Securing your wireless network

Use Encryption

By far the most important thing that you can do to secure your wireless network is to use encryption. Almost every wireless access point has some type of encryption mechanism built in. Most older access points offer WEP encryption, and newer access points offer a choice between WEP and WPA.

You are much better off using WPA than WEP. The WEP encryption method is flawed because if someone is able to capture enough data, it is possible to decipher WEP. Even so, it takes most home users weeks to do enough Web surfing to produce enough traffic for WEP to be compromised.

My advice would be that if your wireless hardware doesn’t support WPA, then you should upgrade to hardware that does offer WPA support. If an upgrade just isn’t in the budget, then you should go ahead and turn on WEP encryption. Sure, WEP is flawed, but flawed encryption is better than no encryption. Besides, there are enough people with insecure wireless networks that most of the time if a hacker sees that your network is encrypted with WEP, they will move on to an easier target than spending weeks trying to capture enough data to decrypt WEP.

The only other drawback to using encryption on your access point is that it can be a little complicated to set up if you aren’t the technical type. If you can’t figure out how to set up wireless encryption, then invite the neighborhood nerd over for dinner and have them enable encryption. Do what ever you have to do, but get encryption enabled.

Don’t Announce Yourself

Wi-Fi access points use a mechanism called identifier broadcasting to announce themselves. The problem with identifier broadcasting is that you already know that you have a wireless network, so there is no need in announcing it to you. The only people that the broadcast really benefits is hackers. Not all wireless access points allow you to disable identifier broadcasting, but if yours does allow you to disable it, then you should.

While you are at it, you should also change your SSID or ESSID. The SSID or ESSID is basically just a name that’s assigned to the wireless access point. The reason why it is important to change the SSID or ESSID is because you don’t want your access point to have an out of the box name. Think about it for a minute. Wireless hardware manufacturers assign the same SSID or ESSID to every access point that rolls off of the assembly line. Even if you aren’t broadcasting your access point’s identification to the world, it isn’t that hard to figure out that you have an access point in your house. If the access point isn’t broadcasting an SSID or an ESSID then the first thing that a hacker will usually try is to attach to the access point by using common default SSID or ESSID names.

It is also important that you change your access point’s default password for the same reason. You don’t want a hacker to be able to take control of your access point just because it still has the default password assigned to it. If a hacker were to take control of the access point, they could actually lock you out of your own network.

Limit Access To Your Access Point

Another thing that you can do to help secure your wireless access point is to limit which computers are allowed to use it. Every network interface card (including wireless cards) has what’s known as a Media Access Control (MAC) address associated with it. Most wireless access points contain a mechanism that you can use to tell the access point that only network cards with these specific MAC addresses are allowed to use the network.

You can determine a machine’s MAC address by opening a command prompt window on the workstation and entering the command IPCONFIG /ALL. This command is designed to display the machine’s TCP/IP configuration. However, it will list the machine’s MAC address under the Physical Address heading.

Limiting access to the access point by MAC address isn’t a perfect security mechanism. A hacker can use a protocol analyzer to determine which MAC addresses are in use on your network. They can then spoof a valid address and bypass your address filter. Even so, it is important to use address filtering. The reason is because none of the wireless security mechanisms that I’ve shown you are perfect, but all of the mechanisms that I’ve shown you provide relatively good security.