How To Secure Your Wireless Network

Securing wireless networks has been a headache for broadband users for years now.  I wanted to write a short blog on how the average home user or small business can secure their wireless network and keep moochers and even more malicious users at bay.

Your Not Secure Out Of The Gate

Most users think just having a router is an automatic shield after listening to various media stories praise routers for their firewall abilities.  This is not the case.  Most routers you purchase at your local electronics store (Best Buy, Wal-Mart etc.) is not secure when you first plug it in. Routers are normally pre-configured to be open wireless access points.  This means anyone within its range will be able to use your connection, no questions asked.  This is done to make setup easy and compatible with most operating systems.  The only problem is it leaves your network open to attack.

The very first thing you’ll want to is login to your router’s administration panel.  This is done by typing in a 192.168.x.x address into your browsers address bar.  The actual number varies by router manufacturer, look in your user guide or online to find the local IP address for your router.  Linksys for example is 192.168.1.1.  The manufacturer sets very easy non-secure passwords.  These are easily found online as well as in your user guide and if left unchanged will make your network exceptionally vulnerable.  You’ll want to change the password to your router right away.  Make sure it is a secure password of at least six characters and preferably with upper and lowercase letters and numbers.

Bad Advice From GeekSquad

Local sales associates at places like Best Buy are often clueless on network security and sometimes offer up misleading advice.  Here are some steps that aren’t harmful, but mostly just a waste of time because they don’t secure your network.

• Turning off your SSID broadcast. - The SSID (Service Set Identifier) is an identifier broadcast by a wireless router.  You might know this as your network name.  Most routers default SSID broadcast is the manufacturers name (linksys, netgear etc.)  Turning this off does nothing to protect your network.  With the proper software, a malicious user could easily spot your networks presence even with the SSID off.  It is a false sense of security.   Changing the network name won’t make you more secure either, though I would recommend doing it.  Just make sure you SSID isn’t identifiable making it easy for outside users to know where the network is located (i.e. last name, home address are all no no’s)
• Turning DHCP Off - This in theory is a good idea but really doesn’t make you more secure.  It is easy to detect the method in which ip addresses are being assigned and make a request matching that method.
• Filtering MAC Addresses – Filtering MAC addresses is a good practice to get into, but for most households and businesses it causes more headache than what it’s worth.  For homes with many devices on the network like game systems, multiple computers and cell phones, filtering MAC addresses simply isn’t practical.  That being said, a malicious user with easily attainable monitoring software can replicate a MAC address and still penetrate your network.  This method has some value for keeping the average user off the network but will crumble with ease against advanced computer users.

What You Should Do

The easiest thing you can do to secure your network is protect your wireless access point with encryption.  There are two different kinds of encryption you can use.  One is known as Wired Equivalent Privacy or WEP. This encryption is better than nothing but it does have a huge problem.

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software found online within minutes. — Source:  Wikipedia

WEP can be easily cracked within minutes therefore it should not be your first choice, though it is better than having no encryption at all.  It will keep your pesky neighbors with no computer skills from using your bandwidth, but even the most novice 13 year-old could brute force their way into your network.  You want something with a little more ‘umph’.

You will want to use Wifi Protected Access, otherwise known as WPA,  for your wireless encryption.  WPA was designed after flaws were discovered in WEP that led to its demise.  Recently, researchers have found a way to crack WPA-TKIP connections, though it is still tougher than cracking WEP.  Since this has happened, you’ll want to make sure your using WPA-AES encryption to remain secure.  AES stands for Advanced Encryption Standard and the encryption contains three block ciphers.  It has been adopted by the U.S. government as their standard for encrypting sensitive networks and has yet to be cracked.

WPA2 is an even newer advance in WiFi network security.  If you have an older router or a computer older than 3 years old you may have compatibility issues.  For less headaches and still secure network, stick with WPA-AES unless you have all ‘newer’ hardware.

Conclusion

The simplest thing you can do to protect your wireless network is still encrypting it.  There is no need to cause yourself more trouble by turning off DHCP or hiding the SSID identifier. It will only give you headaches and nightmares down the road.  Most need for securing your WiFi comes from nosey neighbors or passer-by’s looking to score free Internet.  They don’t want to steal your credit card info or read your e-mails bur just score free interwebs. However, there are individuals who go around looking for easy targets to steal sensitive information from.