How to secure your home Wireless network

The age of wireless computing has brought unprecedented freedom and mobility for computer systems users in a variety of circumstances. These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders lurking within range of your home or college dorm or office WLAN.

The risks

Wireless networks don’t stop at the walls of your home. In fact, wireless networks often extend more than 300 feet from your wireless router. If you live in an apartment, dorm, or condominium, you may have dozens of neighbors who can access your wireless network. If you live in a house, your neighbors and even people on the street may be able to connect to your network.

It’s one thing to let a neighbor borrow your lawn mower, but you should think twice about allowing anyone to access your home network. There are several good reasons for this. People who can connect to your wireless network might be able to:

a. Slow down your Internet performance

b. View files on your computers and spread dangerous software

c. Monitor the Web sites you visit, read your e-mail and instant messages as they travel across the network, and copy your usernames and passwords

d. Send spam or perform illegal activities with your Internet connection

By setting up security features on your wireless network, you can make it very difficult for uninvited guests to connect.

Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.

Some new terminology

The wireless world has its own language and set of acronyms. So it’s appropriate before beginning our discussion of security to define some of the terms we need to understand to be effective at securing your home wireless network.

SSID (Service Set Identifier) – This is the name of your network. All devices on the wireless network must use the same SSID to communicate with each other.

WEP (Wired Equivalent Privacy) – This protocol provides base level security standardization for all WI-FI vendors and systems.

WPA (Wi-Fi Protected Access) – A security protocol for the wireless technology industry that was developed to improve on the limitations of WEP.

TKIP (Temporal Key Integrity Protocol) – TKIP is a more secure version of WEP which is required to utilize WPA for network security. TKIP encryption is stronger and more resilient than the WEP algorithm.

MAC (Media Access Control) – The MAC address is a 12 digit hexadecimal number that is associated with the network adapter directly. Also known as the hardware or physical address of the adapter.

Step 1: Change the default passwords

When you get a wireless router, the first thing you should do is read the manual on how to login into your router. To login to your router, open up your browser and type in http://192.168.0.1 or http://192.168.1.1 or http://10.0.0.2. The login address is different for each router, so again, consult your manual. Also, while in some cases, the default username is ‘admin’ and password is either blank as in nothing or ‘admin’, your manual should be able to supply you with the username and password. First thing you should do is change the password for the admin account. Make sure you do this first as the first thing that hackers do is to check if they can get in by using the default password. Default passwords for a lot of wireless hardware can be found on the internet, for example here.Also, if you feel the need for additional security, change the username for something other than admin or administrator. NOTE: Usually most routers come with a default admin and a default user account. Make sure you change the password for the default user account too.

Tip

Tip: As a quick reference, this table shows the default addresses, user names, and passwords for some common router manufacturers.

RouterAddressUsernamePassword

Step 2: Rename your network ID

Rename your network(the SSID option, which stands for Service Set Identifier) to something other than default like say ‘AJ Net’ or something else and also make sure to turn off SSID broadcasting. While SSID can still be discovered easily, it is still a good practice to disable its broadcast. You can find these settings usually in the Advanced section of your wireless router interface.

Step 3: Set up MAC address filtering

Every network device has a unique MAC address that looks like this: 00:0A:33:8e:4e:65. This means only network devices with MAC addresses you specify will be able to connect to your wireless network. To find out your MAC address, for windows users, open up a command prompt and type ‘ipconfig /all’. Write your MAC addresses down, and put them in your router options as MAC filtering entries. Again, while it is possible for a hacker to spoof a MAC address, this is a good practice that would give another hurdle to those who try to get into your network.

Step 4: Set up encryption

Most wireless networks are completely unprotected when you first set them up. However, in just a few minutes, you can protect your wireless network by using the same method banks use to protect your password when you log on to their Web sites: encryption. Encryption scrambles data on your wireless network so that only computers that have the encryption key can read your communications.

You have several choices for wireless encryption:
64-bit WEP (Wired Equivalent Protection). The original wireless encryption standard, it is now outdated. The main problem with it is that it can be easily “cracked.” Cracking a wireless network means defeating the encryption so that you can establish a connection without being invited.

128-bit WEP. An updated, more secure version of the original WEP. However, skilled attackers can still crack 128-bit WEP in a few hours or less, giving them access to your network.
WPA-PSK (also known as WPA-Personal). A more secure alternative to WEP, but because it is newer, it is not as widely supported. Microsoft Windows XP with Service Pack 2 supports WPA, so this type of encryption is the best choice if you plan to connect only Windows XP computers to your wireless network. However, if you have wireless devices that don’t support WPA, such as media extenders or wireless cameras, you’ll have to use WEP on your network instead. You might also see the security method called “WPA-Enterprise.” As the name suggests, this method of network encryption is designed for business use. Setup for WPA-Enterprise is more complex than for other types of encryption, and it requires special network infrastructure.

WPA2. The newest type of wireless encryption, WPA2 provides the highest level of encryption available. WPA2 encryption should be your first choice if your wireless router and all of your wireless computers and devices support it.

Even though one type of encryption may be better than another, any type will dramatically improve your network’s security by making you a more difficult target.

While WEP only provides adequate protection, it has well known weaknesses that make it relatively easy to crack the encryption and access the wireless network. Check out AskStudent’s articles here and here on how easy it is to hack a WEP key. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access) or WPA2(enterprise-grade WPA). WPA provides much better protection and is also easier to use, since your password characters aren’t limited to 0-9 and A-F as they are with WEP. WPA support is built into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware and operating systems.

Step 5: Limit IP address range

It is a good idea to limit the amount of IP addresses that your router’s DHCP server gives out to only the number of computers you have connected to it. Say, if your router’s IP address is 192.168.1.1 and you have 3 computers in your house or dorm, set up an option in DHCP lease to give out IPs starting from 192.168.1.100 to 192.168.1.102

Step 6: Disable wireless login for router administration.

Once your router is configured, there is no real need to be able to access its configuration pages wirelessly. This prevents a lot of people trying to hack your wireless network configuration wirelessly. If you still need to make changes, it is not a big deal to connect your laptop to your router using an Ethernet cable and do all the maintenance that way.