Securing Your Wireless Network

Networks are a great convenience allowing one to share information and resources such as files, printers and internet connections. In the past in order to have a network required one to run cables and wires as well as posses some knowledge of how to configure hardware to get a setup working, steps that most couldn't do on their own without help. Over the last few years configuring a home network has become simpler and simpler for those wanting this convenience with wireless networks becoming more and more popular due to its ability to support roaming.

While wireless networks are more convenient due to ease of setup there are pitfalls that one needs to be aware of, mainly keeping them secure. Manufacturers such as Linksys and D-Link and others have made their hardware so easy to setup that it is not uncommon for the uninformed to plug their new router in get a signal and start browsing without a care in the world. Part of the problem is that those wishing to go wireless are unaware of the dangers of leaving a network unsecured, don't know how to do it or plain just don't care.

Before I get into some things one can do to keep themselves safe when going wireless let me address those who feel they have nothing an attacker would want on their computer. Picture if you will that unsecured wireless router in your home, the one that anyone can connect to if they have a notebook, PC or other device that allows them to connect. You think to yourself "I have nothing of value on my computer so I am not at risk." You're dead wrong, that user connecting to your wireless network might not be looking for info on your computer, just free internet access through which they can carry out some malicious activity. Consider someone getting free internet access through your wireless access point so they can download child-porn or hack a government network, when law enforcement traces it back to its source who will they find? You, sure you didn't do anything, but you would still have to fight and possibly prove it.

With the dangers in mind of an unsecured wireless network let's look at how to secure your network so you don't become a victim. In the following paragraphs I will provide several guidelines and tips that can (and should) be used together to secure yourself and deter an attack. Always keep in mind when you are securing a computer, network, wireless or anything else you should practice defense-in-depth which means you have several layers that need to be defeated or bypassed to get to anything of serious value.

Tip 1: Change the default SSID on your wireless router: An SSID is an ID that is broadcast out for clients to find and associate with your access point. Most manufacturers set this to be a default value with the intention that the user changes it to something else when they setup and configure their new hardware. An SSID that is left at it's default value allows an attacker to quickly an easily look up the default router password online and try it out, it's not too much of a stretch to assume if one hasn't changed the default SSID they probably haven't changed the default password.

Notice I didn't include turning off your SSID in this document which is a common tip to have suggested, well I'm here to say that this doesn't help much (if at all). An attacker can easily download a freeware utility that allows one to find and obtain information about a wireless network.

Tip 2: Use MAC filtering: Every network card whether it's wireless or wired has a unique value "burned" into it when it is manufactured (think Social Security Number and you've got the idea). Most manufacturers of wireless routers and access points allow users to enter in the MAC address of each device they wish to permit or deny access to their network. While the procedure for entering this info into a wireless router or access point will vary to find out your own MAC address use a utility like IPCONFIG in Windows to discover your MAC. Once you discover the MAC addresses of each device your own and wish to grant access put these device on a list of "Permitted" devices preventing any other MAC not on the list from access your network.

Tip 3: Encryption: Encryption on a wireless network basically means you are scrambling your traffic in such a way that it cannot be read with a special key, without encryption anyone can attach to your wireless network and read any data you happen to be sending. Most wireless devices support a standard called WEP or "Wired Equivalent Privacy" which is an older standard, newer devices also support standards called Wi-Fi Protected Access (WPA) or the newer WPA2 standard. To setup any of the standards one provides a unique string of characters or string that works as the key that the encryption is based off of; when entering this string be sure to use a string of characters that is at least 8 characters in length and includes upper and lower case letter, numbers and characters.

Note: If you have a choice between WEP and WPA/WPA2 choose the latter as it is by far more secure that WEP.

Tip 4: Change your password: Every router or access point comes with a default password set at the manufacturer, this password needs to be changed. When one fails to change the password on their new hardware they are just asking for problems as the default password is easy to discover for a router.

Let's explore how easy it is to get into a wireless network if one has not changed the default password, let me introduce you to a utility called "Netstumbler". With a utility such as Netstumbler one can discover a wireless network and easily see who the manufacturer is, at this point one can look online to see what the default password is.

Tip 5: Enable your firewall: Most manufacturers include some sort of firewall in their wireless products that offers fairly robust protection from an attacker. Should you enable the firewall in your wireless router if you have a firewall installed on your PC? Yes, remember we are looking at defense-in-depth.

If one exercises these basic tips they will have a higher than normal level of security, however it is always important to keep in mind that no system is 100% secure, what we are doing is deterring an attacker from our network.