Securing a Wireless Network
I use both a wired and wireless network at home. I am fortunate enough to have an Internet Service Provider (ISP) that provides up to three IP addresses. I connected a switch to my modem, and two routers (one wired, and the other wireless) to the switch. Each router has a separate IP address from my ISP. My desktop is connected to the wired router, while two laptops connect to the wireless one. I can connect either laptop to the wired router with a network cable if I choose to as well.
The biggest issue I wanted to address when setting up the wireless network is that of security. I have always been skeptical of wireless security, but since I have purchased a laptop, I decided to give wireless networking a try.
There are a lot of discussion on how to secure a wireless connection, some good, some bad, and some useless. This post will not go into detail about how to change the router settings to make it secure, but it will discuss what needs to be changed.
Administrative Credentials – Important
This is important whether you have a wireless or wired network. Ensure that all APs (access points) have a good strong password associated with the administrative account. If someone can get into your router because of a weak password, then your network can be compromised. You may also want to change the administrative ID as well.
Enable WPA Encryption – Important
This is probably the most important security measure to take when securing your wireless network. The previous standard called Wired Equivalent Privacy (WEP) was easy to crack within about 30 seconds. The new Wi-fi Protected Access (WPA) is more secure and should be enabled. You must also choose a passphrase that will be needed for each computer to connect to your router. Choose a passphase that is long, hard to guess, but easy to remember. Write it down somewhere so you don’t forget it. For assistance on creating a strong passphrase, please read my post on creating secure passwords. Follow the advice, but just make the passphrase longer.
Reducing the IP Addresses – Important
Routers allow you to limit the number of IP addresses they assign. If you have one computer, have the router assign only one IP address. If you have three computers, then the router should assign three IP addresses. This won’t prevent someone from getting into your network, but if all computers are connected, then the router won’t assign any more IP addresses to another computer.
Turning Off Router – Important
If you are going to be away for awhile, such as on vacation, simply turn off the router. If the router is off, then no one will be able to connect to it while you’re away. You won’t lose your router settings, and simply turn it back on when you return.
Turn off SSID Broadcast – Not Important
This is a debatable option with regards to a wireless connection. Many people would argue that not broadcasting your SSID will help with security. My opinion is that it won’t really provide security. Those who you are trying to gain access to your wireless network can easily determine your SSID, whether it is broadcast or not. I have also had problems with connecting to a wireless network when the SSID is not broadcasted, so I leave my setting on broadcast.
Using MAC Filtering – Not Important
Similar to broadcasting the router’s SSID, this is also a debatable point. An IP address is specific to a computer, a MAC address is specific to a network adapter within that computer. Enabling MAC filtering on your router only allows specific network adapters to connect to the router. While this may seem like a good idea, it can be a headache to manage the MAC addresses for all the computers that will be connecting to the wireless router. A knowledgeable person will also be able to "spoof" (imitate) a MAC address so it doesn’t guarantee security.
There are many settings that can be changed in your wireless router to make your network secure. This article has listed many of them, and you can make use of all of them or only some. The following, however, should be done to make your connection secure:
- Changing the administrative password and ID.
- Enabling WPA encryption.
- Reducing the number of IP addresses.