10 Things You Should Know About Securing Wireless Networks

Wireless networking is easy to set up, and it’s convenient, especially if you like to move around in the house or office with your notebook. But because they use the airwaves, wireless communications are more vulnerable to interception and attack than a wired connection. Here are some tips for securing your wireless network.

1. Use Encryption

Encryption is the number one security measure, but many wireless access points don’t have encryption enabled by default. Although most WAPs support the Wired Equivalent Privacy (WEP) protocol, it’s not enabled by default. WEP has a number of security flaws, and a knowledgeable hacker can crack it, but it’s better than no encryption at all. Be sure to set the WEP authentication method for shared key rather than open system. The latter does not encrypt the data; it only authenticates the client. Change the WEP key frequently and use 128-bit WEP rather than 40 bit.

2. Use Strong Encryption

Because of WEP’s weaknesses, you should use the Wi-Fi Protected Access (WPA) protocol instead of WEP if possible. To use WPA protocol, your access point, wireless network adapter and wireless client software must support it. You may need to upgrade the firmware for some older hardware, in-order to support it WPA. Also, Windows XP Service Pack 2 installs the WPA client. SP1 machines can be updated to support WPA by installing the Windows WPA client with the Wireless Update Rollup Package (read Microsoft’s Website ). Another encryption option is to use IPsec, if your wireless router supports it.

3. Change The Default Username & Password

Most manufacturers use the same default administrative username and password for all their wireless router. Those default username and passwords are common knowledge among hackers, who can use them to change your WAP settings. The first thing you should do when you set up a wireless access point is change the default username and password. Use a strong password, like eight characters or more in length, using a combination of alpha and numeric characters, not using words that are in the dictionary.

4. Turn Off SSID Broadcast

The Service Set Identifier (SSID) is the name of your wireless network. By default, most WAPs broadcast the SSID. This makes it easy for users to find the network, as it shows up on their list of available networks on their wireless client computers. If you turn off broadcasting, users will have to know the SSID to connect. Some folks will tell you that turning off SSID broadcasting is useless because a hacker can use packet sniffing software to capture the SSID even if broadcasting is turned off. That’s true, but why make it easier for them? Turning off broadcasting won’t deter a serious hacker, but it will protect from the casual piggyback (for example, a next door neighbor who notices the new network and decides to try connecting just for fun).

5. Power Off the Access Point When Not In Use

This one may seem simplistic, but few companies or individuals do it. If you have wireless users connecting only at certain times, there’s no reason to run the wireless network all the time and provide an opportunity for intruders. You can turn off the access point when it’s not in used such as at night when everyone goes home and there is no need for anyone to connect wirelessly.

6. Change The Default SSID

Manufacturers provide a default SSID, like “linksys”, “netgear” or “dlink”. The purpose of turning off SSID broadcasting was to prevent others from knowing the network name, but if you use the default name, it’s not too difficult to guess. As mentioned, hackers can use tools to sniff the SSID, so don’t change the name to something that gives them information about you or your company (such as the company name or your physical address).

7. Use MAC Address Filtering

Most WAPs will allow you to use media access control (MAC) address filtering. This means you can allows trusted computers to connect to your wireless network, based on the MAC addresses assigned to their network cards. Communications from MAC addresses that aren’t on the list will be refused.

The method isn’t foolproof, since it’s possible for hackers to capture packets transmitted over the wireless network and determine a valid MAC address of one of your users and then spoof the address. But it does make things more difficult for a would-be intruder, and that’s what security is really all about.

8. Change the Default IP Address

Most routers ship with a default IP address, something like 192.168.1.1, which is for user to access the configuration utility interface and for negotiating the LAN and WAN connections. Although changing the default IP address doesn’t provide a great amount of security since it can easily be discovered anyway, but it may deter intrusion by local users that may be casually scanning the network.

9. Control the Wireless Signal

The typical 802.11b WAP transmits up to about 300 feet. However, this range can be extended by a more sensitive antenna. By attaching a high gain external antenna to your WAP, you can get a longer reach but this may expose you to war drivers and others outside your building. A directional antenna will transmit the signal in a particular direction, instead of in a circle like the omnidirectional antenna that usually comes built into the WAP. Thus, through antenna selection you can control both the signal range and its direction to help protect from outsiders. In addition, some WAPs allow you to adjust signal strength and direction via their settings.

10. Change The Default Channel Number

Many wireless products ship with a default Wi-Fi channel of 6. Therefore, change any channel number that is different from the default channel number, for example 11. This prevents people from simply going with the default channel and avoid interference from near-by wireless network.