Wireless Security Initial Concepts

Wireless security is an important part of your wireless network Without even getting Wireless Security into wired Wired Equivalent Privacy (WEP) there are certain things you can do to make your network secure and shut down the easy avenue for the hacker attacks.

An acronym for Wired Equivalent Privacy, WEP is an encryption scheme used to protect your wireless data communications.

WEP uses a combination of 40-bit keys to provide access control to your network and encryption security for every data transmission. To decode a data transmission, each wireless client on the network must use an identical 64 or 128-bit key.

Securing Wireless Networks

Ever since 2001, the use of wireless networks has exploded both in home and corporate environments. By 2006, more than 80 millions wireless local area network (WLAN) nodes should be in the hands of residential and business users combined.

Securing WLANs has been a concern almost since their inception and while much progress has been made with the introduction of WEP and WPA, both have been shown to have their own weaknesses or implementation issues.

While 802.11i is said to improve upon WEP and WPA, it is not yet commercially available and it may prove over time to have its own weaknesses as well.

There are wireless security steps that network administrators and home users alike may take to augment the security of their wireless networks, and discussing some of these steps is the purpose of this site.

None of these steps is intended as a replacement to WEP or WPA, but rather as a complement. Many of these steps do not apply to public hot spots, however, as it is generally the intent of the spot’s owner or operator to make access as easy and convenient as possible.  After all we use our networks for an increasing amount of our lives from entertainment to household and financial management.

Just have a look at this video which demonstrates how an ex-pat has turned their wireless network into a home entertainment portal. Although the channels listed are not accessible outside the uK by relaying through a third party server you can hide your location. It’s doesn’t always work but there are solutions you can see – Netflix America in UK. It’s an example why a fast, secure wireless network has become something of a necessity in the modern world.

Please remember that computer security is a complex issue and it would take volumes just to explain all of the ins and outs, but if you take some precaution to secure your wireless home network, you’ll have a basic understanding of this technology and a excellent start.

Quick Tip: All wireless devices must use the same WEP key!

Adapters and access point and other equipment all come with a default password and other settings – You should quickly change these values. Leaving these default values unchanged, just invites trouble, remember this is your private network, but the airwaves are public and the door is open to anyone that’s up to no good.

The most important values to change are the SSID, make sure this setting is the same for all devices in your wireless network.
A few things you can do to make your SSID more secure

  • Make it unique
  • Change it regularly
  • Disable SSID Broadcast

The SSID (Short for service set identifier) also referred to as a network name because essentially it is a name that identifies a wireless network.

Is the unique name shared among all devices in a wireless network. The SSID must be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32 alphanumeric characters, which may be any keyboard character.

Quick Tip: It is important to note, however, that using the manufacturer’s default SSID, makes it easier for hackers or individuals to identify the access point’s manufacturer and look for specific weaknesses that may be used to gain unauthorized access or deny others access.

Make sure this setting is the same for all devices in your wireless network to insure Wireless security, I recommend that you change the default SSID to a unique name of your choice.

Disabling SSID broadcasting can be a useful security feature. However, when SSID broadcasting is disabled, Wireless site survey tools such as Windows XP’s Zero Configuration utility will not function.

It is best to disable the SSID broadcast until you have configured all of your wireless network clients.

Additional Reading: British TV Abroad, James Collins.

Wireless Network Traffic -The Basics

For 802.11b and 802.11g products use the radio frequency in the 2.4Gz band the band used by cordless phones, The 802.11a products use the 5.8Gh band used by the less common group of phones The 11Mps and 54Mps are not what you actually get.

Typical wireless speeds for 802.11b products is about 4-5 Mbps and the 802.11g have an capacity of about 20Mbps and the 802.11a are about 22Mbps.

Just about enough speed for modern applications for example watching BBC TV abroad like in this video.

It’s not uncommon in the computer industry to exaggerate a little about the speed of their devices, after all is a 17-inch monitor really 17 inches, a 80GB disk drive 80 Gigs and I know that modem of yours doesn’t deliver 56Kbps bits to your computer.

The main reason for the wireless speeds inflated rating is that some of it is taken by overhead, and even these lower capacities can be limited by distance-walls and other environmental conditions.

Dual-Band

54 Mbps and 11 Mbps, 8+3 non-overlapping channels, 64 users per access point, 2.4 GHz and 5 GHz Dual-band products – Linksys – WPC55AG – 54Mbps 802.11g/b/a Wireless Cardbus Adapter are a good choice in environments that are just getting started with 802.11b networks but expect that faster speeds will soon be needed.

Dual-band products offer both 802.11b and 802.11a functionality, in both PC Cards USB ports and AP products, enabling WLANs that can accept both types of clients. Dual-band clients automatically search for the best connection as users roam throughout the office or campus environment. Dual-band offers the best of both worlds.

Benefits

Simultaneous operation: Both 802.11a and 802.11b technologies operate side-by-side, without interference. Users can select either band, or both.

Enhanced roaming

The same WLAN adapter can be used in more places, such as home, work, and public hot spots, without configuration changes. Highest density: Up to 11 channels from both protocols are available, supporting more users.

Protects WLAN investment, supports both high- and low-speed network devices. Easier administration: Dual-band units combine two technologies into one, easing administration and support costs in environments where both types of devices are needed. Less interference: Devices have more channel options available.

Many dual-band products feature improved security capabilities, enhancing the WEP standard and offering additional functions such as MAC address filtering.

Where It Should Be Used

Dual-band products offer the best of both worlds

Anywhere there is an existing WLAN infrastructure that may need to accommodate both 802.11a and 802.11b USB devices. Will also support 802.11g devices. Density: Wherever maximum density is needed, dual-band is the right solution. Dual-band products have more channels (11), so they can support more users. This can result in a lower deployment costs.

Flexibility

Dual-band offers maximum wireless speed and maximum range. A single configuration can support both network protocols, reducing the need to support multiple environments or reconfigure client devices as users move between them. This results in lower support costs.

Examples

Include businesses where offices are co-located with warehouses, large campus environments, people traveling between multiple WLAN network types, or any organization that wants to extend existing WLAN to support the other protocol.

Further Reading:
Presentation Tools: Create Videos Quickly

Confused About Wireless Speeds – Standards Archive

Confused about wireless speeds, on your wireless home computer let me explain. All of the important standards are know by Wi-Fi the standards are themselves maintained by a association called Wireless Ethernet Compatibility Alliance (WECA) interoperability among the various products is a good thing.

One of the first standard to hit the market and still the most popular is called 802.11b with a rated speed of 11 Mbps – mega bits per second A standard for 802.11a, it is rated at 54Mbps – 25 Mbps – when .11b is not present and yes, “b” came before “a”

The newest product on the block with an increase in wireless speed 802.11g which is rated at 54Mbp unless you install a 802.11b card (11Mbps) , then the speed drops to the slowest device 802.11b, but they are compatible with 802.11b network interface (NIC) cards.

They should also have no problems or issues with using standard protocols such as TCP/IP which has a reliable connection and delivery protocol.  You can use them on servers and multihomed devices such as rotating proxies

Because of backward compatibility, older and slower 802.11b radio cards can interface directly with an 802.11g access point and vice versa at 11Mbps or lower wireless speeds , depending upon the range.

Quick Tip: The wireless speed gold standard is*802.11g – – the newest, fastest and most powerful kid on the block 802.11 radio technology that broadens bandwidths to 54 Mbps within the 2.4 GHz band.

In other words the two standards work together fine. But if I where installing a new wireless network or adding new wireless pc’s I would use the *802.11g for all of my computers.

We all like speed and no matter how fast we can go, on line or off , we still want to do it faster. When I moved my ISP account from the basic dial up modem (56Kbs) and replaced it with Cable I was one happy computer guy.  Let’s be honest those days are long gone and little basic modems wouldn’t keep up with even a very basic static web site now.

Most people now expect to be able to stream directly irrespective of which device they’re on.  How many of us have sat in a cafe or on a bus streaming HD quality video to the small phone in our hand, this takes a serious amount of bandwidth even if you have access to a 4G network.  I know for a fact that many people on my early morning train sit and watch the BBC on a VPN (we’re outside UK) using the wireless access point provided on the train.

Quick Tip: Troubleshooting cabling performance If you’re experiencing connection problems- check the following

So as far as wireless speed and wired networks are concerned…

    • Look for sources of interference, such as power outlets, fluorescent lights, power supplies, and coiled or extra-long cables.
    • Make sure all cable connections are secure. Check the link light on the network card – Nic – the devices you are connecting with each cable.
    • Make sure you have used the correct type of cables, either straight-through or crossover. Check hardware setup instructions to verify which cable you might need.
    • Be sure that you have not used a telephone cable in an Ethernet cable port.

The speed chain of command goes like this…

  • Fiber optic cable Uses light 186,000 MilesPsec, that’s fast The speed of light depends on the material that the light moves through – for example: light moves slower in water – glass and through the atmosphere than in a vacuum
  • Coaxial cable uses shielding to keep the signal focused and RG-6 & Cat. 5E 350MHz Dual Cableuses shielding to keep the signal focusedl reduces interference
  • Twisted pair Most commonly used in wired networks – UTP Cat 5e twists the pairs around each other to reduce interference and reinforce the signal

How to Activate Hotstar in UK or USA

For those of us who grew up with the internet or should I say grew with the internet then the increasing amount of filtering and censorship is somewhat worrying. I remember it wasn’t always the same. A memory comes to mind of about 1997 firing up my 486 computer, clicking on that connect button and listening to my 14.4k modem beep and click as it made my internet connection. There was still that excitement and wonder of connecting to a different world, a little device which enabled free communication with people from across the planet.

I was looking for information about ailments on elephants for one of my students in my internet class. They worked in a local zoo and were worried about one of their elderly elephants. The world was nowhere near as connected as it is today and it was thought that the internet may help. We first logged in using a telnet session to the University of Wales online database, no real restrictions or passwords as I remember. Just free open access to a useful information portal. Then we found email addresses and even a newsgroups frequented by vets, biologists and various Zoo type people. In all we found the help he needed, and boy did it feel good.

Although now it’s arguably easier to find your way around the internet, it’s also becoming increasingly frustrating. In the last few years it seems I’m forever getting redirected or messages telling me that something’s not available due to my location. In the Internet I remember, location didn’t matter – this was a virtual, digital world where everyone is equal.

Wherever you go online you seem to be confronted with barriers now – take this screen which you receive if you try and visit the Hotstar site, a wonderful Indian media broadcaster.
Activate Hotstar in UK

I went there mainly for the sport, there’s a huge cricket session including the IPL coverage.  Also if  you want to watch Premiership football without being conned into a massive Sky or BT package, the Hotstar has rights at least it did last season.  Yet again I was frustrated as the whole site is only accessible if you have an Indian IP address,

Now I’d normally use Identity Cloaker to bypass these blocks but they don’t actually have any Indian VPN servers so it wouldn’t work.   However there are other options and I thought I’d try out a Smart DNS solution instead, to be more specific the 14 day free trial from Smart DNS Proxy .  It worked wonderfully as you can see in the following video which is hosted currently on YouTube.

As you can see it’s pretty much transparent after you set it up, certainly more so than using a VPN which needs to be connected while you’re accessing the Hotstar site. The other big advantage is that because you don’t stream the entire connection through the VPN server you don’t have that extra hop to slow you down. The other speed boost over a VPN is that there is no layer of encryption to slow the stream down either. Now obviously this means that it adds no security at all, but it could be argued that it’s not really needed if you’re just streaming video.

There’s another post about accessing the site here – How to Watch Hotstar in the UK. As you can see it works perfectly and seamlessly in the background. I am starting to see the benefits of using these Smart DNS systems too as I was able to quickly configure my NVidia Shield with the same DNS settings so I could watch using that.

Works a treat, and Hotstar is brilliant fun – it’s also worth checking out the various documentaries and news programmes many of them are in English. Gives you a whole new perspective of the world to be honest.

Why Travellers Should Always use a VPN

Most of us now consider a VPN service as an essential tool for doing anything online.  If you travel and use access points in places like hotels, cafes and airports – using a VPN is pretty much essential.   If you don’t then it’s almost inevitable that at some point you’ll be the victim of some sort of cyber crime.

One of the main issues with these free Wifi points is that they are nearly always installed and configured with someone with no comprehension of computer security.  Indeed many surveys have found a huge proportion of these devices are installed with default settings. Only the larger chain organisations are likely to have some dedicated staff able to configure these properly and even then this isn’t often the case.

Think of all the places you use free internet access, who supports the connection do you think?  Who would you call if there was a problem?  In most cases the information would be very hard to find as they are probably installed in flying visit then some vague telephone support at the end of the phone.  In smaller organisations it’s often the dreaded – ‘friend who knows computers’.

It’s why all these access points are so tempting to identity thieves and cyber criminals.  Here’s just a small selection of the major issues:

  • Central Access Points used often by hundreds of people to check secure sites like email, banking, paypal etc.
  • Often poorly configured with low security.
  • Allow access to intercept all sorts of data using Man in the Middle style attacks.
  • Allows anonymity for attackers who don’t even have to present if they hack into the router.

They’re certainly a huge attraction for organised identity thieves for example who can steal all sorts of data if they are able to hack into the router. The other popular method is to simply set up a free internal access point in the same location and give it a similar name. Setting up this somewhere near a hotel lobby or coffee shop means you can steal peoples details while they browse. This attack is often known as the “evil Twin” attack using a bogus access point.

If someone compromises an access point or gets you to connect to a fake one then your data is in real trouble. Forget about SSL or HTTPS all these can be bypassed if they have control of the access point you’re using. Pretty soon the cyber criminals can have emails accounts, banking details and all sorts of personal details.

Your only hope is to add your own personal layer of encryption which protects account names and details – for this you need a VPN. Now over the years many people have been using proxies and VPNs for a variety of reasons. However for people travelling then the overriding priority should be security. The best VPN for BBC iPlayer might not be the best VPN to keep your internet connection secure for example.

Many people use Smart DNS systems to bypass geo-blocks on popular media sites however these should be avoided. Although they can work for bypassing blocks they offer no security whatsoever and there is no encryption layer added to any of the connections. The Smart DNS services are not secure nor where they designed to offer any online protection.

The same could be said for all the specialised proxies you see for sale too. Although a proxy will hide your identity to some extent from the website you are visiting and your ISP. It will offer virtually no protection against any other sort of middle man attacks. Even some of the highly specialized ones used for merchandising bots don’t really help. You can invest hundreds of dollars in the best rotating proxies you can buy, yet without an encryption layer you are still vulnerable.

Fortunately there are some VPN services which offer the best of both worlds. Firstly avoid those who sell themselves as TV watching services, they won’t take the security side seriously. They’ll also likely have slower servers as all the users will be constantly streaming video through them. Look for companies who stress the security of their system, make sure they don’t keep logs and have proper grown up responses to privacy issues.