There was once a time when wireless networks were a rare thing. Only the uber-geeks own them and the idea of a high speed internet provider installing them into homes was unheard of. This is not the case today. These days, everyone has a wireless network of some kind in their house. Cable companies and DSL providers install them into customers’ houses on a daily basis. Most of these installs are being done with security implemented but a lot of people either uninstall the security settings or leave them at the very basic levels. Most of the time they are only interested in what makes their life easier. This can be very dangerous.
For this week’s technology article, we are going to look at securing a wireless network. We are going to look at various ways to do this. We will go over some easy ways to secure it as well as some of the more difficult methods. So lets get into the why.
Why would you want to secure your wireless network? Well quite simply if your wireless network is open to the public a number of things can happen. First and foremost, an open network allows anyone with in range of your house can utilize the open network to access the internet. Anything they do can be eventually traced back to you and proving that someone else was on your wireless network is incredibly difficult to accomplish.
Imagine if you will that you have an open network and a person sits down the street from your house, just inside the range of your wireless router. They start pirating music, movies, and maybe even child pornography. Since, to the outside world and your internet providers logs the traffic is all going to and from your house, you are instantly suspect number one if someone wishes to come after to person downloading the questionable content. The child pornography example is a little extreme but it really puts things into perspective when you realize what someone could be doing over your network without your permission.
Secondly, a person doing stuff on your wireless network is utilizing your bandwidth. Which means that they are slowing down your internet connection. Sorry, but I do not like paying for other people to use my internet connection without my permission.
And last but not least, if someone is on your network they have access to anything open on that network. Any computer, file shares, or traffic is open to that user. If that person has the correct tools, they can hack into your computers, crack your passwords, or even read your documents. This is as I like to say, a bad thing.
With the “why” out of the way, lets start with some basics, not all routers are wireless capable. If your router has antenna connected to it, then it most like has wireless. On most wireless routers there is a tab, menu option, or button of some sort that says “Wireless” on it. Normally all the wireless settings can be found under this option. The various options can all be on one page or they can be under sub headings of some kind. It would take too long to go over every option on every possible router, but most settings are named the same across brands and settings pages. If you can not find where to set the wireless settings on your router, please consult the documentation that came with your router.
The simplest way to secure your wireless network is to make invisible and the easiest way to achieve that is to turn of the SSID broadcast option. The SSID is the name of the wireless side of your router. It is what is used to connected a wireless computer to the router for network use. When wireless computers try to connect to wireless networks they search for SSIDs that are being broadcast over the air. When it finds a list of them it asks you to pick the one you want to connect to. If your SSID is not broadcasting, a computer scanning for open networks is not going to see it and thus a person will not be able to connect to it.
This means that are when setting up a new computer on the network all that you need to type in is the SSID of your wireless router and you will be on the internet.
Though it pains me to say, this method is not 100% secure. Even though nothing is truly 100% secure, this way is open to a variation of attacks. A smart scanner will still be able to find your network with the right tools. The upside is though, that extra work they would have to do will cause them to move onto other easier targets.
WEP & WPA(2)
The next and second easiest method is to simply use a password. Using an encrypted password will help protect your wireless network from hackers. But standard password rules apply. Use variations on of capital letters, lower case letters, numbers, and special characters to create a secure password. The more secure the password, the harder for it to be cracked later.
But what are these 2 main passkey methods on your wireless router. Wired Equivalent Privacy (WEP) an older, outdated technology and Wi-Fi Protected Access (WPA) which is the current preferred wireless encryption method. Both methods encrypt the traffic over the wireless network as well as require the use of a passphrase (password) to even connect to the router. While WEP is the older standard, it is also easily hacked and should be avoided. The new, more secure method is WPA and if both your router and wireless network card can support it, WPA2. The technology used for WPA is far more advanced and utilizes a continually changing key to keep the network secure. There are currently two different variation of WPA (and WPA2) labeled TKIP or PSK. Either one of these modes is fine and offer quality encryption.
I am trying to stay fairly non-technical on describing exactly what these two encryption methods do. If you would like more information you can click the following links to Wikipedia for a more encumber some explanation.
To use encryption, simply find the place in your routers settings for the encryption settings. This will usually be under the main wireless settings or under a sub heading of “Encryption” or “Wireless Security” and you will be given a different set of options depending on how old your router is. If you have a fairly new router (within the last year or two), you should be able to select WPA (or even WPA2). Select this option if available, again either TKIP or PSK will do but make sure that you pick something that is compatible with the other wireless devices in your house. WPA (TKIP) should work on almost all devices including Xbox 360, Playstation 3, and even the Wii. If WPA is not an option for you, you can still go with WEP. Even though WEP is easier to crack than WPA, a person searching for an open network is probably going to just move along rather than take the time to crack your WEP key. You will also need to pick a passkey. I would pick something fairly lengthy but easy to remember. I find that song lyrics work well for this kind of thing.
Just like with hiding the SSID, these methods are not completely secure. However, utilizing them will more often then not cause someone looking for an open wireless network to move on to someone else.
Allow Certain Mac Addresses Only
The final, most secure way to lock down your wireless network is to only allow certain network cards to connect. How do you allow only certain network cards access to a network? You simply tell it which Mac Addresses are allowed. A mac address, is an unique identifier that is assigned to every network card created. Every network card has its own mac address thus allowing us to tie access to a single network card. By only allowing network cards that you know about onto your network, you instantly block out every other network card that is not on the list of allowed cards. If someone can not even connect to your network, they will not be able to do anything on it, including steal your bandwidth or hack your networked computers.
The downside to this method however, is that is not supported by every router. Most newer routers should have a feature like this. You will usually find it in the “Advanced Settings” section of your router’s configuration and it might not necessarily be under the wireless settings section. To even begin to implement this option, you will need to know the mac addresses of all the network cards on your network. The mac address of your laptop’s wireless card should be somewhere on your laptop, probably on the bottom. A mac address is a 16 character letter/number combination so look for that, it is also in HEX so you will not find any letters above “F” in the address. You can find the mac address on your windows machine by opening up a command window (Start\Run\cmd) and typing “ipconfig /all” (without the quotes) and looking for the “Physical Address” setting. Once you have complied a list of mac addresses in your house, you can start adding them to the list.
Like I said before, this is probably the most secure way to lock down your wireless network. If you want to get crazy secure, you can utilize all three methods but that might be overkill.
I honestly hope that some of my readers take this article to heart. Security is important and you really do not want other people using your network without your knowledge. If you are currently running an unsecured wireless network, please consider using some of the methods I have discussed here today. Less problems come to those that take the time to secure themselves.
[Technorati Tag: Technology]
[Technorati Tag: Security]
[Technorati Tag: Wireless]
don't forget to disable ssid broadcast…
don't forget to disable ssid broadcast…