Wireless networking is easy to set up, and it's convenient, especially if you like to move around the house or office without your portable computer while staying connected. But because they use the airwaves, wireless communications are more vulnerable to interception and attack than a wired connection. Here are some tips for securing your wireless network.
1. Use encryption
Encryption is the number one security measure, but many wireless access points (WAPs) don't have encryption enabled by default. Although most WAPs support the Wired Equivalent Privacy (WEP) protocol, it's not enabled by default. WEP has a number of security flaws, and a knowledgeable hacker can crack it, but it's better than no encryption at all. Be sure to set the WEP authentication method for "shared key" rather than "open system". The latter does not encrypt the data; it only authenticates the client. Change the WEP key frequently and use 128-bit WEP rather than 40-bit.
2. Use strong encryption
Because of WEP's weaknesses, you should use the Wi-Fi Protected Access (WPA) protocol instead of WEP if possible. To use WPA, your WAP must support it (you may be able to add support to an older WAP with a firmware upgrade); your wireless network access cards (NICs) must support it (again, a firmware update may be necessary); and your wireless client software must support it. Windows XP Service Pack 2 installs the WPA client. SP1 machines can be updated to support WPA by installing the Windows WPA client with the Wireless Update Rollup Package — see this page for more details. Another encryption option is to use IPsec, if your wireless router supports it.
3. Change the default administrative password
Most manufacturers use the same default administrative password for all their wireless access points (or at least, all those of a particular model). Those default passwords are common knowledge among hackers, who can use them to change your WAP settings. The first thing you should do when you set up a WAP is change the default password to a strong password (eight characters or more in length, using a combination of alpha and numeric characters, not using words that are in the dictionary).
For the next seven tips, click here...
Talkback
Another option that people should consider is to provide an additional open unencrypted free access to the internet. Restrict the access to LAN resources by providing an additional authentication step. If necessary, restrict the bandwith allocated to the free access so as not to degrade the other users access.
Someone who is trying to access "your network" is probably simply trying to get an internet connection. So simply make it easy for them to get one. Most likely they will then be happy and not spend days trying to break through your security... at which point they would have full access to all your sensitive information.
Providing an additional unsecured Wi-Fi access to the internet might stop casual intruders. Maybe a corporation with a huge amount of bandwidth could spare a little to support such an approach but what of the small business or home user? Do you really have bandwidth to spare? Do you trust strangers to share your connection? In an age of cyberterrorism, internet fraud, spam and paedophilia do you really want to allow others to use your bandwidth for their unapproved and possibly nefarious activities? I don't... I certainly don't want the police turning up on my doorstep having determined my WAN IP address is linked to crimes. I don't want to explain 'it wasn't me' as someone dismantles my PC. I enjoy the benefits of wireless access but I want the exclusivity of Ethernet. It's my bandwidth, mine all mine.
Hi,
I regard myself as tolerably PC literate and act as the PC 'help desk' for my village. In your opening line you state state 'wireless networking is easy to set up'. I agree. However, I suggest you should have then said setting up wireless security is a nightmare and takes us back to the worst days of poor instructions and indecipherable geeky words. There is no common methodology for setting up security. If you get it wrong it can be incredibly difficult to go back and start again because you cannot get the laptop to talk to the router to make the changes. OK, I hear you say connect via an ethernet/USB cable, Where does it tell you to do this - usually by thought transfer or similar.
My advice to most people is enable wirelss securituy at your peril. It might work for a while then you go out log on to somewhere else and guess what, you get home and you cannot log on no matter what you do unless you remove all security and start again.
I would plead for a real campaign to make the wireless router companies write user 'wizards' which hide all the geeky stuff and make it simple to set up. Llike you I do believe it is necessary to enable security. However, for the moment in our quiet rural village its open house for wirelss users.
Simon
scwyatt@tiscali.co.uk
I agree with 'Anonymous iTV Consultant' completely. I have a wireless network at home with 3 devices on it, which was an absolute doddle to set-up.
Then came the security configuration and despite being very PC literate I couldn't even begin to configure the security because whatever I tried effectively 'broke' the wireless connection.
I PM website production and if a site is unusable by Joe Public you can bet that it's a resounding failure, so I'd very much like someone to tell me why PC software companies get away with building unusable rubbish that seems designed specifically to leave security holes through the average user not being able to configure it.