Securing your wireless network

Share:

Last updated on: October 10, 2008 14:44 IST

The whole aspect of security of wireless networks has become very important ever since terror e-mails were sent to media by alleged terrorists. Terrorists used unsecured wireless networks to hack into an individual's Wi-Fi network and sent e-mails just before bombs went off in Ahmedabad and New Delhi.

 

It is in this environment protecting your unsecured Wi-Fi network becomes very important lest somebody misuses the same.

Here are 10 simple ways in which you can secure your wireless network.

1. Change default administrator usernames and passwords

Most routers or access points come enabled with a default set of username / password combinations. These combinations are well documented and available online for hackers to use. If a hacker can access your device's administrative pages they can modify the configuration and control all aspects of your device. These username / password combinations can be changed from the administrative panel and should be set to something difficult to guess.

Keep a password which is difficult to guess and not easy to crack. A good password is 8 characters long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers and preferably contains special characters like $,*,%,!.

 

2. Turn on encryption

All wireless devices support some form of encryption. Encryption technology scrambles messages sent over the air and ensures that they cannot be intercepted by hackers. Several encryption technologies exist for wireless communication today. WPA is the strongest commonly available encryption technology for home devices. While WEP can also be used cracking WEP is just a matter of few minutes.

We would advice corporates to go for WPA with EAP Authentication, TKIP / RC4 Encryption or WPA 2 with EAP Authentication, AES-CCMP encryption for better security

3. Change the default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set for all routers. For example, the SSID for Netgear devices is normally 'NETGEAR'. The default SSID can be changed from the administrative panel and should be set to something unique.

4. Enable MAC Address filtering

Each wireless device possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses for all devices that connect to them. Wireless routers offer the option to key in the MAC addresses of your home equipment so as to restrict the network to only allow connections from those devices.

It ensures that rogue users cannot connect to the wireless router without using advanced MAC spoofing techniques.

5. Disable SSID Broadcast

The wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where wireless clients may roam in and out of range. For the home user, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network.

Fortunately, most wireless access points allow the SSID Broadcast feature to be disabled by the network administrator. Your SSID name can be manually entered into your devices to prevent the need for SSID Broadcasts to be enabled.

6. Do not auto-connect to open wireless networks

Connecting to an open wireless network such as a free wireless hotspot or your neighbour's router exposes your computer to security risks and attacks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying the user. This setting should not be enabled except in temporary situations.

7. Assign static IP addresses to devices

Most home wireless devices use dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool.

Turn off DHCP on the router or access point, set a fixed IP address range instead and then configure each connected device to match. Using a private IP address range (like 10.0.0.x) prevents computers from being reached directly from the Internet.

8. Enable firewalls on each computer and router

Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.

9. Position the router or access point safely

Wireless signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wireless signals often reach through neighboring houses and into streets. When installing a wireless home network, the position of the access point or router determines its reach.

Try to position these devices near the centre of the home rather than near windows to minimise leakage. Many routers allow you to reduce the range of your router from the administrative panel to prevent the signal leakage.

10. Turn off network during extended periods of non-use

The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods of downtime.

Vineet Kumar is the Founder & and CEO of National Anti-Hacking Group & Security Brigade. Yash Kadakia is the Co-Founder and CTO of Security Brigade.

About NAG & Security Brigade

National Anti-Hacking Group is a non profitable social organisation working to create awareness in Cyber Security and to reduce cyber crimes in India.

Security Brigade is an Indian IT Security Company that specializes in IT Security Services.

Get Rediff News in your Inbox:
Share: