Secure Your Wireless Home Network
These are the Thrift Meister's tips on how to secure your wireless home
network.
If you now have a wireless home network or you
are thinking about setting one up you need to secure it from interlopers
who would use your internet connection to use your ISP for their
web surfing or downloading (thereby slowing down your internet connection
by using up your banwidth) or even connecting to your LAN (local
area network) and possibly gainning access to your private financial
or personal data. Even if you don't know someone is using your internet
connection you can be held legally liable for their activities on
the internet and data you store on a PC might be stolen
by someone who gains access to your LAN once they obtain a wireless
connection if your PC is not secure.
While no network wireless or wired can be made
100% secure the suggestions below should be sufficient for home-based
wireless networks. Using the layered approach to security forces
a hacker to have to defeat multiple layers of security before he
can gain access to your network. If you do all this the odds are
in your favor. Anyone with the ability to defeat all these procedures
isn't likely to be wasting his time on home-based networks, he'll
be going after the networks of businesses.
1. Change your network name. This is the SSID
(Service Set Identifer). Don't name it anything related to your name
or anything easily associated with you.
2. Dissable the SSID broadcast. By default your
router will be setup to broadcast its signal to the World so stop
advertising to everyone that you have a wireless network setup.
3. Change your network password. Don't
use your name or any easily identifiable words in the password. It
should at least be a combination of letters and numbers. Some routers
will let you use password characters such as the "%" or "&" and accept
both capital and small letters which makes your password more secure
still. Most wireless routers come with a default password like "admin" which
anyone looking to use your network would know or easily figure out.
Once someone is in your router they can change other settings if need be to allow access to your wireless network. This is the single most important thing you can do to protect your router and its configuration from interlopers. For
most would be interlopers just changing the password will be enough
to discourage them and force them to move on to easier prey. For the more determinded hacker you
need to have the other security measures in place so don't stop here
though.
4. Enable MAC address filtering. If your router
allows you to enable MAC (Media Access Control) filtering then do
so. Each networking device has a unique MAC. Set the router to only
allow entrance to networking devices you specify. In Windows 2000
or XP after your network card is installed you can see your PC's
MAC by going to RUN type in CMD then at the prompt type in IPCONFIG.
5. Use encryption such as WEP or WPA to secure
communications between your wireless PC and the router. WEP (Wired
Equivalent Protection) while older and less secure is sufficient
for most home networking needs. In all likelyhood any networking
gear you buy will at least have WEP encrytpion capability. If you
can use WPA (Wi-Fi Protected Access). It is new and should be available
on recently manufactured networking gear. Its dynamic-constantly
changing encryption. By the time a hacker has the time to break it
it has already changed. Even if you have older equipment you maybe
able to do a firmware update and upgrade to WPA.
6. If you use DHCP to assign IP addresses to
PCs connecting to your router then limit the number of available
addresses to exactly the number you need. If you only only have one
PC that needs a wireless connection then limit the available IP addresses
to one and turn off your router when you don't need to be connected.
7. Turn off DHCP and use static IP addresses.
Stronger protection still, even though it requires more work on your
part, is to turn off automatic assignment of IP address via the DHCP
service and manually assign static IP addresses to devices that need
connections and configure the router to only accepts those IP addresses.
8. Use a firewall on any PC that is on your LAN.
If it is configured to share drives or folders anyone who gains access
to your network can access your PC and collect data from it. A firewall
will help stop an intruder from accessing your personal PC and info
on it even if they get access to your network. If you don't have
another PC on your network that you do need to share files or printing
with then turn off sharing.
9. Disable remote management on your router.
10. When you don't need to be on line or accessing
your network wirelessly turn off your router or any access point
broadcasting your signal. Place your router or any remote access
point as close to the center of your home as possible and stay away
from the rooms with an outside wall as much as possible.
* If you are connecting to a corporate network
through a home based wireless router then realize that anyone who
gets on to your home network can access your corporate network through
your home based wireless network. Protecting access to your wireless
home based network will be appreciated by your corporate IS department.
That is not to say your corporate network doesn't have some protection
in place, but an accessible home network gives hackers an entry point
to work from.
** Be aware that if you are trying to get on line through a public access hotspot such as an airport lobby they are probably not running any encryption and anybody who is a mind to can scan everything transmitted so any user IDs, passwords, or other important data you use are easily read and captured.
TM Tips Steps to Protect your
PC from Maleware
TM's Computer & Internet Tips
PC Owner's Package - $19.99
