Change the default administrator password. This
is a critical step to stopping anyone from accessing your network.
All wireless routers and access points are created with basic, default
passwords. Most common passwords are either "password" or a blank
password. The first step to a more secure network is to change the
administrator's password.
Change the default SSID. The
SSID is an identification of your network provided by the manufacturer
of the wireless router or access point. Changing the default SSID
is good, but disabling the broadcast for others to see it is better.
Wireless routers and access points are shipped from the manufacturer
with the SSID broadcast feature enabled. This helps you find you network.
If SSID broadcasting helps you, it helps anyone else. Once a wireless
network is created, both the wireless router or access points inform
any computer with a wireless card within the wireless range of its
SSID. After a computer joins the network, the computer will remember
to lookup and join the network. This is a two-way street of traffic
broadcasting from the wireless router and traffic broadcasting from
the computer. Making it a one-way street will enhance security. After
the setup and configuration of your wireless network, disable the
SSID broadcast feature from your wireless router or access point to
hide your network.
Enable wireless encryption. WEP
and WPA are the two types of encryption available for home users to
securely transmit information from your computer to your wireless
router or access point. WEP invokes 128 bit encryption is good, but
has become the weaker standard in wireless security. Consequently,
WPA is the stronger of the two types of encryption. WPA includes the
type of encryption similar to WEP, but WPA also includes an algorithm
to constantly change a security key. This security technique is called
rekeying. The security key changes randomly every few seconds or every
few network transmissions. Due to the rekeying process, any potential
hacker will have a very difficult time trying to authenticate with
your private network.
Limit the number of devices allowed to join your network.
Manufacturers default the number of devices
allowed to join your network to approximately 50 devices. To better
limit access from any unknown audience, limit the number of devices
allowed to join your network to the exact number of devices you have.
This number is the total of all devices, both wired and wireless,
communicating with your router or access point. For example, if you
have one computer connected to the router with a network cable and
two laptops connected with wireless cards, the total number is three.
This setting is typically found in the DHCP settings of your wireless
router or access point.
Set up an access control list. This
is an advanced technique to limiting the number of devices allowed
to join your network. All network devices are given identification
much like how people are assigned a social security number...two John
Smiths…two Linksys WRT54G routers…different identification numbers
for each. The identification numbers for networking devices are referred
to as MAC addresses. Every computer with a network card, regardless
if the card is wireless or not, has a MAC address. To increase security
with your wireless network, setup your wireless routers access list
with only the MAC addresses allowed on your network. This will stop
any user from gaining access to your network without your network
cards.
Disable inactive wireless devices. If
your computer is on even when you aren't using it, the computer can
still become a target. Disable the wireless card when finished using
the network and re-enable it when you need to use the network. On
Windows XP, navigate to the control panel and open the network connections.
Right-click on your wireless network adapter and choose to disable
or enable the device.
