Securing your Wireless Network

wirelessSo, you have a wireless network. Now it is time for you to take security seriously. Most people think that setting up a wireless network and hiding the SSID is all you need to do. I have been in networking for several years, mostly as a service tech. I cannot tell you how many times I rolled on a service call to find that a customer’s wireless network had been compromised, often without them even knowing. In my experience, internet leaching neighbors is the most common form of network compromise. However, wardriving is an even bigger threat. When a wardriver finds your unsecured (or weakly secured) network, it is often loaded to a server with GPS coordinates letting others know where they can go to leach internet, or worse. While there is little you can do to stop a truly dedicated hacker, it is rather simple to keep your network from being labeled as a prime target.

Most people’s entire lives are stored on their computer(s). Think about it. Your passwords, banking information, credit card information, confidential job-related documents, children’s names, Social Security Numbers, pictures — almost everything about you has, in one form or another, most likely been entered into your computer at one time or another. Simply deleting files and then emptying your Recycle Bin does not delete them. They still exist on your hard drive. Someone with the right software and the right training could steal your identity by simply driving past your house. It is a frightening realization to some.

The following steps are highly recommended to provide additional levels of security for your home network. The steps to complete the steps listed below will vary from router to router, so you may have to consult your Owner’s Manual or manufacturer’s website.

  1. Firmware Update. It is generally a good idea to check for firmware updates for your router before you configure it. Consult your Owner’s Manual or manufacturer’s website for details.
  2. IP Address Range. By default, all routers are configured to operate on the 192.168.XXX.XXX network. While there is technically nothing wrong with this, most attackers know that the majority of people do not change this setting, making it that much easier for them to circumvent your security. I recommend you change your IP range. It will not effect your network’s ability to function at all.
  3. DHCP Server. Make sure this option is enabled. It is what allows your router to assign IP addresses to your network devices.
  4. Maximum number of users. This number should equal the total number of devices that will be linked to your internet connection. Keep in mind that both routers need to be added in this calculation. Changing this will give you more control over your network and how many devices will be allowed to connect simultaneously.
  5. MAC Address Clone. This setting might have to be enabled for your router to work. You will have to check with your Internet Service Provider (ISP) to find out if they require it.
  6. SSID. Your SSID should be changed. This is what wireless devices will be “looking for” that will identify your network from others. You should not use any personally identifiable information (e.g., name or address) as this could aid an attacker in finding your location. Additionally, threatening or obscene SSIDs will likely just entice a hacker. Setting your SSID to “i_dare_you_to_try” is a guaranteed to get your network comprimised.
  7. SSID Broadcast. During initial setup, it is helpful to have this feature enabled to make it easier for you to add devices. Once setup is complete and all of your devices have been added to your network, it is strongly recommended that you disable it. This setting decides whether or not your router “broadcasts” your SSID to allow your network to be located by network devices that are trying to connect to it. It will not make your network “invisible” to an attacker, but it will make it much harder for them to find. Once you have decided on an SSID, write it down as we will need it later.
  8. Security Mode. Here is where you will choose your encryption method. Select the highest level of encryption that ALL of your devices allow. Ensuring they all will allow it will save you from having to go back and change it later, which would result in you having to change all the devices you may or may not have already joined to the network.
  9. Passphrase or Pre-Shared Key (PSK). This string will be used in conjunction with your SSID to create your router’s hash (encryption algorithm). It must be a string of between 8 and 63 characters. The more random, the better. Once you have decided on an passphrase, write it down as we will need it later also.
  10. Wireless MAC Filter. Every network enabled device is supposed to have a Media Access Control (MAC) address assigned to it. The MAC addresses for all of your devices should be added to your “allow” list. Although not essential in your network security, it is one more added layer of safety. It will attempt to match the MAC address of any network device that is attempting to access your network to those on the list. If there is no match, the device is denied access. There are ways around this for an attacker, such as cloning a MAC that is already on your network, but it requires a lot of time and experience.
  11. Admin Password. If there is one change I would recommend over any other, this would be it. You should DEFINITELY change the default admin password for your router. All one has to do to completely hijack your network is to have access to your router by way of the admin password. Once you decide on a password, write it down and keep it in a secure location. Without it, you will not be able to access your network to make any changes. If you have to change your settings without the admin password, your only option is to perform a hard reset of your router and return it to factory settings. Once this is done, you will have to completely reconfigure your network and manually rejoin all of your devices.
  12. Remote Management. Unless you really have a need to adjust your network settings from a remote location, you should disable this feature. It allows someone at a computer full access to your home network if they can simply crack your router’s admin password. If you must have remote access, you should also change your Remote Management Port to something other than the default port.
  13. Event Log. This is not so much of a security enhancement as it is a means to detect intrusions. If you do not enable this option, you will likely be unable to find any information about the intruder. A smart hacker, if they find a way in, will likely delete the logs before he leaves, but you never know.

These steps will make your network far more secure than that of the average person. Modern proliferation of wireless networks combined with the inexperienced people who set them up will make your network far less appealing to most hackers since they will likely have MANY alternative networks to choose from. If yours will take them a day or two to crack, but you’re your neighbor’s will only take 60 seconds, which do you think they will choose? However, a dedicated hacker will find a way through even this level of security if they spend enough time on it. With every passing day, hackers become more educated and sophisticated in their attack methods. I recommend changing your SSID and passphrase once a month, or as often as you deem necessary.

One thought on “Securing your Wireless Network”

  1. Pingback: Here

Leave a Reply

Your email address will not be published. Required fields are marked *


*