Can most enthusiastic users (even if they are not professionals) use well-known techniques to break through the average home router’s security?
Some basic security options are:
- strong network password with various encryption methods
- custom router access password
- WPS
- no SSID broadcast
- MAC address filtering
Are some of these compromised and what to do to make the home network more secure?
Solution:
Without arguing the semantics, yes the statement is true.
There are multiple standards for WIFI encryption including WEP, WPA and WPA2. WEP is compromised, so if you are using it, even with a strong password it can be trivially broken. I believe that WPA is a lot harder to crack though (but you may have security issues relating to WPS which bypass this), and as of October 2017, WPA2 also offers questionable security. Also, even reasonably hard passwords can be brute-forced – Moxie Marlinspike – a well known hacker offers a service to do this by for US$17 using cloud computing – although its not guaranteed.
A strong router password will do nothing to prevent someone on the WIFI side transmitting data through the router, so that is irrelevant.
A hidden network is a myth – while there are boxes to make a network not appear in a list of sites, the clients beacon the WIFI router thus its presense is trivially detected.
MAC filtering is a joke as many (most/all?) WIFI devices can be programmed/reprogrammed to clone an existing MAC address and bypass MAC filtering.
Network security is a big subject, and not something amenable to a Superuser question, but the basics are that security is built up in layers so that even if some are compromised not all are – also, any system can be penetrated given enough time, resources and knowledge, so security is actually not so much a question of "can it be hacked", but "how long will it take" to hack. WPA and a secure password protect against "Joe Average".
If you want to enhance the protection of your WIFI network you can view it as a transport layer only, and encrypt and filter everything going across that layer. This is overkill for the vast majority of people, but one way you could do this would be to set the router to only allow access to a given VPN server under your control, and require each client to authenticate across the WIFI connection across the VPN – thus even if the WIFI is compromised there are other [harder] layers to defeat. A subset of this behaviour is not uncommon in large corporate environments.
A simpler alternative to better securing a home network is to ditch WIFI altogether and require only cabled solutions. If you have things like cellphones or tablets this may not be practical though. In this case you can mitigate the risks (certainly not eliminate them) by reducing the signal strength of your router. You can also shield your home so that frequency leaks less – I’ve not done it, but strong rumour (researched) has it that even aluminum mesh (like fly screen) across the outside of your house, with good grounding can make a huge difference to the amount of signal that will escape. [ But, of-course, bye-bye cellphone coverage ]
On the protection front, another alternative may be to get your router (if it’s capable of doing it, most aren’t, but I’d imagine routers running openwrt and possibly tomato/dd-wrt can) to log all packets traversing your network and keeping an eye on it – Hell, even just monitoring for anomalies with total bytes in and out of various interfaces could give you a good degree of protection.
At the end of the day, maybe the question to ask is "What do I need to do to make it not worth a casual hackers time to penetrate my network" or "What is the real cost of having my network compromised", and going from there. There is no quick and easy answer.
Update – Oct 2017
Most clients using WPA2 – unless patched – can have their traffic exposed in plaintext using "Key Reinstallation Attacks – KRACK" – which is a weakness in the WPA2 standard. Notably, this does not give access to the network, or the PSK, only to the traffic of the targeted device.