]
08-05-2013, 05:46 AM
This post is leaked from the premium section of "Legion" on the competing hack forum. There will be 5 new leaks a day. There may be some format problems due to UTF8 character encoding.
Quote:(07-10-2013, 01:21 PM)Greyhat.Infiltrator Wrote:[To see links please register here]
1) Overview:
The aim of this guide is to help and assist those who have a limited or no knowledge of Wireless Security at all.
In addition, it will provide examples of what an insure Wireless network is and how it's security could be improved.
2) Reason for writing this guide!
As an active and contributing member, I've seen a lot of repeated posts with the same type of questions "how do I secure my wireless?", "I have an intruder on my wireless", "How do I keep them out" and so forth.
As you can see, this clearly indicates that the user either has limited or no knowledge of Wireless Security at all. As a conscious member, I know these repeated questions can easily upset and anger some members.
So therefore, I've decided to address this issue once and for all, by providing the necessary steps on how to secure the wireless network.
3) Types of Wireless Encryption:
- WEP
- WPA-PSK - Personal
- WPA2-AES - Personal
- WPA2-AES - Enterprise
WEP is the least secure encryption, so therefore you must refrain from using it. Under the right conditions, WEP can be cracked in matter of minutes.
I STRONGLY ADVISE YOU, NOT TO USE THIS ENCRYPTION.
WPA-PSK - Personal is a bit more secure than WEP, it uses a different encryption algorithm. However, it can still be cracked if the pass-phrase (password) is . It's vital to choose a pass-phrase that is longer than 10 characters long and has some complexity added to it.
If you fail to choose a pass-phrase longer than 10 characters, you will be making your wireless network an easy target.
A long and complex pass-phrase should look like this (Cr@cK_M3_1f_Y0u_C@n!234).
WPA2-AES - Personal is the RECOMMENDED encryption to use. It uses a different encryption algorithm altogether that makes the cracking of it, not so practical for a home or an average user.
WPA2-AES - Enterprise This type of encryption is a bit of an overkill for a home wireless network. It's mainly used in corporate networks, where security is critical. It basically relies on a RADIUS server to authenticate the user to the network. If the user can't provide a valid identity access to the network is denied.
Now that you are more familiarized with the encryption types. There is one feature in most consumer routers that is called WPS.
WPS in itself is NOT an encryption, but it facilitates the whole setup of your router and connectivity at a push of a button. Once the router is configured and ready, the only way to connect a device to it is via a "WPS Pin".
A "WPS Pin" is simply a string of numbers, no letter or special characters.
Now here's where the problem with WPS comes in. It's very easy to crack it, with an utility called Reaver.
4) Hardening your Wireless Router:
We are now going to do a step by step hardening of your wireless router.
1) First you need to log into your router. In order to do that, open the Command Prompt and type
Hidden Content
Then look for the Default Gateway IP address, mine is 192.168.1.1 as per picture below.
2) Open your web-browser and type that IP address into it. It should prompt you for an username and password. If this is your router, you should know it, or look in it's manual if you don't know.
If you can't find the manual, you need to learn how to use Google and search for it. And you can't always ask people for help, you need to learn to do things on own too.
3) Once you've logged into your router, you need to make the following changes to your router settings.
- Change encryption type to WPA2-AES-Personal or WPA2-PSK-Person, may differ on your router.
- Choose a long and complex pass-phrase.
- Disable WPS
- Enable MAC filtering
- Disable WLAN Management via Wireless (this prevents people from accessing your router's configuration page via wireless).
- Change your router's default administrator password.
If you want to make things more challenging for the attacker.
- Limit your DHCP scope
- Or disable it. You will need to configure each device with a static IP address.
- Last but not least, if you are really paranoid about your WIFI security, you could setup a Radius server.
Now it's up to you to make the necessary changes and improve your wireless security.
![[Image: ieq6viOQ6szdE.gif]](http://i.minus.com/ieq6viOQ6szdE.gif)
![[Image: CMD.png]](http://infiltrator.webs.com/CMD.png)
