Securing Your Wireless Network

Posted on May 26, 2006 Bob Bowman

No Comment BOOKMARK

Though your new wireless network allows you to have the freedom to surf the Internet anywhere in your house, it also is good news to your neighbors. With your wireless network, your neighbor can now surf the Internet for free, at your cost. I always highlight the important of wireless security to public, and I don’t mind to re-post this topic again in this blog.

Unlike a wired network, where you need to have physical access to a network access point, wireless networks extend beyond the four walls of your house. Most wireless access points and routers provide a web-based configuration program for configuring the wireless access point. The following are some pointers for securing your wireless network:

Disable SSID Broadcast

By default, most wireless access points will broadcast the SSID to all wireless devices. Anyone with a wireless network card can detect the SSID you use and gain access to your network. This brings us to the next point.

Change the Default SSID

Most people don’t even bother to change the default SSID provided by a wireless access point. If your neighbor knows that you are using a Linksys wireless access point (by scanning your access point), they could easily try the default SSID. Change it to something less obvious. Note that with some patience and the right tools, discovering an SSID is not difficult. However, changing the default SSID is one step forward in securing your wireless network.

Use MAC Address Filtering

If you have a small number of computers in your wireless network, you can use MAC address filtering. With MAC address filtering, you find the MAC address of your network card and manually enter this number into your wireless access point. Only MAC addresses that have been registered with the wireless access point are able to gain access to your network. You can usually locate the MAC address of your network card on the device itself

Change the username and password for the access point’s web interface

It is too easy for people to find the default username and password used in wireless access points by consulting a user manual, manufacturer’s web site, public forum, tech website, etc.

Turn off DHCP

If the number of users on the network is small, it is good to turn off DHCP (use static IP addresses instead). Turning off DHCP prevents uninvited users from getting an automatic IP address when they connect to your wireless network. You could instead use static DHCP assignments, where you map an IP address to a specific MAC address. This eliminates the need to do client configuration (giving you all the benefits of the static IP address with configuration centralized on the access point).

Refrain from using the default IP subnet

Most wireless routers use the default 192.168.1.0 network. It is easy for people to guess the IP addresses used and illegally gain access to the network. Also, refrain from using the 192.168.0.0 network address range, since Windows uses this for the private networks it creates with Internet Connection Sharing (ICS).

Use WEP for encryption of packets

If you are concerned about the confidentiality of information transmitted by your wireless network, you may wish to enable WEP encryption. Though WEP has been proven to be nonsecure, it still acts as a deterrent against packet sniffing. This is the minumum ecryption you should use, It’s better than nothing.