- By Richard Meagher
- Business & Technology
Last week we talked about network security and how your system could be vulnerable. This week covers practical ways to protect your home network.
Get Smart
One thing to consider when you set-up your wireless network; as with any new set-up, the default settings will provide very minimal or short-term protection. It is not smart just to leave the default settings without changing them. Here’s how you can get smart about your wireless security.
1. Change your network default SSID – give it a name that is not easy to remember and use mixed upper and lowercase alphanumeric characters. SSID have a 32-character maximum – so use as much of it as you can. Do not use your name or something recognizable to others.
2. Disable SSID Broadcast – this is key to preventing others from finding your computer or network on their wireless devices. It won’t stop them from breaking in if they know the SSID already, but at least it won’t be visible.
3. Change default router Administration Password (usually blank or none) – this is the most important. If attackers know the password, they can control your router and all the settings, taking over your network and anything that is connected to it.
4. Change your network SSID periodically – this may be a real hassle if you have a large network with many devices, but for a small home network with one or two computers, it can deter attackers from driving around or walking in your neighborhood in the hopes of breaking in. If you think someone knows the SSID, change it!
5. Disable File and Print Sharing – this is especially advisable if you have a laptop in a public setting where you may connect to a wireless access point or hotspot. The student in the example above would have avoided the expense of buying a new color toner cartridge if the printer and network storage device wasn’t shared in Windows.
6. Enable MAC address filtering - A MAC (Media Access Control) address, is a unique identification permanently assigned to networking hardware. You can control access to your network by entering the MAC address of every device you have connected into your configuration, thereby blocking any other device from entering. Even if someone knows your SSID, if their wireless device is not on the “list”, they will be bounced.
7. Enable and use Encryption – this provides additional layer of security by assigning each device that is authorized to connect to a wireless network a key or password. The Linksys configuration has a wireless security mode option you can select.
8. Common encryption types are:
a. WEP - Wired Equivalency Privacy. This was the most common but now considered easily breakable and least recommended. All routers with encryption capability have this.
b. WPA - WiFi Protected Access. An upgrade to WEP and a more secure encryption technology. It still has some of the weaknesses of WEP. Most new routers have this and if available, strongly recommends its use over WEP. These are also referred to as Pre-Shared Key. Two options found on Linksys routers are TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.
c. 802.11i (WPA2) This is a complete ground-up improvement over WPA. It doesn’t have WEP vulnerabilities like WPA but since this is a new specification (just released last June) it may not be available on all wireless devices or it may require firmware upgrade.
An important consideration for selecting the proper encryption method is that all devices with wireless interfaces must use the same encryption method. Some devices may not have WPA encryption available so you may be limited to using WEP or no encryption even if one of them has the latest WPA encryption technology. You can either replace the hardware or upgrade its firmware (software for the hardware) to get the newer encryption technology.
We have covered a lot of ground in a few short paragraphs about wireless networking. To summarize, if you are shopping for a wireless network and hardware, don’t use price as your guideline. Get the latest and best your money can afford. You should be looking for anything that will operate in an 802.11g network and comes with WPA or WPA2 pre-shared key encryption methods. If WEP is your only option for data encryption, consider upgrading or replacing hardware that only works with WEP.
If you have a wired network at home and want to add more computers, consider setting up a wireless access point so you don’t have to run more wires, but keep the wired network for data security and maximum network performance will be more consistent and better than wireless. You can also add wireless printers and PDAs to your network which could make sharing of resources a lot easier than moving furniture and rooms around, drilling holes in floors and ceilings and finding yourself on the next episode of Divorce Court.
----
v1i19