This posting will discuss how to secure your home wireless network. But it’s important to know that there’s a different set of problems when connecting with public access point (i.e. Starbucks) that will be addressed in a separate posting.
There are people that drive around neighborhood residents and commercial buildings looking for “open” WiFi access points (they call this “wardriving”). With programs like NetStumbler & Kismet, it’s easier than you probably may think..
But there's also a potential legal liablity if someone uses your wireless network for illegal porn or some other "bad" activity.
Thieves pass-by locked cars in favor of an unlocked door. Wardrivers will pass-by a secured wireless network in favor of the many selections of open wireless networks! True, a good hacker (given time) can still penetrate your "secure" wireless network; but by following these SEVEN steps, you can better protect your wireless network!
- Connect to your wireless router/access point. Most people have not changed the default settings. So click on these links and see if you connect! (If not, check your manaual (and email ME the other IP Addresses!))
D-Link/Linksys Routers: http://192.168.0.1 or http://192.168.1.1
D-Link/Linksys Access Points: http://192.168.0.30 or http://192.168.1.245
Netgear: http://www.routerlogin.net - Don’t broadcast your SSID (Service Set Identifier). By default, most routers & access points send a short message repeating the network's name. Anybody who lives (or drives) nearby can detect you wireless network’s name and connect!
To ease the initial setup, leave the SSID Broadcast turned ON until the wireless network is working. Then later disable the SSID broadcast within your router/access point software. You will no longer be “announcing” that you have a wireless network. - Rename the SSID. Don't simply use your personal or company’s name; it’s easier for a person or program to “guess”. To make this a harder value to “guess”, make this a very long (complex) value!
- Pick a secure password for your router and/or access points. Most people already know the default username and passwords! :-)
D-Link: Username = "admin", Password is blank
Linksys: Username is blank, Password = "admin"
Netgear: Username = "admin", Password = "password" - Turn-on the router and access points’ encryption. I don’t really care if it slows down your wireless network; this is for your protection! Besides maybe it’s time to upgrade to faster equipment anyways.
There are two standards of encryption - WEP & WPA:
WEP: The older Wired Equivalent Privacy is the least secure method of the two. Although the 128bit key is stronger then the 64bit, they’re both still better than nothing. You set the WEP key manually – so please don’t pick a simple key like “11111111”, “10101010” or “12345678”
NOTE: There's even a fricken' screen saver program that will crack a 40bit (aka 64bit) encryption while your computer "rests"
WPA: The other method is called WiFi Protected Access which uses a 256-bit key that constantly changes, so it’s a bit harder to hack – it’s also trickier to configure.
If possible, first select WAP, followed by 128WEP then lastly 64WEP -- in all cases, enable the best type of encryption you have available to you! - Turn-on the router or access point’s firewall – yes, I’ve seen this (mistakenly) turned-off!
- Enable Media Access Control (MAC) Filtering. Media Access Control is a unique number assigned to every network hardware (your comptuers, router, network printer). This "MAC Address" number is usually printed directly on your wireless card or computer.
To determine your computer's MAC Address:
Start --> Settings --> Control Panel --> Network Connections --> Double=click on Local Area Connection --> Click on the Support Tab --> Press the Details button to view your Phyiscal Address
MAC Filtering is simply a list of MAC Address typed into your router determining which computers are allowed to connect to your wireless network!
Geen opmerkingen:
Een reactie posten