Since 2001, with the introduction of 802.11a/b, wireless has rapidly become the new standard in home networking. Unfortunately as demonstrated in my previous article "Cracking WEP Encryption" if you use inadequate security your private data including network shares, passwords etc are all at risk.

Therefore I thought I would share three simple steps that should be taken to ensure your wireless network stays secure and your private data does not fall into the wrong hands.

Step 1: Encryption

The first stage is to encrypt the data being sent over your wireless network. It still amazes me how many people send their data in clear text or rely upon the old/broken Wired Equivalent Privacy (WEP). My recommendation is to use either WPA or WPA2 (WPA2 wherever possible). WPA stands for Wi-Fi Protected Access and was released in response to the major weaknesses found in WEP. WPA2 superseeded WPA and is a mandatory element of 802.11i. In particular, it introduces a new AES-based algorithm known as CCMP, which is considered fully secure.

To configure WPA you will need to enable it on your wireless router and enter a secure password. Please remember security proceedures are only as good as your password so make sure you mix charatures with numbers, special characters and and change the case.

Shown below is screenshot of WPA2 being configured on an Apple Airport Extreme.

Once configured all users will need to enter the WPA2 password before they can join the wireless network. Also any data being sent over the network will be encrypted, putting a stop to any privacy issues.

Step 2: Hide Your SSID

SSID stands for Service Set Identifier, it is basically the name of your wireless network that is broadcast out for people to connect to. Although just hiding your SSID alone should not be considered secure, it can help reduce attacks as the attacker will have to know the network is there before attempting to break-in.

The screenshot below shows how to hide your SSID on an Apple Airport Extreme. Simply select "Create a Closed Network".

Please note that once your SSID is hidden anyone that wants to connect to your network will need to manually type the network name in, instead of simply being able to search for it.

Step 3: Access Control Lists

The final step to secure your wireless network is to configure some access control lists. These specify what devices are allowed to connect to your network and for how long. Access lists of this type use Physical Addresses (MAC Addresses). Every device with a network card has its own unique MAC address. To find out your MAC address on a Mac simply open "Network Preferences" select your Airport card and click "Advance" you will then see the "Airport ID" shown at the bottom, this is your Mac's MAC address. On Windows the easiest way is to open the command line by selecting "Run" and typing "cmd", then from the command prompt type "ipconfig /all" this will display all your network cards and their specific MAC addresses. Use the address that relates to your wireless card.

Once you have the device's MAC address you need to add it to the approved list on your wireless device and enable access control list's. The screenshot below shows the access control lists being configured on an Apple Airport Extreme.

Each time you want to add a new device to the network you will need to add their MAC address to your wireless router. If you do not, the new device will receive an error when connecting.

It still amazes me how many wireless networks are left completely open or still rely upon Wired Equivalent Privacy (WEP) encryption.

WEP was introduced in 1997 with the aim to provide equal levels of confidentiality as traditional wired networks. Unfortunately, by early 2001, a security weakness was discovered that allowed WEP to be cracked in just a few minutes, to make matters worse software is now available that makes the whole process no more then a few clicks.

Introducing KisMAC for Mac OS X. KisMac is an open source and free stumbler/scanner application which can also be used to crack WEP encryption.

One thing to note is that KisMac does not have a compatible driver for the standard Apple Airport wireless, therefore you will need to purchase a compatible wireless card before proceeding. Be sure to check the "KisMac compatible hardware list" for further details.

Once you have a compatible wireless card attached you need to select a compatible driver, from the menu bar select "Preferences > Driver" and pick the compatible driver shown in the list. Once complete click "Start Scan" from the bottom right hand corner of the KisMac main menu.

Once the scan has completed choose the WEP encrypted wireless network you want to crack, and from the menu bar select "network > Deauthenticate". Once complete select, again from the menu bar, "Network > Reinject packets". Finally once the "Unique IVs" number is high enough, you can select "Network > Crack" from the menu bar and pick your attack method.

To download KisMac for free head over to the KisMac wiki.

Please note, I don't advise anyone uses this software to crack a WEP encrypted wireless network. This article is simply designed to show how easy the process is and provide additional evidence that no one should be using WEP to secure their wireless network.