How to Beef Up Security on Your Home Wireless Network

Tips for beefing up the vulnerable wireless encryption you are probably using

Couple using computer together at home
Comstock/Stockbyte/Getty Images

Think your wireless network is safe because you're using WPA2 encryption instead of WEP? Think again (but think "no" this time). Listen up, people! What I'm about to tell you is some soil-your-pants kind of scary stuff so please pay attention.

I'm sure by now that almost all of you have read one or more articles about hackers breaking into wireless networks by cracking the Wired Equivalent Privacy (WEP) encryption used to protect them. That's old news. If you are still using WEP, you might as well just hand the hackers a key to your house. Most folks know that WEP can be cracked in a matter of seconds, making it completely useless as a means of protection.

Most of you have taken the advice of security geeks such as myself and have stepped up to Wi-Fi Protected Access 2 (WPA2) encryption as a means to protect your wireless network. WPA2 is the most current and robust wireless encryption method available at this time.

Well, I hate to be the bearer of bad news, but hackers have been toiling away at cracking the shell of WPA2 and have succeeded (to a degree).

To be clear, hackers have managed to crack WPA2-PSK (Pre Shared Key), which is primarily used by most home and small business users. WPA2-Enterprise, used in the corporate world, has a much more complicated setup involving the use of a RADIUS authentication server and is still a safe bet for wireless protection. WPA2-Enterprise has not yet been cracked to my knowledge.

"But Andy, you told me in your other articles that WPA2 was the best way to go for protecting my wireless home network. What am I to do now?", you say.

Don't panic, it's not as bad as it sounds, there are still ways to protect your WPA2-PSK-based network to prevent most hackers from breaking your encryption and getting into your network. We'll get to that in a minute.

Hackers have succeeded in cracking WPA2-PSK for a couple of reasons:

1. Many users create weak Pre-Shared Keys (wireless network passwords)

When you set up your wireless access point and enable WPA2-PSK as your encryption, you must create a Pre-Shared Key. You are likely to set an uncomplicated Pre-Shared Key because you know that you will have to enter this password on every Wi-Fi device you want to connect to your wireless network. You may also have elected to keep your password simple so that if a friend comes over and wants to hop on your wireless connection you can tell him or her a password that is easy to type in, such as: "Shitzus4life". Although setting an easy to remember password makes life a lot more convenient, it also makes for an easier password for the bad guys to crack as well.

Hackers can crack weak Pre-Shared Keys by using brute-force cracking tools and/or Rainbow Tables to crack weak keys in a very short amount of time. All they have to do is capture the SSID (wireless network name), capture the handshake between an authorized wireless client and the wireless router or access point, and then take that information back to their secret lair so they can "commence to cracking" as we say in the south.

2. Most people use default or common wireless network names (SSIDs)

When you set up your wireless access point did you change the network name? Probably about half of the people in the world left the default SSID of Linksys, DLink, or whatever the manufacturer had set as the default.

Hackers take a list of the top 1000 most common SSIDs and generate password cracking Rainbow Tables to make cracking the Pre-Shared Keys of networks using the most common SSIDs quick and easy. Even if your network name isn't on the list they can still generate rainbow tables for your specific network name, it just takes them a lot more time and resources to do so.

So what can you do to make your WPA2-PSK-based wireless network more secure to prevent the bad guys from breaking in?

Make your Pre-Shared Key over 25 characters long and make it random

Brute-force and Rainbow Table password cracking tools have their limitations. The longer the Pre-Shared Key, the larger the Rainbow Table would have to be to crack it. The computing power and hard drive capacity needed to support cracking long Pre-Shared Keys become impractical for keys longer than about 25 characters. As much as it may pain you to enter a 30-character password on each wireless device, you will only have to do it once on most devices as they usually cache this password indefinitely.

WPA2-PSK supports up to a 63-character Pre-Shared Key so you have plenty of room for something complicated. Get creative. Put a German Haiku poem in there if you want. Go nuts.

Make sure your SSID (wireless network name) is as random as possible

You definitely want to make sure that your SSID is not on the list of the top 1000 most common SSIDs as mentioned earlier. This will prevent you from becoming an easy target for hackers who already have the pre-built Rainbow Tables for cracking networks with common SSIDs. The more random your network name, the better. Treat the name as you would a password. Make it complex and avoid using any whole words. The maximum length for an SSID is 32 characters.

Combining the two changes above will make your wireless network a much harder target to hack. Hopefully, most hackers will move on to something a little easier such as your neighbor's wireless network, who, "bless his heart" as we say in the south, is probably still using WEP.