How to secure your wireless network
76Most of the wireless access points and routers these days don't come with security turned on by default. If your wireless network is not secured in some way then someone can connect to your network and use it to do anything from sending spam to downloading files over the internet. It's even possible to steal your ISP username and password if your router is set to the default settings, which can allow someone to access your email.
Every manufacturer has different methods to do the following, for more information please consult your user manual.
Change the admin password and turn off remote management
Your wireless router's default password should be changed immediately. Even with remote management disabled anyone who approaches your wireless LAN with a wireless card is "behind" your firewall, not in front of it. So, if you have a Linksys router and the password is still 'admin,' someone sitting in China can't get to it from the Internet, but they certainly can from your back yard or the room next door. And once they do that, they can edit the settings on your router and even steal your ISP username and password (on some routers). Change the password, and turn off remote management (which will only prevent people managing your router from the Internet).
Change the default SSID
Wireless access points and routers all use a network name called the SSID. Manufacturers normally ship their products with a default SSID set. For example, the SSID for Linksys devices is normally "linksys." By having a default SSID it shows the world that your network is probably not well configured and they're more likely to attack it. Change the SSID to "Jones Family Network" or something more abstract that has no meaning to anyone, but something you can remember.
It is also possible to disable SSID which makes it harder for your average computer user to connect to your network, but will not stop any hackers. There may also be some effect on wireless network performance if your SSID is hidden (see "Debunking the Myth of SSID Hiding" - icsalabs.com).
- Wireless forums
For help on how to secure your wireless network - Wikipedia: Wireless Security
In depth article on wireless security, including different wireless attacks. - Slashdot: A Look at the State of Wireless Security
A whitepaper on the state and future of wireless security.
Enable WPA encryption
If your access point or router supports it, it's a good idea to enable WPA on your network. This encrypts any data sent across your network from your laptop/PC to your access point/router. This stops wireless hackers (sometimes referred to as War Drivers) or anyone else from connecting to your network without a password.
The best setting for most people is to use the WPA Pre-Shared Key setting (wording may differ). Enter a password that is at least 10 characters long using numbers, letters and symbols. It's a good idea to write this password down somewhere, but if you lose the password then it can be reset by connecting to the router by USB or ethernet (depending on model).
Older network devices may not support WPA and may have WEP in place of it. WEP has been depreciated as it has been deemed to be insecure and does not protect as well as WPA.
MAC filtering
A MAC (Media Access Control) addressis a quasi-unique identifier attached to most network adapters (network cards, routers etc). This allows network adapters to be identified by networking equipment. By turning on MAC filtering on your router you can stop unknown people from connecting to your network.
This is not always fool proof as MAC addresses can be "spoofed" by attackers. It's also a hassle to setup as you need to add each computer to the filter list. There's also a good chance that you can lock yourself out of your own network if you enter your own MAC address incorrectly!
Reduce your WLAN transmitter power
If you're using your wireless network in a small area you probably don't need to be blasting your network into surrounding buildings and the street. On some wireless routers there is the option to lower the transmitting power used by the wireless networking device. This may be something you have to play with if you decide to use it as there's no way of knowing how which power level to set for your situation.
Enable firewalls on all computers
Treat all wireless networks as insecure, much as you would the internet. This will help stop malicious users from accessing your computer if they do manage to connect to your network.
If you are connecting to a public wireless network try to avoid using services that send your username and password in plain sight (clear text) such as FTP, POP3, SMTP and IMAP. Other uses can snoop on the network traffic and steal your passwords.
PrintShare it! — Rate it: up down flag this hub
Comments
Very useful information. I wish I'd had access to this when I tried to set up my LAN last year. It would have saved me time and money as the instructions that came with the router were confusing and I eventually had to pay to get someone to set it up for me.
I have an appointment for someone to come set my network up for me tomorrow. I am having mine encripted because of my website business. This was good timing for me, the information you gave me will help me not look too dumb to the guy who is setting it up for me.
Thanks!
Great info, how I am off to secure my network, awsome tips.
Great info! It amazes me how when we travel with our laptop, how often we run across unsecured wireless access. We don't abuse it, but I do notice it. A side note, we recently update our network and had planned to go wireless. But we found the wireless was not fast enough for us (huge amounts of data, large files), is this a common occurance?
Wireless in general is slower than when you plug your computer into a network. On your average wireless network (802.11g) the maximum speed you can get is 54Mbit/s shared with everyone else who is connected to that network (but in reality it is a lot less). When you plug into a network then you can get up to 100Mbit/s (or 1Gb/s on newer networks) which you don't have to share with anyone else.
Wireless networking speed also depends on signal strength and will drop if you are far from the access point or if there is other interference (cordless phones, operating microwaves etc).
That's a useful article for the ignorant amongst us. I have wireless for back to DSL, thanks for telling me what I should do if I need to use it.
Roy
Thanks, Noodles - Living in the boondocks and using wireless out of necessity this good info.
Great information for when I go wireless in the future, my daughter has a wireless lap top, some day I will be doing the same thing and your info was very helpful.
This is exactly the stuff I don't have a clue about, but recognize it need to be done. I am passing it on to the technical wizard in our office right now.
Jason
Good summary - I generally find it pretty easy to find an unsecured network if I need it when travelling so it was the first thing I did when I got my own set up!
Good explanation.
We have a secure encrypted wireless network. We also have jacks for workstations. We then had a client place a linksys wireless router with no security in one of the jacks and we got broken into. Any idea on how to stop this.
i'm glad you are discussing the issues around wireless technology. don't forget the issues around safety. This is the most common way that our confidential info gets lifted and identity theft occurs. Watch this incredibly informative video showing how one woman gets her identity and private information lifted ata local coffee shop by a security specialist posing as a scammer of information. He shows her (as she looks on in shocking disbelief) how vulnerable we are to having passwords and confidential infomraiton taken right out of the ether as we work unbeknowingly in public places. Even our home's wireless firewalls and security issues alll have their weak links and back doors that hackers optimize see these pages! http://netrageouz.biz/?p=610 and http://netrageouz.biz/?p=626. And thanks for allowing my post.Netrageouz says
roger one says:
2 years ago
Nice one Nick - I have home office wireless setup and I have already done all those things - glad I was on track.
Just wish I'd seen this neat summary all-in-one spot rtaher than having to trawl the entire internet for it.
Thanks for putting it together ...
roger one