Tech Talk
November 24, 2006
Securing your wireless network

A good friend of mine who does not have Internet connectivity at home confessed a few weeks ago that whenever he wants to get on to the Internet, he goes to a hotel located near to his home, sits under a tree just outside the hotel fence, and uses his laptop to connect to the Internet by way of the hotel’s wireless network.

It is debatable if what he is doing can be considered stealing, but there is a larger issue here, that of the security of the hotel’s network.

Many homes and businesses are moving away from cables to wireless networks (WLANs) because of the freedom WLANs give in terms of where equipment can be used and the relatively inexpensive hardware needed to get started. You are no longer tied to your computer desk but can move around with your laptop once you remain within range of the wireless signal.{{more}}

But not only are you able to access the Internet and other network resources but so too can anyone else within range of your home or office WLAN. If precautions are not taken, you are placing yourself and your organization at risk of not only freeloaders wanting to access the Internet, but also persons with much more devious intentions. Using widely available tools, persons can tap into nearby wireless networks and see users’ passwords as well as other data they may wish to keep private.

Most WLAN hardware is so simple to set up that many users simply plug it in and start using the network without giving much thought to security. Nevertheless, taking a few extra minutes to configure the security features of your wireless router or access point is time well spent. Here are some of the things you can do to protect your wireless network:

1) Secure your wireless router or access point administration interface

Almost all routers and access points have an administrator password that’s needed to log into the device and modify any configuration settings. As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else.

2) Don’t broadcast your SSID

Most WLAN access points and routers automatically (and continually) broadcast the network’s name, or SSID (Service Set IDentifier). This makes setting up wireless clients extremely convenient since you can locate a WLAN without having to know what it’s called, but it will also make your WLAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by (though it will still be detectible by WLAN “sniffers”).

3) Turn on (Compatible) WPA / WEP Encryption

All Wi-Fi equipment supports some form of “encryption.” Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. 802.11’s WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren’t limited to 0-9 and A-F as they are with WEP. If however, you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it’s flaws, using WEP is still far superior to having no encryption at all.

4) Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the “physical address” or “MAC address”. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment so that the network will only allow connections from those devices. Do this, but also know that the feature is not as powerful as it may seem. Hacker software programs can fake MAC addresses easily.

5) Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of “leakage” outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.

6) Turn Off the Network During Extended Periods of Non-Use

This is the ultimate security measure. If the network is shut down, no one can break in. It might be impractical to turn off and on the devices frequently, but at least consider doing so during extended periods offline.