Practically Networked Home Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

A Tale of Two Passwords

by Joe Moran

There's no two ways about it—passwords can be a pain in the... well, you know. Most people would avoid dealing with them if they could and thus engage in some bad password habits, like creating overly simplistic passwords (plus using the same password for everything) and failing to change default passwords.

On your broadband router, there are two passwords in particular, that when set improperly, can leave your network vulnerable.

Router Administration Password
This is a password that's commonly overlooked. Given that people may seldom need to access the router's settings beyond an initial configuration, many either inadvertently or intentionally leave the password at its factory default value, which is usually the manufacturer's name, "password", "1234" or sometimes even no password at all.

What's That Term?

Not sure what a particular networking term means? Check out our searchable glossary.

A router's admin password provides access to critical settings that govern both your Internet connection and personal wired and/or wireless network, and leaving it unchanged can leave you vulnerable to a specific kind of attack known as drive-by pharming.

Last year, some security researchers effectively invented and documented this kind of attack. In a nutshell, code embedded in a Web page or e-mail message is used to remotely log into a router using a known default password. (The default password for almost any brand and model of router is easily looked up online. See for yourself at, which is just one site among many.)

In drive-by pharming, once granted access to the router an attacker can then configure it to use the attacker's own DNS servers — not unlike how we configured a router to use OpenDNS a few weeks back — and from there exercise total control over which sites the user is taken to. (For a narrated animation describing how a drive-by pharming attack works, check out

What was once a theoretical risk has (perhaps inevitably) become a very real one. According to Symantec security researcher Zulfikar Ramzan—one of the researchers who originally discovered and documented the attack— drive-by pharming has now just been spotted "in the wild", which means it's actually been done in the real world as opposed to just in a computer lab. It was in Mexico, to be specific, where it was used to redirect folks using a specific router to a faux Web site posing as that of a major bank. (Read a detailed description on Ramzan's blog.)

Long story short, if you're one of those that forgot to change your router's password or didn't think you needed to, now is an excellent time to log you're your router and correct that mistake. If you don't know your router's default password offhand, you'll very likely find it on the site mentioned above.

WPA Password
Another router-based password that you'll want to take a close look at is the one you use to WPA-encrypt your wireless network. Those in the know wisely choose WPA over WEP because of the superior security it can provide, but this isn't automatic— the password you create will directly affect the level of protection you receive.

Case in point: a WPA password can be as short as 8 characters or as long as 63, but as with all passwords, there's a tendency to use the shortest and easiest to remember WPA password possible. People commonly set up WPA passwords that are dictionary words or proper names of family members or pets, because it must be typed into every device on their wireless networks.

One of the reasons WEP is so weak is because it uses a static encryption key which can eventually be decoded if you monitor the network long enough—often for just hours or minutes. WPA is better because it uses the password you specify to generate a constantly-changing series of encryption keys. But all those keys are still derived from that single WPA password (also known as the Pre-Shared Key, or PSK), so a longer and more complex password will produce keys that are stronger and harder to decode. Put another way, a lengthy WPA password made up of random characters is far preferable to something like "samandmary".

If you're using such a short-and-simple WPA key, it's highly advisable that you change it. Don't despair about having come up with a long complicated password, though, because there are Web sites that can help. You can head over to to grab an instant 52 character key, or generate a custom-length password at (The former site sends your key over an SSL-encrypted connection, while the latter generates it directly on your computer, so there's no danger of eavesdropping.)

And yes, you will have the inconvenience of entering your newly long and cumbersome key at each of your wireless computers. But you'll only have to do it once, and it's a small price to pay for better security. These days, you can't be too careful.

Joe Moran is a regular contributor to PracticallyNetworked.

For more help, don't forget to try one of our PracticallyNetworked Forums.

Add to | DiggThis Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation

Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums