John the Ripper

5 Ways To Secure Your Internet

Whenever I’m out and about, sometimes I like to look at the invisible world around me. Most people carry smartphones these days and I’m no exception. Using a simple app called InSSIDer, I can pull up every WiFi network in the area. Many people don’t know it, but businesses often use hidden WiFi. That’s a great idea except that security through obscurity really doesn’t work. This is the first step a black hat hacker might use to determine their next target. I’m going to list a few easy things you can do to secure your home or business network from malicious hackers. This isn’t an exhaustive list. The cybersecurity field is constantly evolving so hiring a specialist for your business might be in your best interest.

1) Do not, under any circumstances, broadcast WiFi with no password. You might think that you’re acting as a public service; however, this makes you extremely vulnerable to malicious users. If someone wants to download something illegal, they may do it from an open WiFi connection. That way it will be traced back to the owner of the hotspot instead of them. Also, this gives them internal access to your network. The damage a malicious individual can do from there is practically unlimited.

2) Only use WPA2 encryption. WEP can be broken by even the least skilled hacker in minutes. WPA with weak password policy can also be broken in a short length of time. As of the time of this writing, I’m not aware of anyone having broken WPA2-AES. If you’re presented with the option to use WPA2-Personal vs WPA2-Enterprise, pick the Personal option unless you’re a business with a login server. However, if that’s the case you probably shouldn’t be setting up your own network. If your router doesn’t support WPA2, you should buy a new router. Sorry.

WiFi hacking
Here’s what it might look like when a hacker penetrates your flawed WEP WiFi encryption.
Note: This was done in my home lab for a security certification. Doing this against someone else is illegal and not condoned by the author.

3) Don’t turn off SSID broadcasting. A lot of older articles across the web will suggest you hide your SSID (WiFi name); however, the current thinking is that this opens you up to other attacks. Every smartphone has the capability of revealing hidden hotspots, as I discussed earlier. By hiding your SSID, you make it more likely for a “man-in-the-middle” attack to succeed. Why? Here’s how it can happen: You enter in your hidden SSID to connect to. Your computer connects to the matching SSID with the best reception. Unfortunately, someone has set up a small, battery powered hotspot with the same hidden SSID name. You’re now connected to their server which intercepts everything you send out. They now obtain usernames and passwords as you log in to different websites. You won’t notice a thing because you’re still getting to the webpages you want. This is more likely to happen in a business than in a home.

4) Have a strong password policy. A skilled cracker will be guessing around 10 billion passwords per second per computer he is using. I would guess that most skilled crackers will be using a botnet which can give access to thousands of computers. This can be further amplified by using precomputed password cracking tools called “rainbow tables.” Also, every cracker will have a dictionary file with every word in every common language in it. As you can see, a weak password has no chance.

5) Don’t use ancient encryption standards. If it says SHA-1 or MD5, don’t use it for security. If it says DES, don’t use it. If it is WPA or WEP, don’t use it. If you’re not sure, Google it and see if someone has broken it yet. Eventually, every encryption algorithm is broken. The goal of cybersecurity is to make it exponentially more expensive to break in compared to the reward of breaking in.

6) Use a VPN service whenever away from home. A Virtual Private Network tunnel lets you encrypt everything leaving your computer, through your router, onto the Internet, and to the exit point of the tunnel on a commercially hosted server. This lets you obscure your actual location and prevents eavesdropping from occurring on your side of the connection. I use ProXPN, personally.

If you follow these steps, you’ll make it much more difficult for the casual attacker to gain access. Remember, you don’t have to run faster than the bear to get away. You just have to run faster than the guy next to you.

Like this article? Consider buying a reference book used for this article from my Amazon affiliate store.

Leave a Reply