Henry Dalziel | General Hacking Posts, Hacker Hotshots | March 12, 2013
Update! We’ve updated this post by making a Hacking Tools Wifi List (i.e. a list of Wireless Hacking Tools that are popular amongst hackers and pentesters.
Here’s our Concise Courses 2013 “how to” firm up your Wireless network guide. This guide contains our favourite methods how to firm up your wireless network, router and connection to the interwebs.
The inspiration and research for this post came from our own in-house team (ok, it was really one person, thanks Lily!) and from our beloved Hacker Hotshots crew. Seriously, just take a look at the quality and scope of our Hacker Hotshot presenters and their titles, there’s bound to be some infosec content that you’d benefit from. Research comes from Raspberry Pi hackers, social engineering experts and mobile phone hackers.
Quit yer jabbering and show me the guide
First on the list is to use strong encryption. Duh. Sounds obvious but hey, was it obvious to you how to tie your first shoe laces? No, mamma had to tell you. Well Uncle Concise Courses is now telling you about the vital importance of firming up your encryption method. Your not using WEP right? Right!? Good, I’m glad no one said yes because our audience are way too savvy to still be using WEP. If your using WPA then upgrade it to WPA2. Security pentesting tools like Reaver and of course the aircrack-ng suite will instantly crack WEP. (Incidentally we recently blogged about our two recommended videos from YouTube on WEP and WPA cracking).
Second on our world famous “how to secure your wireless network series” is to hide your SSID. Yes, we know that a determined hacker or wireless expert can still find your network ID, but it will deter the script kiddie who is out to steal your connection so that he or she can illegally download the entire boxset of Glee. Hiding your SSID is a bit like hiding your front door key under your welcome mat outside your home, but doing something is better than doing nothing.
Third on our list is to create a strong password. Make your Wireless password completely unique and please tell me you have changed it from your home phone number or cell phone number? Comcast do that by the default when they install your broadband for example.
Combining random words is often quoted as being a solid way to create an “unbreakable” password. By unbreakable we refer to the password being safe against automated scripts and tools like the brute force attack. For example by simply using three random words as your password it would take (on average) 1,163,900 years using a brute-force method to crack your wireless encrypted password.
And lastly, fourth on our list is to consider or re-think your authentication strategy. If you have a WPA2-PSK enabled wireless network then everyone will share the same password. That password might have been shared with contractors, freelancers etc. If that sounds like you then you might want to consider beefing up your wireless network by using a certificate-based authentication mechanism or RADIUS. That way each user on the network will have their own security credentials.
That’s it. That was our (rather basic) 2013 wireless top-five security tips. What would you add to this list?