With the increasing number of wi-fi home or small office networks mushrooming all over the place, the hackers are having a field day. The hackers break-in at will and carry out their nefarious activities resulting in immense problems. The basic reason for hackers’ break-in to wi-fi networks is that most of the wi-fi networks are unprotected, presumably because the network owners are not aware of the serious threats inherent in such unprotected wi-fi networks. Cops in the financial capital of India, Mumbai are going to hunt for unsecured Wi-Fi connections. Be aware!

So, how do the hackers get into these wi-fi networks? Let us examine few security issues.

It is normal for all hardware items to be shipped with factory default settings. The hackers are masters and they know what the hardware factory settings are. So, usage of the network router with factory set defaults will leave a wide open unprotected door for the hackers to get in. To protect yourself, the first thing you do before anything else is to change the administrative password of the router. Administrative password is the master-key without which none can get inside. The factory set administrative password is an open secret, so change it as soon as possible to have complete control of the network in your hands. Password change procedure will be different from brand to brand, but if you make use of the installation CD that came with the hardware, you will be able to accomplish the change easily.

Hackers or mobile malicious code like botnet worms scan for unprotected wi-fi networks and systems and will choose anyone that appear to be an easy prey. Most of the routers will provide an option for you to hide your SSID; so hide it. Remember, if you are not seen, then you can not be touched!

In a wi-fi network all the information and data are exchanged through open air. So, any one capable enough to snoop and collect information can do so pretty easy. However, you can protect the information by using encryption. There are two encryption standards available, i.e. WEP (Wireless Equivalent Protocol) and WPA (Wi-Fi Protected Access). WPA is the better one and has 2 settings – WPA Personal and WPA2 Personal. Use WPA2 Personal, but make sure that your hardware and software support it. (Windows Vista supports WPA2, but in XP you may need to download and install a Hot Fix from Microsoft.)

MAC (Media Access Control) address is another area where the hackers will find space to squeeze in. Each and every piece of networking equipment has a unique MAC address. You should note down the MAC address of all the hardware in your network (in command prompt, use ipconfig/all to get all the MAC addresses). You can then feed these numbers under the “permit only” tab in the Wireless Network Access tab. With such limited permission, any equipment not conforming to the ‘permit only’ MAC address will be blocked from entering your wi-fi network – obviously the hackers will be kept at bay! (However, if your network must allow computers that keep changing, the MAC addresses also will need to change – for a huge network, this may be a difficult task to maintain.)

It is also a good practice to shut-down your network when not in use. Turn it on only when you need it. Keeping an unmonitored wi-fi network open all the time is inviting problems. It was reported that during the recent Mumbai terror attack, the terrorists gate crashed unprotected wi-fi networks to send out messages. Therefore, do what it takes to plug all loopholes to protect your wi-fi network.

Explore More

critical XSS Vulnerability on Gadone (beta) MM Search Engine

PlanetCreator has reported another critical XSS Vulnerability on Gadone (beta) MM Search Engine : http://www.gadone.com This vulnerability has been informed to :- webmaster Cross-site scripting (XSS) is a type of

Critical SQL injection (vulnerability) on SITAGU :: Sitagu International Buddhist Missionary Centre

Security researcher Dr@GoN 3y3 reported another Critical SQL injection (vulnerability) on SITAGU :: Sitagu International Buddhist Missionary Centre http://www.sitaguacademy.com/ SQL injection is a code injection technique that exploits a security

Selection of tools to automate an attack SQL Injection

sqlmap (http://sqlmap.sourceforge.net/) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase. SQL Power Injector (http://www.sqlpowerinjector.com/) Implemented support for: Microsoft SQL Server,