Wireless network security doesn’t come easy. By combining the three steps from last month—change your password to access the configuration screen, change the default SSID (Service Set Identifier) or network name and position the Wireless Access Point (WAP) so that the least amount of radio waves escape or “leak”—with the six additional steps below, you can significantly improve your wireless network security.
First, configure your WAP and computers to use encryption. Encryption makes data unreadable using a key. All devices on your network should use the highest level of encryption possible, but all devices must use the same type. WEP (Wireless Encryption Protocol) is the least secure but most common wireless encryption. Hackers can capture and analyze encrypted traffic without joining the network. If sufficient packets are gathered from a WEP network, the hacker can discover the key and read information sent across it. Choose at least 128-bit (key) encryption if WEP is going to be used.
If possible, use Wi-Fi Protected Access Pre-Shared Key encryption. This encryption method was specifically developed for home users. Instead of a password, it uses a pass-phrase of eight to 63 characters; a minimum of 21 characters is recommended. The exact pass-phrase configured on the WAP will also be configured on the computers upon joining the network. Although hackers can still gather and analyze these packets, networks using a long pass-phrase are unlikely to discover the key.
Second, on the WAP configuration pages, disable DHCP (Dynamic Host Configuration Protocol) and register static, private addresses. Assign one static address to each computer that will access the network. Devices on most networks are identified by IP addresses and have to have an address in order to send and receive data. DHCP automates assignment, but manually configuring the WAP to expect only certain addresses and then configuring those addresses on the computers is more secure.
Third, connect the computers to the WAP via wireless and then turn on SSID broadcasting on the WAP. Broadcasting is used for discovering the network and roaming. After connecting to the network, you will not require broadcasting and disabling it decreases the amount of “network advertising” to hackers.
Fourth, all network interfaces, including those on computers, have a MAC address; these unique addresses are ‘burned’ into the device. Register each MAC address with the WAP and then enable MAC filtering. This configures the WAP to compare the MAC address of each device attempting to join your network with the registered list.
Fifth, disable the computer setting that will connect the computer to a wireless network automatically. Unfortunately, hackers may advertise rogue networks in order to observe traffic when a computer connects or joins their network. Disabling this feature will make the computers more secure, as they won’t connect to a rogue network without permission.
Finally, enable the firewall on the WAP and install a personal firewall on each computer. Firewalls examine information attempting to enter and/or leave the devices on the network and can be configured to forbid traffic that may be dangerous.
Perfectly secure networks, especially wireless ones, do not exist. Each step provides another layer of security or another “hoop” for a hacker to jump through. Using these nine steps will increase your security, making you a less attractive target for hackers. TPW