There are several security
measures you can institute on your wireless router to that will help to protect
your network. Note that the following measures will require configuring your
router through its built-in interface, so if you have not done this before, make
sure you have the documentation handy, as there are too many varieties for us to
practically detail the procedures for each device.
1. Change the
default settings
This should actually be the
first thing you do with your router. Every manufacturer ships their devices with
a default username and password and a default SSID (System Set Identifier, used
to identify the wireless network). These values are well known, and could easily
be used to compromise your network. Change the username, password and SSID to
whatever value you please, but don't leave them at their default
settings.
On a side note, it is never a smart idea to name
your wireless access point with a business name, or address. For example, both
"Intel Internal" and "2200 Mission Blvd" are both
very bad choices for a WAP SSID as it reveals to much about whose network may be
behind the security measures (if there are any applied)... It's best to choose a
non-identifiable name like "Lexicon" or "River."
2. Enable WEP
WEP or Wireless Encryption Protocol works by establishing a shared
64-bit or 128-bit key between the clients and the access-point, then using the
key to encrypt and de-encrypt the data passing between them. This offers adequate security
for a home network, where your primary concern is that your neighbors are
not freeloading on your downloading.
To
configure WEP, you must enable it on the router using the management console
and on each wireless adaptor (using the management software that came with the
card.), and designate a preshared key for the network, which must be entered identically
on each system. This key is used to negotiate the encryption between the
wireless clients and the router.
WEP encryption can be broken easily by someone
with enough time and the correct software, but the mere act of enabling should
still deter casual eavesdroppers so it is recommended that you enable it. For
business environments, WEP should be looked on as a starting point for security
only, since it is not adequate as a total security measure by itself. Consult
the documentation for your wireless devices to find out how to enable and
configure WEP on your network. Alternatively, business or enterprise networks
should seriously consider moving their WLANs to WPA capable networking
hardware as soon as possible, as this encryption standard is much more
secure.
Most Wireless Access Points give you the option of
choosing 64-bit WEP, or 128-bit WEP. Enabling WEP will slow down
802.11b data transmissions from 11MB/s to a degree, and enabling
128-bit WEP will further that on somewhat. For the home environment, 64-bit WEP
is generally considered sufficient.
3. Mac Filtering
A MAC address (also known as a physical
address) is a unique hardware identifier assigned to every network device. MAC address filtering
involves manually entering a list of the addresses found in your local network
(you can easily find the MAC addresses of your network adaptors by going
to the command prompt on each system and typing 'ipconfig /all') and configuring the router
to allow only these specific addresses to connect via the wireless
network.
MAC address filtering
is a good basic method of securing your wireless network. Its drawbacks are that
it requires some initial manual configuration to obtain and enter the MAC addresses,
and it can be defeated by using a network traffic capture program in
conjunction with a wireless card. This is done by reading an 'allowed' MAC address from
a captured packet, then using this address on a new network
adaptor. It's unlikely
that anyone would bother to do this to get into your home network, like WEP.
Both methods are fallible, but vastly increase the difficulty for potential
intruders.
RSS Newsletter
