Tech Tips #8 - Securing your Home Wireless Network

I've been going through quite a lot of wireless gear lately, evaluating hardware from Netgear as well as connecting that with my smartphone, netbook and notebook using multiple wireless networks. The experience has made it clear to me that setting up a home wireless network is fairly painless, not to mention a relatively simple matter to keep secure while ensuring connectivity to all your wireless gear.

If you've been wary of setting up a wireless network for fear of being hacked, your data stolen or your PC being hijacked - fear not. It's a relatively simple few steps you need only take to ensure your wireless signal remains yours.


1. Turn off SSID broadcasting

It's great to see your network pop up whenever you search for it on a device, but remember that anybody else using a wifi device will see it as well, along with your router's MAC address. That opens up a hole which can be exploited, so closing it means an added layer of security for you. The first thing you should do though is instead of searching for your SSID every time you want to connect, set up your notebook to connect automatically. Second, you should also set it up so that it can connect even if the network is not broadcasting it's name (SSID). Once done, you can go into your routers setup page and turn off the SSID broadcast function. Your wireless network will now be hidden, visible only to those devices which you have set up to connect.

2. Change the password for your router access

If you haven't done this already, you should do so right after turning off your SSID. Everybody knows that every wireless router comes from the factory with "admin" set as the username and "password" set as the password. It's important to change these, since it keeps rogue users from logging on to your router and stealing your wireless network security information. Some hardware may only allow you to change the password field, but that is fine. Select a strong password, and either remember it or keep it in a secure place where you can easily find it later. You won't be needing to use it much after you have set up everything to work, but not locking your router down is like leaving the front door open to your home when you leave, so change it.

3. Use strong encryption on your network

Depending on your hardware, you may have a choice of either WEP, WPA-PSK or WPA2-PSK security. I use WPA2-PSK as it is the most secure. When it's time to select a passphrase, I go with a random selection of upper and lower-case letters with numbers. You won't need to remember these in your head since whenever you go to the router setup page these will be there, but you will need this information when you go to connect your devices for the first time.

4. Turn on Access Control

Wireless station access control is a method that allows you to select which devices you give your router permission to connect, essentially locking out any devices which you know you don't have. It works by keeping a record of your hardware in a list that is stored on the router, identifying your devices by their name, IP address and MAC address. If you know which devices you want using your wireless network, and they are currently connected, you can add these to the list and then turn on this feature. Now, any devices that are not on this list won't get access to your network, even with the correct security settings.

5. Consider setting up a "Guest" network

If you have friends coming over frequently with their notebooks for work and/or play (or just to show off their iPad), it's kind of rude not to let them get online, especially if you are sitting next to them doing just that yourself. On the other hand, it's understandable that you want to protect your wireless network and not give away any of your security details. That's where having a guest network can be a great face saver. A guest network is essentially a second wireless network, with it's own separate SSID and security settings running off your router. With it, you now have the ability to "share" your wireless signal and let other devices get online.

A guest network can also be useful if you are just testing out a device and need only access to the web. One of the options you have is whether to let the guest network access the internet only, or to connect to the other devices you have on your existing network (storage, printers, desktop PC, etc.). While I would normally turn this feature off, I can see circumstances when this would prove useful.

If you have set up a guest network, you could choose to leave it open. My suggestion though would be to use security authentication, keeping your guest devices protected, but use a simple passkey for log-on. This way, neighbors won't surf your network at will. An alternative solution is to keep the network open, but only turn on the wireless access point when your friends visit and need it, keeping it shut down at other times. A third option you can implement is to turn the SSID off, keeping your guest network hidden, but available to those who you've given out the guest passkey to.

6. Check your router's security settings

One final point is to check your router's security settings. Items such as DoS alerts, Port Scan blocking and firewall should be turned on. Check the router log to see any inconsistent activity, or set up email alerts of such activity. If you have a USB hard drive attached to your wireless router for http access, change the link from the default to something only you will know.

There are many more intricate settings you can get into, depending on your hardware model and your router's configuration options. But the steps I've shown above are the most essential you should do, and are possible with any hardware you may be using. The important thing to remember is that these steps, combined, will offer solid protection for your network and your devices, and let you enjoy your wireless freedom. Now you can concentrate on spending some time in that easy chair on the patio with your cold one, rather than worry about security.

Happy Wireless Computing!

No comments:

Post a Comment