Tuesday, August 12, 2008

6 Steps to Secure Your Home Wireless Network

6 Steps to Secure Your Home Wireless Network

Filed Under: Security Tags: ,

Wireless RouterMost
of you might have enabled wireless encryption, which is only one of the
6 steps mentioned in this article to make your wireless network safe
and secure from hackers. The screenshots mentioned below are from
Linksys wireless router. But, you’ll find similar options for all the 6
steps mentioned below in wireless routers from any other vendors.

1. Enable Encryption

Let us start with the basics. Most of the wireless router has the
encryption disabled by default. Make sure to enable either WPA or WPA2
wireless encryption. Click on Wireless -> Wireless Security , to
enable the encryption and assign a password as shown in Fig-1.
Following are the different wireless encryption options available.

  • WEP (Wired Equivalent Protection) 64-bit and 128-bit: WEP is an old wireless encryption standard. Never use WEP encryption, which can be hacked within seconds.
  • WPA (Wi-Fi Protected Access): WPA-PSK is also
    refered as WPA-Personal. This is a new version of wireless encryption
    standard and more secure than WEP. Most of the wireless adapters on
    your laptop will support WPA.
  • WPA2: This is the latest wireless encryption
    standard that provides the best encryption. Always use WPA2, if both
    your wireless router and laptop wireless adapter supports it.

Enable Encryption

Fig-1 Enable Wireless Encryption

2. Change the SSID name

SSID (Service Set Identifier) refers to the name of
your wireless connection, that you see on the “Available Wireless
Connections” list from your laptop while connecting. Changing the
wireless name itself doesn’t offer any protection, but usually
discourages a hacker, as they know that you’ve taken some steps to
secure your wireless connection. Click on Wireless -> Basic wireless settings -> Change the “Wireless Network Name (SSID):”, as shown in the Fig-2.

3. Disable SSID broadcast

You can avoid your wireless name from getting displayed on
“Available Wireless Connections” on all your neighbors laptop. This can
be done by instructing the wireless router not to broadcast the name to
everybody. Once you’ve disabled the SSID broadcast, the first time when
someone wants to connect to your wireless network, you need to provide
the name to them. Click on Wireless -> Basic wireless settings -> Click on the Disable radio-button next to “Wireless SSID Broadcast”, as shown in Fig-2.

Disable SSID Broadcast

Fig-2: Change SSID Name and Disable Broadcast

4. Enable MAC filtering

Even after you have performed the above item#1 - #3, a very
determined hacker may still get access to your network. The next
security step is to allow wireless access only to your trusted laptops,
by allowing wireless connection only to known MAC address. MAC (Media Access Control) address
is an unique identifier attached to most network adapters. In this
case, this should be the unique identifier of your laptop wireless
adapter. On Linux, do ifconfig from the command prompt to get wireless hardware address. On windows, do ipconfig /all from the command prompt to identify the MAC address as shown below.

C:>ipconfig /all<br />Ethernet adapter Wireless Network Connection:<br />Connection-specific DNS Suffix  . : socal.rr.com<br />Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card<br />Physical Address. . . . . . . . . : <strong>00:1A:92:2B:70:B6</strong>

Click on Wireless -> Wireless MAC filter -> Click on
Enable radio-button next to “Wireless MAC filter” -> Click on
“Permit only PCs listed to access the wireless network” radio-button
, as shown in Fig-3.

Enable MAC Filter

Fig-3 Enable Wireless MAC Filter

Click on Edit MAC filter list and add the MAC
address of your laptop to this list. If you want to allow access to
more than one laptop, add the MAC address of all the laptops to this
list as shown in Fig-4 and click on “Save Settings”.

Add MAC Address List

Fig-4 Add MAC Address to the list

5. Change password for Web Access

The default password for wireless web access are the same for the
specific model of a wireless router assigned by the manufacturer.
Change the default password of the wireless router web access to a
strong password. Click on Administration -> Management, to change the password as shown in Fig-5 below.

Disable Wireless Web Access

Fig-5 Change password and disable wireless web access

6. Disable administrative access through web

As a final step, make sure to disable web administrative access
through wireless. Once you do this, to make any configuration changes
to the wireless router, you can always use ethernet cable connection
from your laptop to configure the wireless. Click on Administration -> Management -> Disable radio-button next to “Wireless Access Web”, as shown in Fig-5 above.