How Do I Know My Secure Wireless Network Really IS Secure?
 

I joined the 21st century last week and got high speed internet at my house - Verizon FIOS to be specific. The product came with a wireless router so I can use my laptop throughout my house. Thus far, I'm quite happy with their product, as it more than meets my simple needs.

I spoke with their tech support folks and set up the router with a security key (or whatever the technical term is) that's supposed to keep my wireless network secure and keep my neighbors or random people walking or riding down the street from being able to use my wireless connection. I'm also running McAfee's security product which has a firewall, spam blocker, etc.

When I check my wireless network connection, I see a message saying that the network is secure, but, short of having a friend come over and try to log onto my network, how do I really know that my system's secure? And is it possible for me to see if others are trying to hack onto my network?

Thanks in advance for the help and suggestions.

Well, no security is 100% secure. But if you're using WPA, it's about as secure as you can make it.

A little background: there are three encryption methods commonly used in wireless devices.

WEP (wired equivalent privacy) has two strengths, 64- and 128-bit. Either of these are sufficient to keep out casual or innocent bystanders. And they're supported by "all" access points and interface cards. WEP came first and was touted as being unbreakable. However, it quickly turned out to be breakable, and there are numerous programs available in hacker-land to break it, given access to a few hours' worth of packets.

WPA came later, and is (still) quite secure. If there is a hack for it, it's not widely available. But it's only supported by newer devices. My two-year-old Netgear WGR614 doesn't support it, but my new Belkin Pre-N does.

If you're really concerned about security, there are a couple of other simple measures you can take. Both make it a little less convenient for authorized computers to join the network; they also make it much tougher to get unauthorized access.

First, you can turn off "broadcast SSID". SSID is the name of your network, and a lot of people leave it set to the default. That's why you'll often see "netgear" and "linksys" networks at the airport and hotels. If you turn off SSID, then any computer wanting to join the network will have to manually enter the SSID instead of just obtaining it from the airwaves.

Second, you can allow only designated computers to join the network. Each computer has a unique number, called the MAC ID. Most routers will allow you to set up a list of which MAC IDs are allowed to join the network. The easiest way to do this is to look at the router's log and see which ones are currently on the network. Then add these to your allowed list and then turn on your MAC ID filtering.

If you use WPA, MAC filtering and turn off SSID, you'll be secure from all but the most determined intruders.

FIOS..Wow I am jealous. Not to hijack the thread, but can you provide a short review on how your Fiber To The Home Service is working and what is included?

Sure thing. I've only had FIOS for a week, so I haven't really put it through its paces yet, but so far, so good. The speed is great (to me). I'd say it rivals whatever I have at work. I type in "Google" in the IE address bar, hit enter, and up it pops, almost instantaneously. The wireless network seems great, too, though I need to wander the house a bit more to see how the signal strength changes as I get farther from the source. But, when I work from the comfort of my couch, a mere 20 feet or so from the router, the signal and response time is great. Hard to believe that I adhered to the (albeit free) dial-up service for the last six months since I bought my laptop.

Anyhow, as for what's included, I got a wireless router and free installation, which takes about 3-4 hours, as they have to switch the phone line from the pole to your house from copper (or whatever they use) to fiber optic cable. This provides a feed for the phone line and the internet connection. They are supposed to provide TV service through the same line someday, but I'll believe it when I see it. They also have to install a new jack inside the house, and provide a power source for the system (with a battery backup so you still get phone service if the power goes out). It's not a disruptive installation, but it takes some time to make the conversion.

I think the free installation is a current promotion, since FIOS is still fairly new (at least here in Westchester) so they're eager to introduce it to consumers.

I don't know the specifics of the connection speed, but 5-something (download) rings a bell and 2-something (up) also jogs my memory. As I said above, it's more than fast enough for me, but I'm sure more technical people or data-intensive users could find fault with it. It works for what I do, which is mostly surfing the net, getting e-mail and sending photos of jr. dchristiva to his grandparents and great-grandmother. Oh, and my spouse sends an occassional document to/from herself at work.

The phone connection was supposed to get better, but I'm a little suspicious about that, as I perceive a little worse quality than before and my wife asked me about an echo after one call. So the jury's still out on the phone service side of FIOS. Could be that our phone is bad, as it's taken some recent beatings from my 1-year old son, who's addicted to the thing and has an uncanny ability to tell the real thing from a fake when I try to give him an old cordless handset.

If you want to know more, feel free to ask. So far, so good though. And all for $34.95/month (internet only). I pay another $40-$45/mo. for the phone service, which includes unlimted local & long distance calling.

I know that the price can be beaten elsewhere, especially if you go with VOIP or Optimum Online, who offers phone, TV and internet for about $100 (or less) per month, but it works for me. I've got a 30-day period to try out FIOS and then I have a one-year commitment, but I can live with that.

MAC IDs can be spoofed so even though you set your router's firewall to allow certain MAC IDs it isn't fool proof.

Okay, I'm stumped (not hard to do). How can I make changes to my router's firewall settings or see the log?

Who makes your router?

for Linksys -- http://192.168.15.1
for D-Link -- http://192.168.0.1

what is your primary concern?
 

people accessing the network, or your data being captured and accessed?

For the first one, what is posted here is fine, MAC address filtering, turn off SSID broadcast, some newer routers will allow WIFI "schedules" meaing, you can have it on for say 07:00-22:00 say, and other times it won't work at all.

As for data integrity flying through the air, WPA is fine, a VPN to a server in the house would be even better, or use a service like JIWIRE to encrypt the data further acting as a proxy for your traffic, or the free google WIFI secure access client, I use it at home just as an extra step, works fine.

JIWIRE is 4.95 a month, google secure access is free, but I find at some hotspots it doesn't work as well.

Thanks for the reply. I suppose my concern involves both points, but mainly folks accessing my network undetected. That said, I do have concerns about data being intercepted, as I do use applications that require passwords and such and wouldn't want that information to fall into the wrong hands.

I've got a healthy dose of paranoia, but I think the answers here satisfy my concerns.

so,
 

I would setup WPA, use the google secure access client, and that should be enough.

It would take a lot of packet sniffing to get enough data, to review and crack, or to unscramble the encrypted data stream.

of course, using the google secure access, there will be nothing to be gotten, and it is an IPSEC encryption,

cNet (my absolute favorite tech site) has a layman's article about data interception over wireless networks:

http://reviews.cnet.com/4520-3513_7-...1.html?tag=txt

and some info on securing wireless networks (click on the tabs for more info):

http://www.cnet.com/4520-7390_1-6244167-4.html?tag=tab

The linksys would more likely be http://192.168.1.1

And for Belkin http://192.168.2.1

With the proviso that this is not my territory, isn't the MAC ID only the unique number of the cable modem, not of the computer itself? Media Access Control ID? (Bad enough privacy advocates had to worry about those pesky Pentium ID numbers that could be turned on surreptitiously by web sites. :rolleyes: ) Anyhow, your explanation is clear enough in context, only that the clause itself gave me pause. :confused:
:)

every device
 

every networkable device has a UNIQUE MAC ID assigned to it. You laptop, will have an ethernet card, with a MAC ID, if your laptop has a WIRELESS card, it TOO will have ANOTHER UNIQUE MAC ID. The router will have a UNIQUE MAC ID, and the cable modem will have another ID.

If using MAC address filtering for the WIRELESS side of the network/router access, it is only necessary to put in the WIRELESS CARD MAC ID for the laptop. Then, only THOSE MAC id's will have access. If you have a pocketpc, or palm device with WIFI, it will have to be put in too, in order to access the router if you choose to turn on MAC ADDRESS filtering.

This has nothing to do with the physical router PORTS that are on the back of the router, they are not filtered in this way. I like this step for filtering traffic in high traffic areas, since without the proper MAC id, a user may see the access point but will not be able to access it, and they will move on to another.