Securing your Home Wireless Network : A simple security guide
A few years ago, home wireless access points were almost non-existent. Most people only had normal, wired broadband routers, so they didn't really have to care about getting their internet connection hijacked by malicious wardrivers (villains wandering the streets in search of an unsecured wireless signal). This is entirely another story in 2006. I'm living in a suburb, and 4 of my neighbors emit wireless signals, 2 of them which are completely unsecured. Just imagine how many of them you could pick up if you are living in a big city. People think that wireless connectivity is a dream come true, but most of them ignore the downside of the technology. The problem is that most AP come preconfigured with their security features turned off. A couple of steps have to be taken if you want to enable them. This simple security guide will show you how you can do it.
When we're talking about security, the more is the better. We'll be enabling as many security features as possible on that AP. We want to install the maximum number of locks in front of that attacker, so that if he tries to get in, he'll have to punch through all the doors before getting in. That is what we call the Layered security principle in the industry.
-Change the default administrator password.
Most routers or APs requires a default password to get in. Be sure to change it to something else, and it better not be your dog's name. Be warned that most APs default passwords are well known by villains, and can be easily found on the internet. Just try searching google for "linksys router default password", you'll see what I mean.
-Turn off remote management features
Some routers can give you the ability to administer them via a wireless connection. Turn that off! You do not your neighbors to be able to get in your AP's management console do you? The only downside to this is that you will have to have at least 1 wired computer in your environment.
First of all, what the heck is an SSID? The SSID (Service Set Identifier) is a sequence of up to 32 letters or numbers that represent the ID of your wireless network. the SSID is broadcasted from your AP to all wireless devices within range to let them know that he's available and ready to receive connections. If you shut off SSID broadcasting, the clients will have to know about the ID of the network if they want to be able to connect to it. Here is my opinion on SSID broadcasting, read it before proceeding with the rest of the article.
-Enable MAC filtering
As you probably know, computers can be identified by many kinds of addresses. One of them, the MAC address, which is a unique ID tagged to your network card, can be specified in a list on the AP to prevent people that aren't on there from connecting to the network. MAC addresses can be spoofed, so this measure is not a guarantee of security, but it adds another door to your layered security architecture. To get your MAC address, just click on start->run, and type cmd
-Turn on WEP, WPA, or WPA2 encryption
Depending on the age of your router, these encryption methods may or may not be all available to you. The weakest one, WEP, has been largely criticized recently about its easy to crack security. If WEP is the only method available to you, I would consider replacing your AP for a more recent model. You can get a brand new Linksys WRT54G at Amazonfor less then $50. That shouldn't break your budget! Sometimes, a firmware update can also add the missing functionalities. Please consult your manufacturer's website to verify if any upgrades are available.
For encryption to work, you will first need to enable it on the client's wireless NIC and on the AP. After this, a shared key (a password) must be specified on both sides. The key must be identical if you want your devices to communicate.
-Disable DHCP and assign your IP addresses manually.
DHCP (Dynamic Host Configuration Protocol) is a service that distributes IP addresses automatically to clients who request them. The problem with DHCP is that it will provide IP addresses to anyone who asks for them, even evildoers. While making your network easier to administer, it's also helping out the bad guys. If you have a small network, providing static IPs to your computers is an easy and quick job. Consult this link for instructions.
So, are you up to the work of securing your network now? You could be the next target of those wardrivers. Never think that these things always happen to others, who knows, someone might already be using YOUR network.
This work is licensed under a Creative Commons Attribution-NoDerivs 2.5 License.
If you liked this article, you might also consider checking some of our other ones: