Tips for Wireless Home Network Security

1. Change Default Administrator Pass-words (and Usernames)

Access Point or router is the core of most Wi-Fi networks. To set up these devices, manufacturers provide web pages to con-figure the settings that allow owners to en-ter their network address and account in-formation. To configure these settings by the right owner, the web pages are pro-tected and need to be authenticated with username and password. All manufacturers provide default usernames and passwords combination with the wireless router or ac-cess point.

These default usernames and passwords are available on the Internet. It is easy to get these credentials from the Internet. Most of the users do not change these usernames and passwords combina-tion. As an alert user, these settings need to be changed.

2. Turn on (Compatible) WPA / WEP En-cryption

All Wi-Fi equipment supports some form of encryption. Encryption is the conversion of data into a scrambled form that cannot be easily understood by unauthorized people. Several encryption technologies exist for Wi-Fi today.

Wired Equivalent Encryption (WEP), an old encryption standard is claimed to be broken within few seconds, even using a complex passphrase. It is a weak encryption means that it can be easily broken within manage-able time i.e., few seconds or minutes.

Enabling Wires Equivalent Privacy (WEP)

Since there are security issues in using WEP, Wi-Fi Alliance introduced a standard for network authentication and encryption. WPA (Wi-Fi protected Access) is one of the several popular standards for wireless security. WPA delivers a higher level of security that further beyond anything that WEP can offer.

Enabling Wi-Fi Protected Access (WPA)

3. Disable SSID Broadcast

In Wi-Fi networking, the SSID is broadcasted by the wireless access points or routers at regular intervals. This feature was designed for businesses and mobile devices where Wi-Fi clients may roam from one place to other. SSID broadcast feature is not so useful in home Wi-Fi network. To improve the security, SSID broadcast security feature should be disabled. Configuring the wireless clients manually to the access point with right SSID, they no longer require these broadcast messages.

4. Change the Default SSID

Service Set Identifier (SSID) is a network name that is used by access point and routers.

The same SSID set is used by the manufacturers for shipping their products. For example, the SSID for Linksys devices in general is “Linksys”. Knowing the SSID may not be the cause to hack into network, but the default SSID suggests that the network is poorly configured and much more likely to attack it. When configuring wireless network security, change the default SSID.

5. Enable MAC Address Filtering

Every Wi-Fi device possesses a unique identifier known as Media Access Control (MAC) Address or physical address. Routers or Access points maintains MAC addresses of all devices that connect to them. To restrict the network access to allow only connections from the devices, many of the products offer the administrator of the access point or router to store the MAC addresses of their devices. But this is not as powerful as hackers and their software programs can fake MAC addresses.

6. Enable Firewalls on Each Computer and the Router

Make sure that the router’s firewall is turned on. Most of the network routers have built in firewall capability. It is an option to enable or disable the feature. Along with the firewall at the router side, also install and configure personal firewall software on each computer connected to the router.

The security features in the firewall include blocking anonymous internet requests, browsing unwanted websites, protecting from malware and spyware. And also define the security policies so that the unwanted and anonymous connections are restricted.

7. Turn off the Network during Extended Periods of Non-Use

An access point or a router keeps on emitting signals if it powered on. To restrict the network to full extent, the ultimate in wireless security measures is to shut down the access point or router. While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.

8. Position the Router or Access Point Safely

Wireless signals are not bound to physical boundaries. The signals from the wireless router can go beyond office building or cross the gate of one's house and can enter into neighbor's house. Most wireless routers have a signal range of 100 feet. If this signal range can be imagined as a sphere with wireless router as center, the signal can be accessed form any direction up to 100 feet. It becomes easier to others to find the wireless network and attempt to access it.

When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage. Signal becomes weak depending upon the distance it travels and the material it passes through such as walls, metal, etc. Aluminum foil can also be used at the windows or doors to reduce the strength of signal.

9. Do Not Auto-Connect to Open Wi-Fi Networks

To automatically connect a computer to any available open wireless network without any notification, most computers or devices provide a setting that will connect a computer automatically. But the risk involved is that there may be some dummy access points designed to catch unsuspected users and hack the connected computers.

And configuring access point to accept credentials are must, otherwise any unauthorized persons can access access-point without username and password.

10. Assign Static IP Addresses to Devices

DHCP (Dynamic Host Configuration Protocol) is used to assign network configuration information to the connecting devices dynamically. So there is no need to configure the networks settings manually because of DHCP. This is used for convenience as the manual configuration of the network settings is reduced. But at the same time, the attackers can use this feature to automatically connect to the network by getting the network settings readily configured and can access the network. To avoid this use the static IP addresses to the devices to connect to the wireless network.

References:

http://computer.howstuffworks.com/wireless-network1.htm http://en.wikipedia.org/wiki/Wireless_network

http://en.wikipedia.org/wiki/Wi-Fi

http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm http://www.thegeekpub.com/773/why-wpa-is-better-than-wep/

http://pcnineoneone.com/howto/80211bsecurity1/