Apr 9, 2008

How to secure your home wireless network

image If you are even one bit tech savvy, you must have one or more desktop or laptop computers at home. And if you have one more more computers at home, you might have realized the immense joy of being online without being bound by wires.

But did you know that your home wireless network is suspect to a number of security threats -- from neighbors playing peeping toms and using your wireless network to spy on the data that you download from the Internet, to piggy-banking on your airwaves and surfing net for free -- at your cost actually.

There are some very easy and straight-forward steps that you can follow to ensure that your network remains secure, and private -- for your use only. In the examples below I will use some illustrations from my Cisco Linksys WAG200G wireless router's web-based admin console, but the same options are applicable to routers manufactured by other vendors such as D-Link and NetGear.

Change the Default Name (or Network SSID)

The first and foremost step to safeguard your home wireless network is to change the default name (i.e. network SSID) of your network to something else. Each wireless router manufacturer hardcodes the default network SSID to something particular (for example, Linksys hardcode their network SSID name to linksys), making it easy for intruders to discover the esistence of your network. Choose a name that you think might be least likely to conflict with other wireless networks in your neighborhood, but make sure that the network SSID does not contain confidential information like your SSN or PAN number.


Change the Default Admin Password for Your Router

Most routers come with a factory setting for the default administration password. For example, a very typical administrative password used by several router vendors is admin or password. Anybody who has access to your wireless network and the administration password has the ability to remotely connect to your router and modify any settings on it, including, but not limited to, locking you out completely. Therefore, your network is only as secure as the strength of your administration password.


Enable MAC Address-Based Filtering

Most wireless routers manufactured by reputed vendors provide you the ability to configure their device to allow only a fixed, pre-determined list of devices to connect to the wireless network. This ability is provided on the basis of a unique series of numbers and letters assigned to each network enabled device, known as MAC (Media Address Control) address. When you enable MAC address-based filtering in your wireless router, you can supply a list of MAC addresses corresponding to each computer in your home that you would like to be allowed to connect to the wireless network. Keep in mind that this technique is not foolproof, since special software can be downloaded from the Internet and installed on a computer to fool it to assume any MAC address of the hacker's choice.


Clicking the Edit MAC Address Access List button on my Linksys WAG200G wireless router brings up another screen that lets you configure upto 20 unique MAC address that will be allowed to connect to your wireless network.


Enable Data Encyprion

Encryption protects data transmitted over a wireless network. Wi-Fi Protected Access (WPA/WPA2) and Wired Equivalency Privacy (WEP) offer different levels of security for wireless communication.

A network encrypted with WPA2/WPA is more secure than a network encrypted with WEP, because WPA2/WPA uses dynamic key encryption. To protect the information as it passes over the airwaves, you should enable the highest level of encryption supported by your network equipment.

WEP is an older encryption standard and may be the only option available on some older devices that do not support WPA.


Besides what has already been told, here are a few more best practices that will help you keep your network secure.

  • Keep wireless routers, access points, or gateways away
    from exterior walls and windows.
  • Turn wireless routers, access points, or gateways
    off when they are not being used (at night, during
  • Use strong passphrases that are at least eight characters
    in length. Combine letters and numbers to avoid using
    standard words that can be found in the dictionary.

Enjoy the freedom from wires!

No comments: