The proliferation of wireless interent access at home, in the office, and even in public places are partly due to the convenience of ubiquitous connectivity that our society craves and the partly due to the low cost of these devices.
If you are lucky enough to have an organization that uses wireless networking to give you wireless interent access but not lucky enough to have the infrastructure/budget to support the advanced wireless security solutions on the market today; don’t despair.
As with all things security there is no silver bullet that will make you 100% secure, but if you follow the basic tenets of defense in depth, you can go a long way in protecting your companies’ assets. There are seven basic configuration changes that you or your organization can make to increase security your wireless access point (AP) and wireless Internet. Most of these features should in built into your AP so consider these items as free things you can do to be more secure.
Change the Default Administrator Password
This rule could as easily apply to your home alarm system as your wireless AP. The default passwords of all the major vendors APs are well known and are the first ones tried by would be hackers. Some vendors APs will allow you to also change the username of the default administrator user. Change both if possible and in following safe computing practices do not set the password to something easily guessed such as name of the company, street address, etc.
Enable Encryption
Without the infrastructure/budget to implement one of the advanced wireless solutions, we are left with Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) security protocols. Both security protocols encrypt your data so that only the destination of your data can read it. WPA is the more secure of the two protocols and was developed to address security issues with WEP. The drawback to WPA is that not all older models of wireless network cards support WPA. If you have a requirement to support older wireless network cards, use the highest level of WEP (128 bit) encryption available. WEP encryption can be broken and as such only use WEP if no other secure alternatives exist. WEP is better than nothing, but use WPA if you can.
Use MAC Address Filtering
Every computer (or laptop) has a network card (or wireless card), and each of them has a unique number called a MAC address. Most wireless APs support MAC address filtering for Internet access. MAC address filtering limits computers you select to be able to connection to the AP. You enter the MAC addresses of the computer you want to be able to get wireless access so no other computer can use the access point.
Change the System ID (SSID)
All wireless APs come with a default System ID called a Service Set Identifier (SSID) or Extended Service Set Identifier (ESSID). Similar to the default administration password the default SSIDs for wireless manufacturers are well known to hackers and are an easy target. Changing this SSID to something unique and not easily identifiable is another layer of defense. When you browse for wireless networks, these SSIDs is what you see.
Disable SSID Broadcasts
By default all wireless APs broadcast the SSID that you just changed in in item 4 in an attempt to fool hackers. In order to make this change more effective; disable the broadcasting of this System ID. If you know the SSID you can still connect to the wireless AP but not everyone in range of the wireless device will know it is there.
*Note – the one caveat here is the disabling the SSID broadcast can sometimes cause problems when clients connect to the wireless AP for the first time.
Log and Check Logs
Logging on these wireless devices range from basic to robust. Log as much as you can and check them as frequently as reasonably possible to ensure that any security attempts and violations are caught.
Defend your PCs
While it might not seem to belong in the wireless security configuration section; the last line of defense should be the PC. Anti-virus, anti-spam, personal firewalls, disk encryption are all great ways to
further the security of computers connecting to the wireless AP and help prevent the spread of Trojans, worms, and viruses to others connected to the wireless AP.
Conclusion
All of the wireless internet routers you might buy will have included features to make your wireless internet access secure. Take a look at the features and see which ones make sense for you.
| 