. These methods can work extremely well when used in unison with one another, cracking even short complex passwords rather quickly.
Preventative Measures and Configuration
Something that I did not mention above: you should disable the WPS function of your router. There are methods to gain access to a router using the WPS, without even cracking the handshake; this can be completely remedied by disabling WPS. To stop wardrivers, freeloaders, and password crackers; all it takes is a proper and secure wireless network configuration. To start, it is important to change your router administrator password once you log in to your router. To access your router, you will need to access it via web browser, usually 192.168.1.1, but it varies model to model. The password should be complex, but also something you can remember so you can log back in whenever you need to. Once you have done that, the next thing you need to do is set up your SSID (the SSID can be anything you want it to be under 32 characters) and enable encryption. For me the best options were WPA2-PSK and AES encryption, which is the most secure WPA2 encryption. It is also necessary to change the WPA2 password key to something complex. It should be between 8 and 63 characters in length (the longer the better); mixed numbers, letters(upper/lower), and characters. Also, NO WORDS, passwords with words inside of them are substantially easier to crack as I explained earlier.
You may also choose to disable SSID broadcasting, but I chose not to do this because there aren’t any real benefits for a properly configured secure wireless network in my opinion. If you have a multiple band router, ensure that you repeat the steps with each wireless access point. When you’re sure that you’ve securely configured your router make sure to save the settings and log out. Once you’ve followed these steps you should have a secure router!