200 Chapter 5 • Securing Wireless Using a WRT54G
Wireless security has been a hot topic in the computer security community for years, for very good
reasons. Unsecured wireless networks can be compromised quite easily, revealing your personal infor-
mation and computer files and allowing your network to be used to attack others or to conduct var-
ious other inappropriate activities. By utilizing multiple layers of security, including (most
importantly) Wi-Fi Protected Access (WPA) or WPA2, you can reduce those risks.
The examples in this chapter are based on the features of OpenWrt 0.9, the current release as of
Basic Wireless Security
In this section, we will discuss some very basic, fundamental security settings that you should use as
part of an overall defense-in-depth security strategy. These security measures by themselves may not
provide adequate security; however, when you combine them with each other, and with
WPA/WPA2, you can offer improved security for your wireless networks. Of course, you must
choose an encryption protocol (Wireless Encryption Protocol [WEP], WPA, or WPA2), with WPA2
being the best choice (the reasons for which should become clear by the end of this chapter).
Select a Secure Network Name (SSID)
Too many times we have seen organizations and individuals leak information about themselves in the
form of the wireless network name, known as the SSID. To test this theory, all you need to do is
enable your wireless adapter and review the list of available SSIDs. Inevitably, you will find some
This gives away that you are, in
fact, Company X or Person Y, and that this is quite possibly your wireless network. Use an SSID
name that does not give away information about you or your organization, if" you can. For example,
the following commands will set the SSID using OpenWrt:
# nvram set wlO ssid="TheMatrix"
# nvram commit
Then restart the wireless subsystem to enable the settings with:
The most an attacker could glean from the preceding SSID is the name of your favorite movie.
Additionally, if you want an extra level of security, you should change your SSID often to prevent
dictionary attacks against WPA/WPA2, which we discuss later in this chapter.
Hiding Your SSID
Although this may not hide you from most attackers (and certainly not from anyone who is reading
this book) it may prevent your neighbor from connecting to your network. Connections to wireless
networks are managed by the operating system, and Windows XP especially is not selective about
which networks it connects to. For example, if you have a wireless network with the SSID
so does your neighbor you could be connecting to each other's networks without even knowing it!