How To Crack WEP – Part 3: Securing your WLAN

Skill Level 0 Countermeasures - more

Countermeasure 4: Turn it off!

People commonly overlook the simplest way of securing their wireless network - turning off the AP! A simple lamp timer can be used to turn off your AP during the overnight hours when you're not using it. If you have a wireless router, this will mean that your Internet connection will also be disabled, which also isn't such a bad thing.

If you can't or don't want to periodically shut down your Internet connection, you'll have to remember to disable your wireless router's radio manually - if it has this feature. Figure 2 shows a typical wireless disable control. This manual method is more prone to error, however, since it's just one more thing to forget. Perhaps at some point manufacturers will add radio disable to the features that can be scheduled on wireless routers.

Shutting off the radio

Figure 2: Shutting off the radio

Countermeasure 5: MAC Address Filtering

MAC Address filtering is used to control access to your AP by allowing (or denying) access to a list of wireless client MAC addresses you enter. It will prevent an unskilled intruder from connecting to your WLAN, but MAC addresses are easily captured by more skilled attackers and wireless adapter MAC addresses easily changed to match a captured address.

MAC Address filtering on an older USR 8011 AP

Figure 3: MAC Address filtering on an older USR 8011 AP
(click image to enlarge)

Countermeasure 6: Lower the transmit power

While only a few consumer APs have this feature, lowering your transmit power can help limit intentional and accidental unauthorized connections. But with the increased sensitivity of wireless cards that even unskilled users can purchase, it may not be worth the bother - especially if you're trying to prevent unwanted connections in an apartment building or dorm.

Most skilled attackers typically use high-gain antennas, which allow them to detect very low signal levels and effectively offset this countermeasure.