Have you ever tried to connect to a wireless network and noticed how often you see a network called Linksys or netgear? Businesses and homes are connecting to the Internet with many devices in addition to computers. In homes we often see game systems, security systems, and even appliances connecting to transmit grocery lists. While some newer homes are wired for computer connections throughout, older homes are not which leaves you restricted to where and what you can connect. The most common solution to this problem is the addition of a wireless access point (WAP) or wireless router. These devices are easy to install and can be up and running with default settings in a matter of a few minutes. Unfortunately the default settings on these devices are well known and have no security. Without security on a WAP any user can connect and use your network. This is commonly referred to as hijacking. While you may not see any immediate harm in this, there are risks. At the very least the hijacker could use your connection do download from the Internet, possibly causing excess usage charges being levied against the owner. At the more extreme end of the spectrum, the hijacker could possibly access personal information stored on other computers in the network or use the connection for illegal activity that could leave the network owner liable in some manner.
All of these devices do have a number of security features available that simply need to be turned on and configured. With a little understanding of some of the features and terminology anyone can close the security holes to help thwart would be hijackers. The first step in securing a wireless device is to set a password on the admin account that is difficult to guess without being so complex that the owner can’t access it. Now that only the owner of the device can access the configuration you can change some settings for how devices can connect and even restrict what devices can connect. When you first try to connect to a wireless network you see a name (or in many cases a list of network names in your area) which is called the service set identifier or SSID. Typically you would set this to something more descriptive of the network so that it is clear to people looking for it. Changing the SSID is similar to painting your house. It personalizes it, but doesn’t effectively change its function. To add security you can actually tell the WAP not to broadcast the SSID, which means that people looking for wireless networks will not see this one. The next step is to add wireless security in the form of an access password and/or encryption. You will probably see a number of security options such as WEP and WPA listed in your device and a number of options within each of these. Wired equivalent privacy (WEP) was the original standard for wireless security and may have to be used if there are older devices connecting that don’t support newer standards. A better option, if it is supported by all devices that you want to use wireless, is Wi-fi protected access (WPA or WPA2). This newer standard is more secure without adding complexity. Detailed explanations of each of the options within the encryption families is beyond the scope of this blog, but suffice it to say that any setting on the WAP must match a setting on the device that is connecting. One further layer of security is MAC authentication. Media access control (MAC) addresses are distinct numbers assigned to any device that can connect to a network. MAC authentication allows a WAP to keep a list of MAC addresses that it will allow to connect to itself. You typically need to manually enter the address of each device that connects on the WAP in addition to any other security settings you have implemented.
The best security settings for wireless networks would mean that a potential hijacker would have to know your SSID, your encryption scheme, the security passphrase or key, and have the ability to determine and spoof (the computer term for forgery) an authorized MAC address.
Recent Comments