Subscribe
Apr
8
Many have installed wireless network in their homes. The freedom from tangled cables is sweet but comes with a price. A wireless network can broadcast far outside your building. With a powerful antenna and some widely available hacking software, anyone sitting near your installation—or even driving by—can passively scan all the data flowing in your network. Keeping your wireless network secure is no small task, but there are precautions you can take to secure your network as much as possible.
The following are some steps you can take to best secure your wireless network. Here are 13 steps to lockdown your AP (access point) and make your wireless network more secure.
- Admin users and passwords - Many people don’t bother changing the default settings admin user and password. This makes your system an easy target. Change default username and passwords. Also use extremely long, random password consisting of letters, number and symbols.
- Encryption - Every computer on your network should be configured with best security in mind. Make sure that all networking devices support the latest and most secure encryption standards. Look for devices that support WPA or WPA-2 or at least use Use 128-bit WEP. 64-bit WEP is unsecure and has been exploited as far back as 2001. If you use WEP encryption, change your encryption key once a month. If someone manages to learn your key, they will be locked out again when you change it.
- Disable SSID Broadcast - Change the default Service Set Identifiers (SSIDs) for your access point. If you have to use SSID then use something less generic such as ‘linksys’. Don’t use anything obvious like your name or phone number. You’re probably better off disabling SSID broadcast all together.
- Filter MAC addresses - If there are only a handful of people that need wireless access, then Only allow authorized MAC addresses that you identify should have access to your network. MAC addresses can be spoofed, but it would take more effort for someone to try to spoof your MAC address.
- Limit IP address assignment - Limit the number of IPs that should connect to your network. If you don’t have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have.
- Upgrade/Updates - Always make sure you have latest firmware recommended by vendor. Sometimes exploits come out that target devices with older firmwares.
- Disable DHCP - The presence of DHCP is one of the major reasons why wireless networks are so insecure. Any computer that is able to communicate with your router will receive an IP address automatically, and this address will put it on the same network as all of your systems, enabling it to instantly access any unprotected resources on your network such as shares. Therefore, disable DHCP and use static IP assignment to make your network a bit more secure.
- Do Not Auto-Connect to Open Wi-Fi Networks - Don’t connect to unprotected wireless networks—it’s possible for someone to monitor your Internet usage and even record your passwords. If you do connect to an unprotected wireless network, don’t visit a Web site that requires a password unless the Web site is encrypted. To find out if it’s encrypted, look for a lock symbol in the lower-right corner of your browser.
- Enable Firewall - Modern routers contain built-in firewall capability, but the option exists to disable them. Ensure that your router’s firewall is turned on. Additionally, consider installing and running personal firewall software on each computer connected to the router for extra protection.
- Position the Router or Access Point Safely - Wi-Fi signals normally reach to the exterior of a home. A small amount of “leakage” outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
- Turn Off the Network - Shutting down the network will most certainly prevent outside hackers from breaking in. If you’re taking a long vacation or not going to be home for sometime, consider turning it off.
- Use RADIUS - Installing a RADIUS server provides another authentication method. The servers tend to be expensive, but there are open-source options, such as FreeRADIUS (www.freeradius.org), for UNIX-savvy administrators.
- Disable remote administration - Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it’s best to keep remote administration turned off.
- Don’t use it- Uhmm. I saved the best and most secure one for last. Just don’t use wireless and you’ll be safe
There are many other precautions you can take to make your wireless network and internet browsing secure. The most important thing to remember is that you’re never 100% secure but you can always stay on top of latest techniques used by hackers against wireless networking. Read our previous article Linux Wireless Network Detectors and Sniffers and put the steps you’ve implemented above into test. It would be interesting to test prior to implementing the steps above and then retest after you’ve implemented all the steps we’ve mentioned above. You’ll be amazed how much more secure your network is now.