These days wireless networking products are so ubiquitous and inexpensive
that just about anyone can set up a WLAN in a matter of minutes with less than
$100 worth of equipment. This widespread use of wireless networks means that
there may be dozens of potential network intruders lurking within range of your
home or office WLAN.
Most WLAN hardware has gotten easy enough to set up that many users
simply plug it in and start using the network without giving much thought
to security. Nevertheless, taking a few extra minutes to
configure the security features of your wireless router or access
point is time well spent. Here are some of the things you can do to
protect your wireless network:
1) Secure your wireless router or access point administration
interface
Almost all routers and access points have
an administrator password that’s needed to log into the device
and modify any configuration settings. Most devices use a weak default
password like “password” or the manufacturer’s name, and some don’t
have a default password at all. As soon as you set up a new WLAN
router or access point, your first step should be to change the default password
to something else. You may not use this password very often, so be sure to write
it down in a safe place so you can refer to it if needed. Without it,
the only way to access the router or access point may be to reset it to
factory default settings which will wipe away any configuration changes you’ve
made.
2) Don’t broadcast your SSID
Most WLAN access points
and routers automatically (and continually) broadcast the network’s name,
or SSID (Service Set IDentifier). This makes setting up wireless clients
extremely convenient since you can locate a WLAN without having to know what
it’s called, but it will also make your WLAN visible to
any wireless systems within range of
it. Turning off SSID broadcast for your network makes
it invisible to your neighbors and passers-by (though it will still be
detectible by WLAN “sniffers”).
3)Enable WPA encryption instead of WEP
802.11’s WEP (Wired
Equivalency Privacy) encryption has well-known weaknesses that make it
relatively easy for a determined user with the right equipment to crack the
encryption and access the wireless network. A better way to protect your WLAN is
with WPA (Wi-Fi Protected Access). WPA provides much better protection
and is also easier to use, since your password characters aren’t limited
to 0-9 and A-F as they are with WEP. WPA support is built
into Windows XP (with the latest Service Pack) and virtually all
modern wireless hardware and operating systems. A more recent version,
WPA2, is found in newer hardware and provides even stronger encryption, but
you’ll probably need to download an XP patch in order to use
it.
4) Remember that WEP is better than
nothing
If you find that some of your
wireless devices only support WEP encryption (this is often the case
with non-PC devices like media players, PDAs, and DVRs), avoid the
temptation to skip encryption entirely because in spite of it’s flaws,
using WEP is still far superior to having no encryption at all. If you do use
WEP, don’t use an encryption key that’s easy to guess like a string of the
same or consecutive numbers. Also, although it can be a pain, WEP
users should change encryption keys often– preferably every
week. See this page if you
need help getting WEP to work.
5) Use MAC filtering
for access control
Unlike IP addresses, MAC
addresses are unique to specific network adapters, so by turning on
MAC filtering you can limit network access to only your systems (or those you
know about). In order to use MAC filtering you need to find (and
enter into the router or AP) the 12-character MAC address of every system
that will connect to the network, so it can be inconvenient to set up,
especially if you have a lot of wireless clients or if your
clients change a lot. MAC addresses can be “spoofed” (imitated)
by a knowledgable person, so while it’s not a guarantee of security, it
does add another hurdle for potential intruders to jump.
6) Reduce your WLAN transmitter power
You won’t find this feature
on all wireless routers and access points, but some allow
you lower the power of your WLAN transmitter and thus reduce the range
of the signal. Although it’s usually impossible to fine-tune a signal so
precisely that it won’t leak outside your home or business, with some
trial-and-error you can often limit how far outside your premises
the signal reaches, minimizing the opportunity for outsiders to access your
WLAN.
7) Disable remote administration
Most WLAN routers have the ability to be remotely administered via the
Internet. Ideally, you should use this feature only if it lets you define a
specific IP address or limited range of addresses that will be able to access
the router. Otherwise, almost anyone anywhere could potentially find and access
your router. As a rule, unless you absolutely need this capability, it’s best to
keep remote administration turned off. (It’s usually turned off
by default, but it’s always a good idea to check.)
See this page for links to more
information about Wireless Networking Security.
See this ExtremeTech article for more tips on securing your
Wireless Network.
For more help, don’t forget to try one of our PracticallyNetworked Forums.
