The proliferation of Wireless networks has revolutionized our thinking of where we can sit with our PCs. However, I should point out that in the interests of security – NOTHING beats wired networks. The rule of thumb should be that, wherever possible you should be using a wired network, and a wireless network should be employed only under circumstances that make physical wiring or maintenance a severe limitation. A cable running around your room might upset the feng shui, but a wireless network opens bigger security holes; and you must make an informed decision about whether you need to be wireless. Granted mobile computing devices have become all the rage today, I recommend using wireless only when you need to be beyond the range of your network cable, and if you are performing activities on the net that shouldn’t be subject to prying eyes (like internet banking etc). Given that wireless security protocols, authentication and encryption are a work in progress, we do have a relatively secure working model out there, but it is by no means perfect. The following list of security settings concentrate on using good security practices for wireless networks
12. SSID Broadcast: DISABLE
SSID (Service Set Identification) is a wireless broadcast network name, akin to a porch light. It allows your (and others) to home in on your specific address and start receiving data. SSID broadcast has some demonstrated vulnerabilities, and it is an increasingly secure option to disable it.
Tip: for best results configure your router to broadcast the SSID, configure your wireless computers to authenticate themselves to the network for the first time; then disable SSID broadcast.
13. SSID Name: change from default
Most routers ship with a default SSID name, usually the highly imaginative ‘default’. Change away from it, and use something that is unique. It prevents other users on other networks from erroneously trying to connect to your network (even if they are unsuccessful you still shouldn’t have to be bothered with the incessant knocking on your router).
14. Authentication: WPA or WEP
WEP (Wired Equivalent Privacy) was the first step to establishing secure Wireless LANs (WLAN) by allowing an administrator to create a master key string and share it between the nodes that will access the WLAN. Without any sort of encryption, anyone can potential see the packets and look at the contents of the packets being exchanged across the wireless network. WEP in typical routers of today come in 2 flavors – 64bit and 128bit encryption (the greater bits represent greater encryption). However this method of encryption was later deemed rather insecure; and unauthorized decrypting proved to be quite simplistic.
WEP has now given way to WPA (Wi-Fi Protected Access) as a more robust standard for encryption, and as an improvement over WEP. WPA uses a Temporal Key Integrity Protocol (TKIP); TKIP takes a master key string as a starting point and then derives its encryption keys mathematically from the key; further changes these encryption keys regularly so that the same encryption keys are reused. While WPA typically requires a central authentication server to identify a user, for our intents and purposes WPA has a PSK (Pre-Shared Key) implementation that allows you to set a password on your router; and then share it with the users. TKIP then takes over and generates encryption keys.
Set up your router to use WPA-PSK and a strong pass phrase to go with it. If you find that your router does not have WPA as an option, look for a firmware upgrade (you might need to check for newer driver versions and WPA supplicants for your wireless NIC to get WPA-PSK to work on non Windows XP computers – windows XP ships with a WPA-PSK supplicant. It should be noted here that Windows XP Service Pack 2 has shown remarkable advances in the use of wireless networks that users will benefit from – especially in the stability of connections using WPA). If you really cannot use WPA, then WEP at 128bit encryption is a passable solution for that occasional wireless node; however at no time should you be running a wireless network that is insecure.
Conclusion
Hopefully this document will prove a starting point to understanding and securing your home network behind a router. Remember that no amount of security is absolute security; and that security is only possible with a heavy dose of common sense and savvy computer usage.
Like what you read?
If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:
