A wireless home network brings many benefits – all the family can access the Internet simultaneously, you can use a laptop anywhere within the radius of the wireless network, freeing you from physical constraints, you don’t have to string Cat-5 cabling throughout your house (no holes in the wall either!) – but a wi-fi network also brings it’s own set of security problems. The following recommendations itemise the steps which should be taken to improve your wi-fi network’s security.
1. Put the access point in a central position
Wi-Fi signals radiate from the router or access point, so positioning the access device as centrally as possible achieves two objectives. Firstly it ensures that the wi-fi signal will reach all areas in your house, and secondly it will minimize the amount of signal leakage beyond your property. This is important to minimize the chance of drive-by access to your system. If your signal can be accessed by someone in the street, it may be detected and exploited by unscrupulous people, and if your network security is not sufficient, they may even be able to access your confidential information.
2. Enable an Encryption Scheme for devices on your network
All Wi-Fi equipment supports some form of encryption which makes messages sent over a wireless network less likely to be read by an external entity. Available encryption schemes vary, with WEP being the weakest (and oldest) and WPA - and now WPA2 - being stronger and better. You can’t mix and match, though, as all wi-fi devices on your network must use the same encryption scheme. WEP may be not as good as the WPA settings, but remember that it’s far better than no encryption at all.
3. Choose new default Usernames and Administrator Passwords
An Access Point or Router is the heart of a home wi-fi network. These come from the factory with default administrator usernames and passwords. Manufacturers set both the account username and password at the factory. The admin account allows a user to enter network addresses and account information. The username is often simply the word admin or administrator. The password is typically blank or consists of the words “admin”, “public” or “password”. Hackers are well aware of these defaults and if you don’t change them, there is a grave danger of leaving your network open to access by a baddie. As soon as you set up your access point or router, change the admin username and password and it’s a good idea to change them on a regular basis, say every 30 to 60 days.
4. Change the default SSID name
Manufacturers of wi-fi access points and routers normally ship their products with a default network name (the SSID). SSID stands for Service Set Identifier, which is a 32-character sequence that uniquely identifies a wireless LAN. In other words, the SSID is the name of the wireless network. In order for a wireless device to connect to a wireless network it must know the SSID of the wireless network in question. If you plug your wireless router or access point in and leave the default SSID, it won’t take long for an attacker to determine what the SSID is. As soon as you configure your access point or router, change the SSID to a unique name that will be difficult to guess.
5. Disable SSID Broadcasting
SSID broadcasting by your access point or router occurs every few seconds and is intended to allow users to find, identify and connect to wi-fi networks. If you have a wireless device, this feature allows you to discover which networks are within range, and what their names are. It’s the first step to connecting to a wi-fi network. This feature is not necessary in a home network, however, and is undesirable since it allows external entities to discover your network’s SSID. It is strongly advised that home network users disable this feature in order to improve the security of your wi-fi network.
6. Enable MAC Address filtering
The functionality known as Media Access Control (MAC) address filtering uses a computer’s physical hardware. Each computer has its own unique MAC address. MAC address filtering allows the network administrator to enter a list of MAC addresses that are allowed to communicate on the network. It also allows the network administrator to deny access to any MAC address not specifically allowed onto the network. This method is very secure, but if you buy a new computer or if visitors to your home want to use your network, you’ll need to add the new machine’s MAC address to the list of approved addresses.
7. Assign Static IP Addresses to Devices
Static IP address assignment (sometimes also called fixed addressing) is an alternative to dynamic addressing (called DHCP) on Internet Protocol networks. Dynamic Host Configuration Protocol (DHCP) is an Internet protocol for automating the configuration of computers that use TCP/IP. DHCP can be used to automatically assign IP addresses to devices connected to your wi-fi network.. Dynamic addressing is convenient. It also allows mobile computers to more easily move between different networks. Unfortunately, this can work to the advantage of hackers, who can get valid IP addresses from your network’s DHCP pool. To avoid this possibility, turn off DHCP on your access point or router and assign a fixed IP address to each device on the network.
8. Enable hardware and software Firewalls on your network
Most routers these days contain built-in hardware firewall capabilities, but it’s also recommended that each computer (PC or laptop) connected to your wi-fi network should have its own personal software firewall installed. A software firewall will protect your computer from intrusion by scanning incoming messages and blocking suspicious traffic from entering your system. It will also prevent unauthorized outgoing messages which may prevent Trojans on your system from sending your valuable information to a hacker.
9. Disable automatic connection to open Wi-Fi networks
If your wi-fi enabled device detects an open (i.e. unsecured) wi-fi network, such as a free wireless hotspot or even a neighbors unsecured network, it may connect automatically without informing you. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called “Automatically connect to non-preferred networks.” Once connected, you could be exposing your system to a security risk. Disable all automatic connections, or at least only allow connection once you have been informed and have approved the connection.
10. Shut down your network when you’re not using it
If your wi-fi network isn’t turned on, hackers can’t get to it. This is possibly the very best way to avoid security problems. Of course, if it’s turned off, you can’t use it either… However, consider turning off your wireless system during periods of non-use, such as vacations, if you are away from home on business, or any other periods when you know you won’t be using it.
By: Don Cummings
Posts Tagged ‘Access Point’
Top 10 tips for Wireless Home Security
November 18th, 2009Tips For Improving A Wireless Home Network
September 29th, 2009A basic WiFi home network can be assembled fairly quickly. However, many homeowners aren’t aware of all the options available for making their network better. The wireless network can have its capability, performance and security improved. Consider these tips for improving your wireless home network.
1. Upgrade or replace with correct hardware
In addition to the basic WiFi equipment such as the router and the wireless card, which may be upgraded with newer, faster or more compatible equipment as it comes on the market, other wireless gear such as video cameras, game adaptors and print servers are fun to consider. Do the research and get the best quality equipment for a good price.
2. Install the access point strategically
Assembly of the wireless home network can be done easily-so easily in fact that some people rush into the project only to discover that it won’t work in parts of the residence. Or, perhaps the network works just great until it crashes every time a cordless telephone or microwave is activated. So non-techies are afraid to try to fix the poor performance of the network because they might make it worse. By moving the wireless router or access point to another location, many of these common WiFi networking problems will be solved.
3. Change the channel number
Another tip for improving a wireless home network is to vary the channel used. In the United States, as well as in most other nations, WiFi equipment can send signals on a variety of channels. Wireless routers usually are shipped with a default channel and many homeowners do not realize it can be changed. If the neighbor’s router or other electronic equipment causes radio interference, try changing the WiFi channel.
4. Upgrade access point firmware
The built-in programmable software of the wireless router or access point is called the firmware. The factory installed firmware typically works for a time, but usually needs to be upgraded or replaced periodically to get improved performance, more reliability or security enhancements.
5. Improve strength and range of the access point
Sometimes the wireless signal of the WiFi router or access point is just not strong enough. This can be caused by distances or home construction features such as brick walls. In order to solve the problem the WiFi antenna on the router can be upgraded or a wireless repeater can be installed.
6. Improve strength and range of WiFi clients
The signal strength of WiFi clients can also be improved. When treating a WiFi client that has a short range in comparison to the other devises, you may want to choose this option. This same method can improve laptop computer’s ability to connect to hotspots.
7. Improve wireless network security
Many homeowners consider their wireless network a success when basic file and Internet connection sharing are functional. However, if proper security features are not in place, the work of network setup remains unfinished.
While the basic setup and equipment of the wireless network may be perfectly satisfactory to the homeowner, part of the fun of technology is the opportunity to make good better and better best.
By: Stephen Jones
