Blogs >> Technology >>
How to secure a Wireless Lan
Are you worried about the recent news reports that terrorists have been using open and unsecured wireless networks? Here are some tips to help you secure your home or office Wi-Fi network from intruders, hackers and terrorists. Most wireless routers have weak default security settings which need to be changed in order to protect yourself fully. But if you know how many computers are supposed to be on your Wi-Fi network, it’s easy to lock things down so no one else can get in.
Let’s begin with a few basic but important settings that need to be configured in your wireless router. To log in to the router and configure it, use any Web browser and enter the IP address of the router in the address bar. The default IP address, username and password should be mentioned in the router’s user manual. The exact names and locations of each setting mentioned below might differ between brands and models, but the concepts are the same. Browse through all the features of the router and learn about how they affect your security.
Step 1: Change the default password
Each router has a default username and password, and you should change these the moment you start configuring yours. If the router’s password is either unchanged common or weak, a stranger might be able to reconfigure the router and wipe out all your other security measures, making them useless. Default passwords such as “admin” are the easiest to crack, so try to use a good mix of numbers and characters to be on the safe side.
Step: 2: Change the default IP address
Most routers have a common IP (Internet Protocol) address which is set to 192.168.1.1, which is known to hackers. This should be changed to a random, uncommon IP address. You’ll need to stay within the series, such as 192.168.xxx.xxx, but the last value can be changed to anything you like.
Step 3: Disable the DHCP service
DHCP (Dynamic Host Configuration Protocol) enables remote computers connected to the router to obtain an IP address and join the network without needing to know the IP and router address information. This is a simple and effective way of keeping intruders away. As far as possible, set up the computers on your network with static IP addresses. If you still want to use DHCP to make your own configuration easier, restrict the number of DHCP IP users to the number of computers on your network. For example, if you have five laptops running on the network, limit the DHCP IP addresses to 5 from the default 50.
Step 4: Restrict the network mode
If your computers use Wi-Fi N or B/G, restrict the network mode to only that Wi-Fi flavor to prevent unwanted computers from being able to join your network. This isn’t 100 percent effective, but can help deter casual Wi-Fi snoopers, especially if you use the newer N standard.
Step 5: Change the default SSID
The SSID is the name of your network. It often reveals the name of a house or office from where signal is coming, allowing hackers to zero in on your location. Change the SSID to some random name, or disable SSID broadcast entirely if possible. Disabling the SSID broadcast makes your Wi-Fi router invisible to laptops and cellphones in the area which automatically scan for Wi-Fi hotspots and try to join them. If hackers can’t be sure that your network even exists, they will not bother trying to break in. It is actually just common sense and shows that prevention is better than cure.
Step 6: Opt for WPA2 or PSK security over WEP
WEP (Wired Equivalent Privacy) keys can be cracked with relative ease, so opt for WPA (Wi-Fi Protected Access), which uses 64-bit or 128-bit encryption. PSKs are Pre-Shared Keys, which provide stronger security than WEP or WPA. The encrypted keys are shared by the router and your Wi-Fi devices. The higher the encryption bit rate, the more difficult it is to crack.
Step 7: Enable the MAC Filter
Enable MAC (Media Access Control) address filtering to restrict or authenticate a particular computer on the network. A MAC address is a unique physical address assigned to every piece of network equipment, which the router can use to authenticate it. If an unauthorized computer tries to join the network, it will simply be rejected. This is one of the simplest ways to prevent strangers from using and abusing your network.
Step 8: Use the router’s firewall
Enable the firewall feature if your router has one. Usually, routers use SPI (Stateful Packet Inspection) which reviews the packets of data entering your network. If your router has an Internet Filter, enable it too. This rejects anonymous Internet requests and keeps your network from being “pinged”, or detected by other users over the Internet. To secure your computer against other users already on the network, use a desktop firewall such as the free Comodo Firewall.
Step 9: Use Internet Access Policies
This feature allows you to set parameters for each computer accessing the network. You can allow or block certain computers from using the network on a specific day or time, or even block specific websites, keywords, applications and ports.
Step 10: Disable remote administration
Remote management features can be helpful and convenient if you are constantly on the move, but can also be a window for hackers. Enable this feature only when you are actually travelling and really need it.
Step 11: Switch off the router when not in use
Keep the router switched off if you are not going to use it for long periods, such as at night, when travelling or on holiday, etc.
Step 12: Disconnect the Internet when not needed
If you only need Wi-Fi for home or office networking and do not need to use the Internet at all times, you could simply unplug the ISP’s cable from your router or switch off your ADSL/cable modem.
Step 13: Position your router carefully
As far as possible, position the router in the center of your room or office. The Wi-Fi signal emanates in a sphere with the router at its center, potentially making it accessible from your neighbors’ houses or even the street outside. If your router allows you to reduce its signal strength, keep it at a level sufficient for your usage area. You never know how many people are actually able to detect and use your network. Keeping the router at a height increases the area of broadcast, so keep that in mind.
Step 14: Update the router firmware
Keep an eye on the manufacturer’s website for recent changes and developments of the routers firmware and its updates. New security features might become available. Make sure you know how to perform this procedure before attempting it though!
Step 15: Scan for signal leaks from time to time
Scan the area just outside your home or office for signal leaks from time to time. You can use a dedicated Wi-Fi sniffer or any laptop, PDA or cellphone which has Wi-Fi built in. If you can detect your own wireless network from the outside, anyone else will be able to as well.
Wi-Fi frees you from wires and lets you work conveniently and comfortably, but a wired network is a safer option. Now that you have all the information you need, you won’t have to worry about criminals or mischief makers abusing your network.
|