Wireless network is an ideal solution if you have a laptop that is constantly moving around the house, or if you simply wish to eliminate the miles of cabling that run all over the place. However, if not properly configured, wireless networks are very susceptible to attacks. These networks are possibly the most popular source of free Internet for... ahem. You know who they are.
The following are a few simple steps that can be taken to vastly improve the security of your wireless networks:
- Change the default login on your network devices, especially the wireless access points, router, and the modem. The remaining steps are a pointless exercise if anyone could simply modify your settings and hijack your network.
- Enable wireless authentication and encryption. Use the strongest authentication method and encryption algorithm supported by your wireless access point and all the wireless clients on the network. Wi-Fi Protected Access 2 (WPA2) should be used where possible. Wired Equivalent Privacy (WEP) is easily cracked. WPA, not WPA2, has also been demonstrated to be vulnerable when weak encryption keys are used. If your only option is WEP or WPA, it is strongly recommended that the encryption key be changed regularly.
- Choose a strong encryption key. Use the longest encryption key length supported by your wireless access points and all the wireless clients on the network. It is best if you could generate a random hex key. Otherwise, make sure you choose a strong pass phrase. Weak keys can easily be cracked by brute force attacks.
- Disable SSID broadcast. The Service Set Identifier (SSID) is a name used to uniquely identify your wireless network, and must be specified when a client wishes to join the network. Usually, by default, the SSID is broadcasted at regular intervals to announce the presence of the wireless network. This may simplify configurations of your wireless clients but is also an invitation for hackers. Disabling SSID broadcast makes it more difficult, but not entirely impossible, for an attacker to obtain this information.
- Rename the SSID. Following from the previous point, you should choose a unique SSID. Lists of default SSIDs are widely available. Additionally, a network with a default SSID suggest that it is poorly configured and is an appealing target for hackers.
- Enable MAC address filtering. MAC address is a unique identification for network cards. MAC address filtering ensures that only your wireless devices have access to your wireless network. However, this is not a foolproof measure as the MAC address can easily be spoofed.
- Disable remote administration, unless you absolutely know what you're doing. I'm sure you wouldn't want a hacker administering your network. Nuf said.
The steps detailed above are suggestions for improving your network security. Some of the features described may not be supported by your network devices, while others may be impractical for your network setup. If not supported, check to make sure that the manufacturer has not released new software or firmware upgrades. For those using Windows wireless client, the following Windows update may be required, if not already installed, to support WPA2:
KB893357 - Wi-Fi Protected Access (WPA2) Update
In the end, you may find the network slightly more tedious to setup but it will be much more secure.
No comments:
Post a Comment