The Best Security Options For A Wireless Router

The Best Security Options For A Wireless Router:

With new protocols and frequencies being used for routers in 2015 I thought I would do a write-up on how to secure a router in 2015.
The information on this site is for legitimate wireless Pen-Testing professionals to do a wireless audit for companies or individuals to prevent wireless attacks on their networks.
This post is for anyone who wants to secure their router in the best possible way protecting them from the current WiFi hacks that attackers use.

Router Differences
When it comes to routers manufactures they all have different interfaces and options.
It is impossible to list in one post where the location of these settings are for the many routers that are sold.
Most options will be universal such as WEP, WPA, WPA2 encryption, but how the options are activated will vary from one router to another.
A routers interface options can always be Goggled or the manual found and looked at for its settings.
The main thing to understand about securing a router is the universal security options most any router will have.

WEP, WPA, WP2 Encryption
Not much has changed in 2015 as far as encryption goes.
Every router should have at least basic encryption setup. Having a open WiFi signal is asking for problems these days as anyone can connect and use it.
WEP is notoriously easy to hack and hasn’t been used much since 2003 when a security flaw was found in it.
WPA or WPA2 should be enabled for WiFi and with a long password/paraphrase.
There is hacks for WPA/WPA2 but it is much more difficult to hack than the old WEP encryption standard.

WPS
WPS (WiFi Protected Setup) is a method many routers use for devices to easily connect to a router via wireless.
A flaw was found in WPS in 2012 that allows the pins to be attacked, which bypasses any security such as WPA/WPA2.
Many new router have found a way around this by having a WPS button that is pressed and only enables WPS for a short time before disabling it.
Not all router do this though and some have WPS enabled by default.
Popular programs such as Reaver built into Kali Linux can crack the WPS pins in 2-10 hours, with new Pixiewps attack able to do it much quicker on some routers.
If your router has WPS enabled, disable it otherwise it is open to the above popular attack.

Man-In-The-Middle-Attack
Man-In-The-Middle attacks called MitM are when a hacker puts themselves between a router and a device that is connected to it.
An example of this is someone using their laptop online connected to their router via WiFi.
A malicious hacker doing a MitM attack can kick a router signal forcing the person on the laptop to connect to their computer, which than lets the victim back online.
Most users are unaware of this and continue surfing online. The attacker can view all the data as it passing though their machine capturing passwords or any other data that is looked at.
MitM router attacks come in many forms with popular ones being a pop-up showing a user a fake router-login-page that looks legitimate.
If a user enters their user name and password into a fake MitM attack page than they are allowed to continue on thinking they have fixed the problem.
In the mean time a malicious attacker has acquired their information.
To counter this kind of attack don’t simply enter username password information blindly.
Know where the login information on a laptop, tablet, or smartphone is and only enter information there.
A router should never give a pop-up asking for information. If it does than manually log into a router with a wired connection and check the settings.

WiFi Range Distance
Distance can be important with WiFi but can leave a router open to attack.
All wireless router attacks need a good WiFi signal to do their job, if they can’t get a good signal than it can’t be done.
Attackers do use signal boosters to help boost a weak signal so often not much can be done about this.
None-the-less if you do not need a strong wireless signal than weakening it can help prevent a attack.
Many routers have a setting to adjust the WiFi signal range which can be adjusted down or up.

5 GHz and 2.4 GHz Frequencies and 802.11ac Protocol
Up until 2013 2.4 GHz was the frequency routers used for WiFi.
Since 2.4 GHz has become overcrowded the 5 GHz range has been introduced.
These types of routers are called dual band routers since they can use both 2.4 GHz or 5 GHz for a WiFi signal.
For those who do not know not any wireless card can be used to attack a router.
Specific USB dongles/adapters with the correct chipset must be used.
There is an abundance of USB adapters that can hack a router on the 2.4 GHz side.
Currently there is a shortage USB adapters that can hack the new 5 GHz side.
There are a few USB adapters that can but with limited success.
The reason for the limited success rate is the new 802.11ac protocol introduced in 2013.
WiFi hacking tools simply have not been updated yet to attack this new protocol.
Only 802.11n and 802.11ac protocols work in the 5 GHz range. 802.11n has been around a while and works in both the 2.4 GHz and 5 GHz.
802.11ac only works in the 5 GHz range.
802.11n is being used for legacy devices that need to connect to a router but is a well known protocol that can be hacked with many WiFi cracking tools.
Currently a router setup to only broadcast WiFi in the 5 GHz range with the 802.11ac protocol is almost un-hackable with current WiFi hacking tools.
Any device connected to a router must also be capable of using the 802.11ac protocol as any setup is only as good as its weakest link.
Keep in mind this can change at any time as hacking software and hardware are in a constant state of evolution.
Currently a router with the 2.4 GHz side turned off, along with WPS support off, using WPA2 encryption, and only using the 5 GHz frequency with 802.11ac protocol is almost impossible to hack.
Nothing is ever completely un-crackable but it would take a very advanced malicious attacker to crack that kind of setup.
A script kiddie newbie hacker would not be able to watch the multitude of WiFi hacking YouTube videos and be able to crack a setup like this currently.

Change a Routers Default Admin Page log-in Credentials
All routers have a default username and password to log into the admin page.
Often something as simple as Username: admin, Password: admin
This should be changed to something secure, as it is a easy way for someone who is on the same network and types in your routers IP address to gain access to it.

Change the Default SSID Broadcast Name
All routers come with a default broadcast name such as a Linksys or Dlink routers which will broadcast the name Linksys or Dlink as the WiFi AP connection name.
Changing the broadcast name will give an attacker less information about the vulnerabilities that router has.
A Linksys router has different vulnerabilities than a Dlink router, and so on.
One of the things I do is instead of giving the router a unique pet name is change it to another router manufacture name.
For example if it is a Linksys router change the SSID to Dlink and vice versa.
This can confuse a attacker since they believe they are attacking a certain router with a known vulnerabilities when it is something else entirely.

The Best Security Setting for a Router 2015
Not all of these options will be possible for everyone. This is simply a list of the best possible setup for securing a router in 2015.
1…Turn off WPS (WiFi Protected Setup)
2…Disable 2.4 GHz.
3…Only connect to a router with a device (smartphone, tablet, laptop) that is 802.11ac capable.
4…Enable WPA2 encryption and put in a long password.
5…Weaken the WiFi signal if possible.
6…Never input passwords or usernames into a pop-up. Always go directly to the setting of the device or router to enter usernames and passwords.
7…Change the routers default admin-page log-in password and username.
8…Update the routers firmware.
9…Change the SSID broadcast name.

Summary
Any router will always be acceptable to attacks but doing simple things like that above will greatly reduce your risk.
Often WiFi attackers will move on to an easier target (since there are many) instead of wasting hours if not days trying to target a difficult setup.

Comments

Post a Comment

Popular posts from this blog

How To Find The WiFi Password Of Your Current Network

Image
How To Find The WiFi Password Of Your Current Network Method 1: Finding the WiFi Password  in Windows Using Command Prompt First open the Command Prompt on your Windows PC by typing  cmd  in the Start Menu. Now select  Run as administrator  by right-clicking on it. Once Command Prompt is opened, you need to type the following command in it   (Replace  fossbytes  with your WiFi network name), and hit enter. 1 < strong > netsh wlan show profile name = fossbytes key = clear < / strong > After hitting Enter, you will see all the details including your wifi password as  key content  (as shown in the above picture). In case you want a list of your previous WiFi connections, type this command: 1 netsh wlan show profiles Method 2: Revealing WiFi Password Using General Method in Windows First navigate through the system tray ...
Read more

Hacking Any Android Device Using AndroRAT App Binder

Image
Hacking Any Android Device Using  AndroRAT App Binder Usually any Android Device can be hacked using Metasploit Meterpreter attack but many people are not aware of that process as it is not user friendly. But using a simple tool called AndroRAT (Android Remote Administration Tool) it is possible for anyone to hack any Android device. By successfully running this tool one can retrieve following information from target Android device. Get contacts (and all theirs informations) Do vibrate the phone Get call logs Open an URL in the default browser Get all messages Send a text message Location by GPS/Network Do a toast Monitoring received messages in live Streaming video (for activity based client only) Monitoring phone state in live (call received, call sent, call missed..) Stream sound from microphone (or other sources..) Take a picture from the camera You can do almost anything with this tool. All you need to do is to install a simple application...
Read more

HOW 2 CLONE SIN CARD ONLY FOR EDUCATION

Image
HOW 2 CLONE SIN CARD Before I start, I would like to make one thing clear SIM Card Cloning is illegal . This tutorial should be used for educational purposes only.Please Try this { Clone SIM Card easily } on your own not others. Mobile Phone’s are everybody’s need. People often (mostly) do their confidential talks over cell phone’s, But only some know how easy it is to eavesdrop them, there are some tricks and hacks to do that, but the most powerful way is to clone their SIM Card. The Subscriber Identity Module aka SIM Card is the transmitter of signal to the mobile and tower. Our SIM cards contain two secret codes or keys called (imsi value and ki value) which enables the operator to know the mobile number and authenticate the customer, these codes are related to our mobile numbers which the operators store in their vast database, it is based on these secret keys that enables the billing to be made to that customer. The main mission in cloning a SIM Card is to get KI and IMS...
Read more