Monday, June 19, 2006

Securing your Wireless Network

Thanks to the good folks at "WINXP News" for this short, but interesting article on wireless networks. If you have one in your home or are thinking of installing one, you might find this of interest.
________________________________________________________

With wireless fast becoming the easiest and most economical way to set up a home network, we get lots of questions about how to make sure it's secure. Here are some tips for securing your wireless router/access point and computers with wireless adapters:
  1. Change the defaults. Wireless routers and access points come with a preset administrator password and SSID (network name). These are usually the same for all routers/WAPs of that model, so it's common knowledge to tech savvy folks. A hacker can use that info to change your WAP settings or connect to your network.
  2. Turn off SSID broadcasting. This makes your network visible to anyone in the area who has a wireless-equipped computer. Turning it off doesn't hide it from WLAN "sniffers" but it does keep casual browsers from knowing it's there.
  3. Turn on MAC address filtering. This allows only computers whose MAC addresses have been entered by the WAP administrator to connect to the network. It's not foolproof since some hackers can spoof MAC addresses, but it provides a layer of security.
  4. Assign static IP addresses to your wireless clients and turn off DHCP, so that unauthorized persons who try to connect won't automatically get an IP address.
  5. Use encryption. And use WPA (Wi-Fi Protected Access) encryption instead of WEP (Wired Equivalent Privacy). For instructions on how to configure WPA in XP, see:
    http://www.wxpnews.com/9LH8QB/060620-WPA_XP
  6. Turn the WAP off when you aren't using it. This will prevent "war drivers" from connecting to your network and using your Internet connection or accessing the computers on your network.
  7. Limit signal strength. The typical range of an 802.11b/g wireless access point is about 300 feet. If you use a high gain antenna, that can be extended considerably. Only use such an antenna if you must, and if possible use a directional antenna that will only transmit in one direction. Test the signal strength to see how far it extends outside your house and grounds and adjust the positioning of your WAP and antenna to limit it.
  8. If you're really worried about security, use 802.11a equipment instead of the more popular 802.11b and g. It transmits on a different frequency and can't be accessed with the built-in wireless adapters included in most new laptop computers. It also has a shorter distance range.

No comments: