One of the ladies I work with was talking about how she set up a wireless network in her house. She was very pleased with herself until her son made her nervous by pointing out some of the security issues surrounding wireless networks. I had to agree with her son because I had just gotten some information back on a hackingĀ conference I had attended last year. I wouldn’t be able this year so I figured I would finally get around to writing up some guidelines for some of my students. It was scary how easy some people can penetrate a wireless connection. I pull out some of my old reseach on how to harden up my wireless security. I rediscovered a few important facts that need to be followed to provide minimum security on a wireless network:
1. Try to use Enhanced WEP,sometime reffered to as WPA, if your router supports it instead basic 128bit WEP. WEP is regarded as much easier to compromise than E-WEP or WPA.
2. Setup MAC filtering (media access controller, not apple macs) so that only the computers that you own will be allowed to access the network. Each computer network interface has a unique address. If you only allow or “trust” those addresses it makes it harder for unauthorized people to access your wireless network.
3. I would also disable DHCP and manually assign IP addresses to each computer on the network. This is helpful in the event your network is discovered because random computers won’t automatically receive a receive a network address from the wireless router.
4. Also turnoff the SSID broadcast so that your network identity won’t be broadcast to the world. If someone doesn’t know that your network is out there it will make it harder for them to get unauthorized access.
5. If you have a choice, try and position the wireless router in the center of your house or apartment so that the signal won’t be broadcast too far from the confines of your home. Granted this is harder in apartment buildings, but you should try anyway.
6. Make sure that you pick a decent password for your router and other devices. If a intruder can compromise your router all the other steps are worthless. A good password contains no words or phrases in ANY LANGUAGE, is at least a minimum of 6-8 characters long, contains a mix numbers and letters, and contains upper and lower case characters.
The reason that I say this is not to be paranoid. Someone might not want to access your files but just use your network to do some illegal or questionable activities. For example, imagine if have neighbors that have unsecured wireless networks and you use their connection whenever you want to download bit torrents or p2p files that could get you sued. When the RIAA or MPAA come a suing it will be the unprotected neighbor that is gonna catch a case and not the intruder.
Be aware, be safe.