McAfee Wi-FiScan Reference

McAfee Wi-FiScan Reference

Information on Wireless Security:

 

General Security Instructions

Wireless networks are extremely convenient, but have the drawback that they can give open access to your private data to everyone in receiving range of the wireless signal.

Computers with wireless adapters are not the only vulnerability – your wireless access point or router allows other people to enter your wired network.

Personal firewalls only protect the computer on which they are installed. Your router’s firewall only protects you against hackers on the Internet. Your wireless network needs to be protected separately.

The correct wireless security measures should protect you in the following ways:

  • They should prevent eavesdroppers from intercepting network traffic on your wireless network
  • They should prevent malicious users from connecting to your network to attack you or others across the Internet
  • They should prevent you from connecting to another user’s network by accident

The best way to protect yourself today is to enable the built-in encryption in your wireless devices. This can be complicated, but is required for you to protect yourself from mischief.

When choosing the right mode of encryption, take these factors into consideration:

  • Not all devices support the newest forms of security – make sure that you choose an encryption mode that all of your wireless devices support
  • WEP is better than nothing, but has flaws that can be exploited if you don’t frequently change your key.
  • WPA-PSK is stronger – but make sure that you choose a passphrase that isn’t composed of dictionary words.
  • WPA2-PSK is even stronger – but make sure that you choose a passphrase that isn’t composed of dictionary words.
  • WPA-RADIUS security is the best, but requires a separate authentication server to work.
  • Regardless of the type of security you choose, you should change the key periodically – especially if you’ve revealed it to a temporary visitor.

For the best security available for your home network – buy McAfee Total Protection.

Beware of “cosmetic” security measures – while they may marginally enhance your security, these measures should not be used as a replacement for enabling encryption on your wireless network:

  • Disabling broadcast SSID – Disabling your broadcast SSID is touted as a method of “hiding” your network from malicious users. In actuality, it only prevents regular users from seeing your network. Using readily available wireless “sniffing” tools, a hacker can easily detect your network even if you’ve disabled the SSID.
  • MAC address filtering – MAC address filtering is supposedly a way to block all but specific network adapters from connecting to your network. Unfortunately, this technique doesn’t encrypt your data – so all of your traffic is still visible to eavesdroppers. Furthermore, a number of network adapters allow hackers with the right tools to program in any MAC address they want.
  • MAC address authentication – MAC address authentication is just a more advanced version of MAC address filtering – it suffers from the same weaknesses as filtering – it doesn’t protect against eavesdroppers or MAC address spoofers.

Back to top

No Security Enabled

McAfee Wi-FiScan has detected that you have not enabled security on your wireless network.

With no security enabled, there are no barriers for malicious users.

Wireless Networks subject you to many risks:

  • Others can eavesdrop on data you transmit over the air
  • Passwords you enter while connected to a wireless network could be stolen
  • Hackers can introduce viruses or Trojan Horses into your computers through your wireless connection
  • Hackers can commit crimes on the Internet through your Wireless Network – crimes that could be traced back to you.
  • Personal information can be stolen from your computers, leading to identity theft.
  • Freeloaders can slow down your Internet connection by stealing your bandwidth

Please consider installing McAfee Total Protection on your network.

If you are currently connected to a public network   (e.g., a wireless hotspot at a coffee shop or a hotel), make sure you have protected your wireless computer by installing a personal firewall such as McAfee Personal Firewall Plus and an up-to-date virus scanner like McAfee VirusScan.

Back to top

WEP Security Enabled

McAfee Wi-FiScan has detected that you have enabled WEP (Wired Equivalent Privacy) security on your wireless network.

WEP security provides a basic barrier to malicious users.

Because WEP security has some identified flaws, you must take special precautions to secure your WEP network:

  • Change your WEP key at least monthly – more often if you use your network frequently – hackers can gather information which reveals your WEP key over time. If you don’t change your WEP key regularly, they will be able to compromise your network.
  • If you give anyone else access to your wireless network, change your WEP key after they are gone. The WEP key you gave them stays on their computer – and could be retrieved by a hacker.
  • Use the strongest form of WEP available. WEP usually comes in 64-bit and 128-bit strengths. Follow your wireless equipment manufacturer’s instructions on how to use the strongest form of WEP supported by your equipment.
  • Avoid the passphrase mode of WEP security that some equipment provides. This mode of WEP security generates significantly weaker keys than entering your keys directly in hexadecimal code.

Back to top

WPA-PSK Security Enabled

McAfee Wi-FiScan has detected that you have enabled WPA-PSK (Wi-Fi Protected Access – Pre-Shared Key) security on your wireless network. WPA-PSK is also known as WPA-Personal or WPA-Home.

WPA-PSK provides a moderately strong barrier to malicious users.

Because WPA-PSK has some weaknesses, you should follow these guidelines to be truly secure:

  • Pick your key carefully: Don’t use words that can be found in the dictionary or common names, even if you change O’s to zeroes, and I’s to ones. Try to use a combination of nonsense sounds, digits and punctuation.
  • Make sure your key is at least 20 characters long (not including blank space).
  • If you give anyone else access to your wireless network, change your key after they are gone. The key you gave them stays on their computer – and could be retrieved by a hacker.
  • To be as safe as possible, change your key every few months.
  • Enable AES encryption if your equipment supports it. TKIP encryption does not provide as strong protection against eavesdroppers.

Back to top

WPA Security Enabled

McAfee Wi-FiScan has detected that you have enabled WPA (Wi-Fi Protected Access) security. WPA security is also known as WPA-RADIUS or WPA-Enterprise security.

WPA security provides a strong barrier to malicious users.

In order to maximize the protection you get with WPA security, you should follow these guidelines:

  • Make sure that you use secure usernames and passwords. Don’t use passwords that contain real words or names.
  • Don’t share your password with anyone
  • Enable AES encryption if your equipment supports it. TKIP encryption does not provide as strong protection against eavesdroppers.
  • Make sure that your RADIUS shared secret is not composed of dictionary words, and is not shared between many devices.

Back to top

WPA2-PSK Security Enabled

McAfee Wi-FiScan has detected that you have enabled WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key) security on your wireless network.

WPA2-PSK is stronger than WPA-PSK in providing data protection and preventing unauthorized network access for small networks.

McAfee Wireless Protection provides the strongest protection available today for home networks.

In order to maximize the protection you get with WPA2 security, you should follow these guidelines:

  • Make sure that you use a secure set-up password. Don’t use passwords that contain real words or names.
  • Don’t share your password with anyone.

Back to top

McAfee Wireless Protection™ Enabled

McAfee Wi-FiScan has detected that you have enabled McAfee Wireless Protection.

McAfee Wireless Protection provides the strongest protection available today for home networks.

In order to maximize the protection you get with McAfee Wireless Protection, you should follow these guidelines:

  • Make sure that you keep automatic key rotation enabled whenever possible.
  • Revoke access if you’ve let someone join your network but don’t want them to have access to your network indefinitely
  • Enable WPA mode if your equipment supports it.

Back to top

Adapter does not support WPA

Your wireless network adapter doesn’t support WPA (Wi-Fi Protected Access) security.

WPA security provides the highest level of security available with wireless networks.

Some manufacturers provide newer drivers with WPA support. Check on your adapter manufacturer’s website to see if you can download a newer driver.

If a WPA-compatible driver is not available for your adapter, you should consider purchasing a newer adapter with WPA support.

Back to top

File-sharing enabled

You have enabled file-sharing on your computer.

When file-sharing is enabled, unauthorized users may be able to access your files when you are connected to an unprotected wireless network.

You should take precautions to make sure you protect your files while attached to wireless networks:

  • Ideally, you should make sure you only attach to wireless networks secured with a form of encryption (WEP, WPA-PSK, WPA, or WPA2-PSK).
  • When attached to an insecure network, enable a personal firewall product, or disable file-sharing.

Back to top

Broadcast SSID disabled

You are attached to a network which has SSID broadcast disabled.

When the SSID broadcast is disabled, the network doesn’t appear in most wireless network selection mechanisms.

Because of this fact, disabling SSID broadcast is often recommended as a security measure.

Unfortunately, disabling a broadcast SSID provides a false sense of security. The most common hacker tools have no problems detecting networks with broadcast SSID disabled.

To provide real security, be sure to secure your network with some form of encryption (WEP, WPA-PSK, WPA, or WPA2-PSK).

Back to top

Adapter driver is old

Your wireless network adapter driver appears to be old.

Older adapter drivers were developed before modern security standards were available.

Older drivers also can have more interoperability issues – leading to performance and reliability problems.

Many manufacturers offer free updates to drivers through their websites. If you have any performance or reliability issues with your wireless network, or if you’d like to take advantage of the latest security standards, check with your manufacturer’s website to see if they have a driver update available.

Back to top

Wireless users in area

McAfee Wi-FiScan has detected that there may be other wireless users in the area.

While most wireless users are legitimate, you should take care to protect yourself when other wireless users are around:

  • If you use an insecure wireless network, make sure you enable a personal firewall product
  • If your own network is insecure, you should take care to protect your wireless computer – your unprotected network allows malicious users to access every computer on your network, even if those computers do not have wireless cards in them.
  • If you connect to someone else’s network accidentally or intentionally, you should be aware that they may be able to see everything you do on that network – even if wireless encryption is enabled.

Back to top

Key Rotation Disabled

McAfee Wi-FiScan has detected that while you have McAfee Wireless Protection enabled, you have suspended key rotation.

Even though McAfee Wireless Protection generates a long, strong, random key for you, suspending automatic key rotation increases your exposure to attacks from hackers.

If you have WEP mode enabled, you are more vulnerable than if you have WPA mode set.

To maximize your security, you should keep key rotation enabled whenever possible.

Back to top

Duplicated network name

McAfee Wi-FiScan has detected that the same network name is in use by more than one wireless network in range.

The network name is used by wireless devices to determine which wireless network to connect to. If several networks with the same network name exist in the area, the wireless device may connect to any of these networks.

If you connect to someone else’s network by accident, they can easily view all of your data that passes through their network with tools that are readily available.

Back to top

Channel conflict

McAfee Wi-FiScan has detected that there are several networks on the same wireless channel as your network.

Wireless devices on the same channel can interfere with each other, causing impaired performance and reliability of the wireless network.

If you are experiencing unusually low network transfer rates or occasionally dropped connections while connected to your wireless network, try changing the channel on your wireless access point or router (Refer to your manufacturer’s manual for precise instructions on how to do so).

It is usually best to avoid channel 6, because this is the most common default channel for wireless equipment and is thus often already occupied.

Back to top

Low signal level

McAfee Wi-FiScan has detected a low signal level on your wireless connection.

When your signal level isn’t strong enough, you may experience impaired performance and reliability of your wireless network.

If you are experiencing problems with your network, here are some things you can try to improve your signal:

  • Wi-Fi signals don’t travel well through metal objects, such as furnaces, ducting, or large appliances; try to make sure that your Wi-Fi devices are not blocked from each other by such devices.
  • If your Wi-Fi signal has to pass through walls, try to make sure that it does not have to cross at a shallow angle – the longer the signal “spends” inside the wall, the weaker it gets.
  • If your wireless Access Point or Router has more than one antenna, try orienting the two antennas perpendicularly to each other (e.g., one upright and one horizontal). This can adjust the “polarization” of the signal so that it can be better received by your wireless adapter’s antenna.
  • Some manufacturers provide “high-gain” antennas that can provide a longer-range signal. An “omni-directional” antenna provides the most versatility while directional antennas can provide longer range. Consult your manufacturer’s installation instructions for details on how best to install your antenna.
  • If these measures aren’t enough, you can add a second Access Point to your network. If you configure your second Access Point with the same network name (SSID) and a different channel, your adapter will automatically find the strongest signal and connect through the appropriate Access Point.

Back to top

Low data rate

McAfee Wi-FiScan has detected that your network connection is not operating at the maximum possible speed.

Your network will automatically reduce its speed if it has a bad connection or if it detects interference.

If you are experiencing poor network performance or an unreliable wireless network connection, please consider moving your computer and your wireless Access Point or Router closer to each other, or look at the instructions for “Low signal level” for more things to try.

Back to top

802.11b network

McAfee Wi-FiScan has detected that you are connected to an 802.11b network.

802.11b was the first Wi-Fi networking standard to become widely distributed. Newer devices support more recent networking standards, such as 802.11g and not only provide higher performance, but also provide better security through updated security code.

You should consider upgrading your network to 802.11g and WPA security to get better performance and security.

Back to top

Trademarks:

WPA (Wi-Fi® Protected Access) and its derivatives are trademarks of the Wi-Fi® Alliance. (http://www.wi-fi.org)

Wi-Fi® is a registered trademark of the Wi-Fi® Alliance. (http://www.wi-fi.org)