ABSTRACT: This article is about demonstrating how to set up a strongly encrypted wireless network, without the use of additional hardware. This is in response to the fact that the traditional encryption system, principally WEP, has become obsolete. The objective is to produce a secure network without having to spend the extra dough on more secure WPA/VPN-based routers. There is an emphasis for Windows users in this article. This will only protect you against PASSIVE SNIFFING, however. One performing active sniffing could use ARP poisoning to redirect the not-so-encrypted content of our server computer to the malicious sniffer. SECURING YOUR WIRELESS NETWORK: By: Seal The purpose of Local Area Networks (LANs) is to facilitate the sharing of data between multiple computers. Because of their disposition, computers within the LAN treat each other differently than they do those on the Internet. It is that distinction which leaves them vulnerable to certain attacks, such as ARP Poisoning. Windows users are even more vulnerable; installing a keylogger across a network takes only a matter of seconds on computers with default settings. The lack of physical access was the principle means of protection with wired LANs. With the advent of wireless routers, however, that is no longer the case. WEP (Wireless Equivalency Protocol) is the traditional system of encryption to protect wireless communications. Without it, an intruder can easily sniff out sensitive information sent over the airwaves. Unfortunately, WEP is flawed and can now be cracked in a matter of minutes. It has become obsolete and virtually useless as a means of protection against malicious users. There are a few options to protect oneself. You can upgrade to a router supporting WPA or VPN, both providing more reliable forms of encryption. However, this option costs a fair bit of money, and there's always the potential that the protection algorithm will be cracked in the future. You could prevent the router from broadcasting its presence; and filter connections based on the MAC address [identity] of the wireless cards connecting to the router. However, both these methods are easily defeatable via passive sniffing. There is another option however: bypassing the router entirely and using SSH tunnelling to encrypt our data. This means that if someone were to intercept the wifi signals, they would first have to crack SSH in order to see its contents. There are two advantages to this method: the encryption is already strong, and because the solution is software and open-source based (ie. not reliant on the router), patches could be issued to fix any potential vulnerabilities within the encryption. The execution of this system necessitates that one computer be connected to the router via ethernet. This tends to already be the case with most setups. That wired computer will also have to run an SSH server. Linux users: that's already done. For Windows users, I recommend that you download *free* Cygwin (see below for URL) and opt to install the OpenSSH package during the installation. Once that's done, start up Cygwin and type in "net start sshd". From that point on, the server will launch with Windows. Type in "net stop sshd" to stop the server. We aren't finished with our server, however. We must then install a proxy server onto the machine. Windows users, I recommend you download a *free* program called "Proxy" from AnalogX (see below for URL). Install it, and choose what communications you want it to handle and thus have secured (ie. HTTP, FTP, etc.). At this stage, the setup is complete. We must now configure our clients (aka. wireless computers). Linux users, I recommend you try "Squid" as the proxy server. The next stop is to tunnel through sensitive communications. Windows users, I recommend that you use the *free* Putty (see below for URL). Now you want to forward the information. To do so with Putty, in the options select the "Tunnel" category (It's under the Connection --> SSH banners). In source port, put in "80" (for web traffic), write "localhost" as the destination and select the "local" box. If you're using AnalogX's proxy, write in "localhost:6588" as the destination. The destination will vary if you're using another type of proxy server. Press "Add". Repeat adding ports for what you want to secure, using the following table for reference: Protocol, Source Port, Destination =------------------------------------= Web Traffic, 80, localhost:6588 [for those using AnalogX Proxy] E-Mail (Incoming), 110, localhost:110 E-Mail (Outgoing), 25, localhost:25 FTP, 21,localhost:21 Newsgroups, 119, localhost:119 ======================= In the "Session" category, write in the internal IP address for your server. If you don't know what it is, on the server-computer go into CMD (Run --> Type in "CMD") and write "ipconfig". It will then display its IP. Once you're done, click on "Open" with Putty to connect to the server. When it asks you for credentials, enter the username/password needed to log on to Windows for that machine. All your web, mail, etc. information will now be highly encrypted. Finally, we have to tell our programs that are transferring the data to use the proxies. You will want your proxies to be specified as "localhost" (aka. 127.0.0.1). So for example, in Firefox [Multiplatform Internet Browser] you will want to go into Tools --> Options, and click the "Connection Settings". In the dialog window that appears, you will want to put in "localhost" as the HTTP proxy, and write in "80" as the port. The settings for the SSL proxy are the same as that for the HTTP. Badabing, badaboom, you're done! Now this was pretty much a one time process. Assuming you saved your SSH client (ie. Putty) configuration, the only thing you have to do next time you reboot that wireless computer of yours is to reconnect via SSH to your server. Enjoy your wireless and *secure* Internet experience! That said, this method of protection only protects against passive sniffing. If someone performed ARP poisoning on our server computer, they would be able to intercept all the non-SSH encoded traffic. The possibilities don't end with the borders of your wireless access point... Let's say that you're in a cafe with open wifi. Why jeapordize your information when you can tunnel via SSH to your server at home, and rest assured that your information is virtually impregnable. = QUESTIONS & ANSWERS = Q: Why must the server be connected via ethernet? A: If it wasn't, then despite the fact that our wireless computers would send information to it encrypted via SSH, the server-computer would itself send information with at most WEP to the router. Defeating the purpose of this exercise. = RESSOURCES = Cygwin: http://www.cygwin.com Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/ AnalogX Proxy: http://www.analogx.com/contents/download/network/proxy.htm Squid: http://www.*squid*-cache.org/ [http://www.jmcardle.com/storage/ssh.gif for a diagram of the setup.]