I wanted to take a look at few
wireless security myths. The five items contained in this article will do very little if anything to help secure your wireless connection. While I will stop short of calling the techniques useless, they do seem to be propagated around the Internet as the things to do when it comes to securing your connection. They are only marginally useful, even when used together
In reality, the best thing you can do for your wireless connection is to change the defaults on the router itself (SSID, admin password etc) and to use a decent encryption scheme (WPA/WPA2). In fact many of theses out of the box solutions do nothing but hinder legitimate users from getting their work done while providing minimal if any security.
Let’s have a look at few of the wireless security myths.
Hide the SSID beacon
This prevents a simple search displaying your SSID. It would stop an initial search of someone trying to detect your SSID, but would do nothing at stopping the other traffic associated with the SSID. In fact there are 5 types of broadcasts associated with the SSID, beaconing is only one. To be honest you will just make it harder for other users to join your network as it will not be detectable via Windows Wireless Connections. You will have to manually add the SSID.
Antenna Strength
I like this one as it sort of makes think of sitting in the corner with a tin foil hat on keeping the interstellar rays from picking my thoughts. Many of the SOHO routers have dual antennae and allow you to set the signal strength for each antenna in an attempt to limit hackers from sitting too close to the left/right/back side of your building and pick up your signal. Again this may help when stopping patrons of the shopping mall across the street from tapping into your wireless connection, it will do little to dissuade a hacker who will surely have their own antenna and be able to detect your signal from upwards of 10 km away if they so desired. Playing with signal strength will most likely cause inconveniences for the legitimate users especially if you have a lot of concrete walls and floors. Best to leave it at full strength.
MAC filtering
MAC filtering prevents users with an unknown MAC address from joining your network. Think of a MAC address as the name of your network card. Every network device has one and it is unique. MAC filtering works great in theory except that it is very simple to sniff the MAC address of any network card as it is sent in plain text across the airwaves. Couple that with the fact that many network cards (even wireless routers) allow you to spoof a MAC address and set it to anything you want. You are more likely to prevent legitimate users from connecting when they get a new wireless NIC and if you have a network where clients and guests are allowed tracking MAC addresses is all but impossible. Best to leave it open as the convenience of having users not having to call support to join the network far outweighs any security benefit you derive from using it.
Configure Internet Usage Times
One client I talked to says he only allows Internet access during working hours to prevent unauthorised use during the evening hours. While this may work, not all hackers come out at night. It may stop someone running an unauthorised Internet site off of your router, but it isn’t going to stop someone from gaining access to your network. If someone wants to work late or come in early, you are actually impeding their productivity by placing restraints on their access times. As a father, I feel there are times when children should not have access to the network, but with today’s mobile workforce, it makes little sense to curtail and hamper your workers. Leave it open as far as time limits go.
Conclusion
This article has had a look at some of the things that many believe will make their wireless router more secure. In fact, this article has shown that many of the so called security mechanisms provide nothing but a hindrance for legitimate users despite the weak security benefits they may bring. If you are using a strong encryption scheme, strong passwords for the router and educating your users as to secure best practices, you will have done far better than trying to just use the simple mechanisms contained here.
