Media Net Link

Home Network Security

Wireless networking (or Wi-Fi) is everywhere; it's cheap, easy to setup, and convenient to use. But are you running your wireless network access point with its default factory settings? If so, you're leaving your wireless network wide open for anyone to freely use the Internet access you're paying for, for whatever purpose they wish, illegal or otherwise.

Here are some tips for tightening the security of your wireless network. Please note that following the suggestions in this article will not guarantee that your network will be completely secure. It's like the lock on the front door to your house: it doesn't keep determined individuals out, but it does stop casual passers-by from walking in and stealing your property.

So what can someone do once they've gained access to your wireless network? They can use your Internet access for free. They can also use up all of your bandwidth, making your own browsing experience much slower. They can illegally download music, send out spam messages, write anonymous or threatening e-mails, launch hacker attacks, or access any files you're sharing on your own network.

The easiest things you can do to lock down your wireless network are to setup an access list and turn on encryption.

Making an Access Control List
Every computer on a network has a unique identification code called a Media Access Control, or MAC, address. You can configure your wireless network access point to only allow computers that you've approved to gain access to your wireless network. To do this, turn on MAC address filtering and add your computer's MAC address to the access control list. For example, to determine your computer's MAC address in Microsoft Windows XP:

Figure 1: Determine your computer's MAC address

Refer to your product's user manual to find out how to add your computer's MAC address to your wireless network access point.

Turning On Encryption
If you don't have encryption turned on, then any data that you transmit from your computer can be intercepted and read by anyone nearby.

Figure 3a: Without encryption

Figure 3b: With encryption

Older wireless network access points only support WEP, or Wired Equivalent Privacy, which is the original encryption scheme for Wi-Fi. Unfortunately, WEP encryption is relatively easy to break. A newer encryption method, called WPA, or Wi-Fi Protected Access, addresses some of the fundamental flaws in WEP. WPA runs in two modes: RADIUS, meant for larger organizations, and pre-shared key mode, which is more suitable for home and small office use.

If you have a choice between WPA and WEP, choose WPA. If all you have is WEP, you should still enable it; it's better than nothing.

Again, refer to your product's user manual to find out how to configure your wireless network access point's Wi-Fi security features.

Other Simple Things You Can/Should Do
A wireless network access point, by default, broadcasts its availability and identity to anyone within its operating range, which is usually up to 300 feet from the access point itself. The access point's default name, or SSID, is usually the access point vendor's company name (e.g. "LINKSYS") or literally the word "default." It's a good idea to change the SSID to something no one can guess, and to stop broadcasting it to the world. This prevents others from knowing that your wireless network even exists, and even if they suspect that a wireless network is operating somewhere nearby, they'll have a more difficult time guessing what your access point's SSID is. The only person who needs to know this information is you.

Another important, yet easy, thing to do is to change the wireless access point's default administrative password. For example, if you don't change the default SSID (e.g. "LINKSYS"), someone could scan your neighborhood, choose your access point, go to Linksys' web site and download the user's manuals, and get enough information to systematically guess the IP address and administrative account username and password. Once in, they can cause serious damage to your network and to the Internet at large.

A final idea: you can also adjust the coverage area of your wireless network access point. By moving your access point towards the center of the area you want to cover, you can prevent your wireless network from extending to places you don't want it to, like your neighbor's living room. Of course, the usefulness of this depends on how large your home is, how close your nearest neighbor is, etc. Another option is to adjust the power output of your access point. This option isn't available in all products, but if it is, it allows you to reduce your access point's coverage area to cover only the space you want it to.

Designing a More Secure Network
Adding more sophisticated security measures to your home network is beyond the scope of this article. Stay tuned for a future article on how to add more security if you also access your corporate network from home.

Richard Kitamura - Media Net Link