Please, please tell me how to secure my Wi Fi network so that this doesn't happen to me!
A Minnesota hacker prosecutors described as a “depraved criminal” was handed an 18-year prison term Tuesday for unleashing a vendetta of cyberterror that turned his neighbors’ lives into a living nightmare.
Barry Ardolf, 46, repeatedly hacked into his next-door neighbors’ Wi-Fi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden.
The original encryption scheme was WEP and was too easily violated. The most recent from 2008/2009 is WPA2. Below is a brief description of each type of encryption. You will have to check the manual that came with your system to see which one it supports.
ol_pops wrote:Make sure it's encrypted. The stronger the better. Check your Wi-Fi manual.
From the Wired article:
"Ardolf downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik’s WEP encryption"
So encryption wasn't enough.
WEP is not enough. WPA2 will be enough as long as you don't use a dictionary/easy password.
Disclaimer: I am not a financial or legal expert and all information I provide is given for entertainment purposes only, at your own risk and with no guarantees of accuracy.
You don't thwart a guy like this with superior technology. Because if he can't get into your wifi he's just going to pour sugar in your gas tank or poison your dog or something. The home defense rifle thread comes to mind here.
epilnk wrote:You don't thwart a guy like this with superior technology. Because if he can't get into your wifi he's just going to pour sugar in your gas tank or poison your dog or something. The home defense rifle thread comes to mind here.
What does sugar in your gas tank do?
Disclaimer: I am not a financial or legal expert and all information I provide is given for entertainment purposes only, at your own risk and with no guarantees of accuracy.
Rob5TCP wrote:The original encryption scheme was WEP and was too easily violated. The most recent from 2008/2009 is WPA2. Below is a brief description of each type of encryption. You will have to check the manual that came with your system to see which one it supports.
Thanks. My router uses WPA/WPA2 encryption. I have a long password (more than 20 characters) that includes both numbers and letters. Is there anything more I should do? Should I change my password every few weeks just to be safe?
Rob5TCP wrote:The original encryption scheme was WEP and was too easily violated. The most recent from 2008/2009 is WPA2. Below is a brief description of each type of encryption. You will have to check the manual that came with your system to see which one it supports.
Thanks. My router uses WPA/WPA2 encryption. I have a long password (more than 20 characters) that includes both numbers and letters. Is there anything more I should do? Should I change my password every few weeks just to be safe?
WPA still uses TKIP. WPA2 uses CCMP which is better.
Disclaimer: I am not a financial or legal expert and all information I provide is given for entertainment purposes only, at your own risk and with no guarantees of accuracy.
In addition to enabling WPA2, you can disable SSID broadcasting (so that nearby computers won't see your network advertised) and enable your access point's MAC address access list feature, if any. The latter will allow you to restrict wireless access only to certain machines even when the WPA2 key is known. These steps aren't going to stop truly dedicated attackers, but unless there's a personal vendetta against you, anything that lowers your profile will nudge them towards the less secure neighbors.
On the more extreme side, you could also take steps to reduce the amount of signal emitted outside your house; by reducing the transmit power on the access point (if possible), or by shielding the windows/walls. But if you're that worried then maybe you should get less crazy neighbors.
epilnk wrote:"You don't thwart a guy like this with superior technology. Because if he can't get into your wifi he's just going to pour sugar in your gas tank or poison your dog or something. The home defense rifle thread comes to mind here."
Someone gets it. This is not about technology. It's about predators. These victims were lucky to have such powerful allies. But there are so many victims who go for years suffering in silence because they just can't get anyone to understand what they are being put through.
amh wrote:In addition to enabling WPA2, you can disable SSID broadcasting (so that nearby computers won't see your network advertised) and enable your access point's MAC address access list feature, if any. The latter will allow you to restrict wireless access only to certain machines even when the WPA2 key is known. These steps aren't going to stop truly dedicated attackers, but unless there's a personal vendetta against you, anything that lowers your profile will nudge them towards the less secure neighbors.
On the more extreme side, you could also take steps to reduce the amount of signal emitted outside your house; by reducing the transmit power on the access point (if possible), or by shielding the windows/walls. But if you're that worried then maybe you should get less crazy neighbors.
If you want security and a better overall connection, run Ethernet cable through your house and go wired.
- i use inSSIDer
- set password as a sentence, if the system accepts it.
- enable DHCP in the router
- in DHCP settings, limit the IP-distribution using "start IP" & "End IP".
- A new device connecting to my wi-fi setup will not receive an IP, because it's all used up.
Xile F Investor wrote:Filter by MAC address as well. It's a pain to add new devices, but it blocks those which you did not authorize.
I use WEP and a MAC address filter, though I have read that MAC addresses can be snooped out then spoofed, and so provide little protection against a knowledgeable attacker. It seems very unlikely to me that a sophisticated hacker would ever become interested in breaking into my network, since (for one thing) that wouldn't get him into any of my computers.
Xile F Investor wrote:
I use WEP and a MAC address filter, though I have read that MAC addresses can be snooped out then spoofed...
This much is true. I can easily change the MAC address the Ethernet adapter uses on my Linux box.
The one thing I really dislike about Yahoo! Mail (which the victim used) is that it doesn't offer a constant https connection. (GMail does though.)
The one thing that unites all human beings, regardless of age, gender, religion, economic status or ethnic background, is that, deep down inside, we ALL believe that we are above-average drivers.
fredflinstone wrote:Please, please tell me how to secure my Wi Fi network so that this doesn't happen to me!
Do you realize the probability of this happening to you compared to being killed in an auto accident or drowning in a swimming pool?
If your neighbors are trying to sneak in your wireless network, they are probably also going through your garbage to get your personal information . They can easily frame you by putting some child porn in your garbage. What will you do about it?
fredflinstone wrote:Someone once hacked into my email account.
From what I read, he didn't hack into the victim's Yahoo account. He opened a new Yahoo account on the victim's name, then sent the threatening emails from this account through the victim's wireless connection, so they would be traced back to his Internet account. It's analogous to someone making threatening calls using your phone line.
Ardolf used the Kostolniks’ wireless router to connect to the Internet, accessed a Yahoo.com email account he had created in Matt Kostolnik’s name and, posing as Matt Kostolnik, sent three separate emails to his coworkers. Ardolf sent the emails using the Kostolniks’ wireless Internet connection, with the intent that the emails would be traced back to the Kostolniks’ Internet account with Qwest.
A firewall like comodo would alert you to another computer trying to connect to yours.
amh wrote:In addition to enabling WPA2, you can disable SSID broadcasting (so that nearby computers won't see your network advertised) and enable your access point's MAC address access list feature, if any.
This is totally useless for repelling anyone capable of hacking your wireless IMO.
Nobody hacking your wireless network is going to use software that needs SSID broadcasting to find you, and anyone can spoof a MAC address.
Nobody hacking your wireless network is going to use software that needs SSID broadcasting to find you, and anyone can spoof a MAC address.
I agree, there isn't any harm in turning off ssid broadcasting or turning on MAC address filtering but these are effective for only the least competent hacker. The guy who can hack your WPA2 would not be deterred at all by those ineffective measures. The best solution for a router that doesn't do WPA2 is a new router.
thank you so much for all the suggestions. Bogleheads are the best!
One more question: my router software provides an option for a firewall. Until now, I have used the default setting, which is "off." I am wondering if I should change this setting to "low," "medium" or "high."
It appears that a high setting would result in the loss of certain functionality. Here is what the manual says:
The default firewall security level is set to “Off”. Activating the firewall is optional. When the firewall is activated, security is enhanced, but some network functionality will be lost. If the firewall is enabled with dynamic addressing in step 1, all DHCP allocated addresses will use the same firewall rules. Static IP addresses can be configured on a per address basis in the firewall.
amh wrote:In addition to enabling WPA2, you can disable SSID broadcasting (so that nearby computers won't see your network advertised) and enable your access point's MAC address access list feature, if any.
This is totally useless for repelling anyone capable of hacking your wireless IMO.
Nobody hacking your wireless network is going to use software that needs SSID broadcasting to find you, and anyone can spoof a MAC address.
Just use WPA/WPA2 with a strong passphrase.
The router should also be configured to only accept WPA2-PSK (PSK=Pre Shared Key) connections as this gives a better security. Most home routers will by default start using less secure protocols/encryption if the stronger ones fails.
The PC should be configured to only connect to wireless router using WPA2-PSK that it knows about.
fredflinstone wrote:thank you so much for all the suggestions. Bogleheads are the best!
One more question: my router software provides an option for a firewall. Until now, I have used the default setting, which is "off." I am wondering if I should change this setting to "low," "medium" or "high."
It appears that a high setting would result in the loss of certain functionality. Here is what the manual says:
The default firewall security level is set to “Off”. Activating the firewall is optional. When the firewall is activated, security is enhanced, but some network functionality will be lost. If the firewall is enabled with dynamic addressing in step 1, all DHCP allocated addresses will use the same firewall rules. Static IP addresses can be configured on a per address basis in the firewall.
Anyone know anything about this?
A home router will (usually) by default block outside initiated connections while allowing connections from the inside out to the scary WWW, and for most home users this is sufficient.
With firewall rules you can block some types of connections from leaving or entering (say Microsoft network traffic). Unless you know what you are doing you can have a non-functional network or introduce security problems.
You should check if there is a new version of the software in the router that fixes potential security problems. Router software is same as all other software: buggy.
If you want to fool around with trying to test your home network, or are curious how people crack wireless networks, you can boot this software from a CD or thumbdrive:
epilnk wrote:You don't thwart a guy like this with superior technology. Because if he can't get into your wifi he's just going to pour sugar in your gas tank or poison your dog or something. The home defense rifle thread comes to mind here.
A load of bird shot put in the right place would discourage such a perp from ever trying this again, then again 18 years with "bubba" should also work. Have fun in the slammer.
epilnk wrote:You don't thwart a guy like this with superior technology. Because if he can't get into your wifi he's just going to pour sugar in your gas tank or poison your dog or something. The home defense rifle thread comes to mind here.
Most of the posts here are spot-on -- WPA2 with a reasonable-strength key is more than sufficient. Just remember that technology exists to block a specific attack; keeping him from getting on your Wi-Fi doesn't stop other nefarious actions if you actually did wind up with the "neighbor from hell." The processing power required to crack WPA2 is prohibitive for the foreseeable future; far easier to break into your house, steal a laptop, and crack your password.
However, I have to push back on disabling SSID broadcast. There's no security advantage in that, because you still disclose the name of your network anytime one of your devices connects to it. Your SSID is not a password, so don't try to use it as one. It's not protected in the 802.11 protocols, it's just an identifier and nothing more.