Tuesday, June 23, 2009

Six Ways to Protect Your Wireless Network

Wireless networking products are so common and inexpensive that anyone can set up a wireless LAN very quickly; indeed many service providers are now giving away wireless routers as part of their broadband services. This widespread use of wireless networks has increased the possibility of network intruders being able to compromise your home or office network.

Most wireless LAN hardware is incredibly easy to set up and, in the case of hardware supplied by broadband providers, is often supplied pre-configured. However, it is worth checking the security configuration of your wireless LAN router; here are some simple things you can do to protect your wireless network.

Secure the administration interface. Wireless routers generally have an administrator password that must be entered before the configuration can be changed. Most devices will be preconfigured with a default administrator password and some devices will have no password at all. You should always ensure that an administration password is configured or, if the device has a default password, change it. If you leave the device with no password or with the password set to a default value you run the risk of the device being reconfigured without your knowledge; either by somebody who has managed to attach to your network or by malware that you have inadvertently downloaded.
Use WPA encryption instead of WEP. 802.11's WEP (Wired Equivalent Privacy) encryption has weaknesses that make is relatively easy to crack the encryption and access the wireless network. A better encryption standard is WPA (Wi-Fi Protected Access) which provides much better protection and is easier to use. WPA support is built into almost all modern wireless hardware and operating systems. WPA2 is a more recent version of the standard which provides even stronger encryption.

It is possible that you may have some devices that do not support WPA (often devices such as media players, PDAs etc). In this situation it is tempted to turn encryption off completely but this really will leave you wide open to attack. WEP encryption, for all its flaws, is better than nothing and therefore should be used where you have devices that do not support WPA. If you do use WEP make sure that you do not use an easy to guess encryption key. You should also consider changing the WEP encryption key at least once a week.

Don't broadcast the SSID. Most wireless access points and wireless routers continuously broadcast the wireless network's name, this is also called the Service Set Identifier or SSID. The purpose of this is to make it easy to configure wireless networks as wireless devices will be able to identify the wireless networks that are available. However, it also advertises the presence of your wireless network to any wireless systems in range. Turning of SSID broadcast will make your wireless network invisible to your neighbours and the casual intruder but it will still be visible to anybody with a wireless network sniffer.
Use MAC filtering. The MAC address is a hardware address associated with a network adaptor and, unlike and IP address, is globally unique to that adaptor. By using MAC filtering on your wireless access point or router you can control the specific devices that are permitted to connect to it. MAC addresses can be spoofed by somebody with sufficient knowledge, so this does not provide an absolute guarantee of security but it does give the attacker another hurdle to jump.

Disable remote administration. Many wireless LAN routers can be administered remotely from the Internet. You should only every use this feature if you are also able to define a specific IP addresses or a limited range of IP addresses that are able to administer the router. If you are not able to do this anyone, anywhere could potentially access your router. Unless you particularly need this feature it is best to disable it; most wireless LAN routers disable this feature by default but it is always worth checking.

Reduce the Wireless LAN transmitter power. This feature does not exist on all wireless LAN routers and access points, but some will allow you to decrease the power of the transmitter thereby reducing the range of the signal. It is usually impossible to fine-tune the signal to the point where it does not leak outside your premises but you can limit how far the signal reaches thus reducing the opportunity for people outside your premises to access your wireless LAN.
For more IT and network security information visit us at

No comments:

Post a Comment