How to Secure your Wireless Network
A friend of mine moved to a new house and had to change his internet provider as well. The room with the computer and the one with the phone line were not close to each other and he decided to buy a wireless lan router and use it to connect to the internet instead of using a cable connection.
We had to do a scan of the surroundings of course and discovered many insecure wireless lan networks. I don't know why people keep these insecure, maybe its laziness, maybe they simply don't know the risks involved. Its like leaving your doors open when you leave your house. Lots of things can happen.
Others could use your internet connection to surf the web, to spam, download copyrighted files or hack other servers, and do even worse stuff. All using your connection. Guess on whose door the police will be knocking ?
Router / Access Point
This is your main configuration unit. If someone gets access to it they will be able to change lots of preferences like passwords, encryption and mac address. Most routers have default passwords and SSIDs which have to be changed by their owner to make the entire system more secure. Changing the SSID is not really helping in terms of security but I still prefer to do it if only for better recognition of your own router/modem.
1. Default Login
Your first task is to change the default user login to something else. Routers normally have default usernames and passwords like admin / 0000 or similar. You normally configure your wlan router using a web browser and the routers ip. Those are the username and password you enter when you want to change the configuration. The IP and user account is often displayed on the back of the router or in the manual.
Visit the manufactures website and look for updates for your router / access point. Often those updates include security updates as well, recommended to to every once in a while to be on the safe side of things.
3. Infrastructure / Ad-Hoc
With infrastructure mode enabled all devices connected to the wireless lan communicate through the access point / router while the Ad-Hoc mode allows for direct communication. Disable Ad-Hoc mode if available.
The SSID, Service Set Identifier, identifies your router. Companies use default ones like wireless or wlan which are easy to guess. Choose a more secure SSID, best is a combination of letters and numbers.
Disable the SSID Broadcasting, which transmits its name to everyone in range.Wireless stations searching for a network connection can 'discover' it automatically, not needed if you know the SSID and configure your computers the way. It does not make sense to change the name but leave broadcasting on. Note its still possible to sniff the SSID, its still send in clear text when a client associates with the router / access point.
Turn of Broadcast pings on the access point / router this makes it invisible to 802.11b analysis tools.
6. Mac Address Filtering
Every network device has in theory a unique MAC address. You can configure your access point / router the way that it only accepts connections from the mac address(es) you specify. Its possible to sniff your mac addresses and fake them, donÂ´t rely on this alone.
On windows open the command prompt and enter ipconfig /all
The Physical Address is your MAC address, make sure you selected the right device, a wlan pci card for example.
If you are not using windows go to, it explains how you find it on your operating system. [Update: the website is no longer available]
7. Remote Management
Disable if not needed.
8. WPA, WPA2 or WEP
If your access point offers WPA2 encryption use it. WPA2 uses AES encryption. If you have an older access point use WPA and as last resort use WEP. Make sure you chose passwords that are more or less immune against dictionary attacks and chose the highest available encryption option (232 ->104 -> 40)
Note that both WEP and WPA protections can be easily hacked, if your router does not support those try a firmware upgrade, and if that does not add it, get a new router. Yes, it is that important.
9. Wlan Coverage
It does not make sense most of the time to provide wlan coverage for a wider area than your own apartment. You can experiment with lowering the transmit level and the use of directional antennas to reduce the area your wlan covers.
Its a good idea to change the encryption keys and the SSID every now and then. The best protection is of course to turn your wireless network off if you donÂ´t need it.Advertisement