Craig Mayhew’s Blog

IPv6 as covered in a recent article on the adire site will enable us to have millions of unique ip address for every individual on the planet. This creates brilliant opportunities but also one very big problem.

Website account security until no has been failry easy to maintain. For instance, attacking someones twitter account and gaining access could cause you substantial financial gain the owner substantial damage. Websites like twitter will detect obvious brute force attacks where someone attempts to guess an account password and they will block the offending ip address from attempting to login to that twitter account. So let’s say if I as an attacker attempt to crack a twitter account by guessing the forgotten password then my attempts will be ignored after my 10th failed login. The twitter account therefore remains secure.

Now let’s say there are 500 celebrity twitter accounts I wanted to try and gain access to, and would be delighted if I as the attacked cracked even one of these. If twitter uses the above logic of blocking me from logging in to each accoun after 10 trys then in total I ill get 5000 attempts across all the accounts!

Twitter along with other websites are thankfully much smarter than this. They will instead block my ip address from attempting to login to any account after a certain number of failed login attempts. So they may spot what I’m doing and block me after my 50th login attempt.

With time as a factor – if I’m patient then I might be able to get 50 attempts a day – I’m sure you can see where this is going. If your password isn;t suitably complex, e.g. it’s just one word then it will likely be cracked in at most a few years. But let’s also assume you have a fairly secure password.

As long as the password isn’t simple then this is a great method of security as it doesn’t involve locking accounts or really give anyone a hope of breaking ito someones account unless they have used a really dumb password.

However, IPv6 might ruin all that. Imagine instead of the one or two IP addresses, I have millions.

This does depend on how the IPv6 addresses are allocated. One way to prevent this problem is if all my ip adresses start the same e.g. 1111:1111:1111:1111:1111:1111:1111:0001 to 1111:1111:1111:1111:1111:1111:1111:FFFF then twitter could block all addresses beginning with 1111:1111:1111:1111:1111:1111:1111. although it might not have any way of knowing they are all in use by me.

Most internet providers now provide free wireless routers when you sign up for an internet connection. The problem is that people don’t know the risks of having a wireless network on it’s default configuration. Wireless networks use several different methods to keep your network secure and intruder free. The more of these methods you have in place, the more secure your network is.

Hardware
Old wireless equipment (before 2003) probably won’t support a strong enough encryption level to protect your network from intruders. Also if your hardware does not support at least 802.11g then chances at that it won’t support strong enough encryption.

Firmware
Upgrade the software on your wireless access point to the latest that the manufacturer has available. This could improve range, speed and power efficiency as well as security. The latest firmware updates can normally be found on the manufacturers website. Even if you have just bought your equipment new from the shop and think the CD it came with must be the most up to date software; there may well have been a firmware release while it was still sitting on the shelf.

Encryption
Now that you have hardware that was manufactured no earlier than 2003 and have the latest firmware you should make sure your running the strongest encryption that your hardware supports. At the time of writing; WPA encryption is currently secure. WEP encryption is easily crackable and should never be used in a network.

Keys / Passwords
You could be running the most uncrackable encryption in the world but if you’ve chosen something like ‘123456′ or ‘mousemat’ for your encryption key then you may aswell be using morse code. Simple one word keys can be guessed by what’s called called a dictionary attack. A dictionary attack is when an automated program is used to try and guess your network key by trying every word in the dictionary (and often combinations of words e.g. yellowstone). Your network key should be made from random letters and numbers. Some manufactures place the default network key on a sticker on the side of the access point, if yours has a sticker then make sure it is not easily visible from a window.

SSID
Your SSID is the name that your wireless access point will broadcast. It should not contain the name or make of your wireless access point or the name of your internet provider. For instance if your access points SSID is ‘SKY7761′ then they instantly know you have a router from Sky and will try to find known flaws in the security software using a search engine.

MAC Filter
All hardware uses a mac address to identify itself no the network. The mac address of each wireless card / wireless computer should be printed on it’s sticker. It is possible to find out a devices mac address without it being printed on the device but this is too in depth to cover in this Wireless Networking Security 101. If you know all the MAC addresses for your devices then you can add them to the wireless access point’s MAC filter. When the MAC filter is turned on it will prevent any devices from connecting to the wireless network without an approved MACr address.

Turn it off
If you don’t use your wireless internet at night then use an electrical timer to turn off your access point at night time. This saves you money on your lecky bill and if your wireless network isn’t powered on then it should be 100% hacker proof!