Securing Your Wireless Network
Thu Sep 4,12:23 PM ET
Jim Louderback - ExtremeTech
Once you install a wireless network, you could be opening up your computers to all sorts of attacks by complete strangers – especially if you live in an urban area. You've probably heard horror stories of war driving, or war chalking, where itinerant users try to sponge free internet access from unsuspecting wireless networks.
How is this possible? Wireless network, by default, are completely open – with no security at all! This makes it easy for anyone to shuffle by and suddenly be on your network, inside your house, rifling through you financial records and racy photographs. You might even find your neighbors freeloading on your internet connection, rather than buying their own broadband.
But it's relatively easy to secure your wireless network. Here's how.
Change the Name: The first thing you should do is change the name – in typical computerese called the SSID – of your hub. Wireless (news - web sites) hubs come pre-configured with a default name that's simple to find out. Linksys hubs, for example, call themselves "linksys" (bet you couldn't have guessed that). Many D-Link hubs use a default of "default" – again, easy to guess. Pick something harder to deduce, like your highest score in Solitaire, or your high-school sweetheart's last name (but don't pick something you might forget).
Stop Broadcasting the Name: Like the electronic equivalent of Dory from Finding Nemo, most hubs initially keep repeating their name out – over and over – to anyone who's listening. Even if you change the SSID name, if your hub's still spilling the beans, you're still at risk. You should be able to disable name – or SSID - broadcasting through your hub's configuration menu.
Change the User Name & Password: Like the SSID name, most hubs come pre-configured with an easily deduced user name and password. Change these to something more cryptic. This will keep hackers from sneaking into your hub's configuration screen and opening up your wireless network to the world.
Disable Remote Configuration: Many hubs include the ability to access the configuration screens from anywhere on the internet. This is so that corporate IT managers can reset and reconfigure a hub even if they're miles and miles away and wearing bunny slippers. But home users don't have this problem. Turning this off helps ensure that Viktor Hackalot can't sneak into your hub from his Russian hide-out, and remotely hijack your network.
Enable WEP encryption: Every Wi-Fi hub comes with something called WEP – which stands for Wired Equivalent Privacy. WEP basically scrambles up your wireless networking signals with a secret code. If you don't have the code, you can't snoop around on the network – which protects your files and your internet connection.
Turning on WEP is pretty easy. You simply need to go into the configuration screen for your wireless hub, and add in your own secret code. Don't forget to add that same code to the wireless configuration of every computer on your network too.
WEP isn't perfect. Freely available tools with evocative names like AirSnort enable a determined hacker to reverse engineer your secret code, and gain access to your network. However, these tools require a computer to consume and digest a week or more of home network traffic. So unless you see a scruffy-haired guy hiding in your bushes for days – or you don't trust your neighbors – WEP should be just fine.
Businesses – and paranoid home users – should opt for something stronger, though. For more details on stronger options, check out our wireless security guide.
Update Your PC: Once you've made all these changes, you'll have to go to each PC and notebook on your network and update their configuration as well. You've just made it much more difficult for a hacker to get in – but also made it harder for your own systems to connect up. On each PC now, you'll have to enter in your new hub name – the SSID – and add in that WEP key too.
Oddly, wireless hardware vendors have made it less than simple to make the basic security changes outlined above. Why? Easy setup cuts down on those expensive technical support calls – but easy setup implies incomplete security. I wish Linksys, D-Link and others would do a better job with security, but until then you'll have to add it to your networks by hand.