.Home Page
x

Sonoma County Computer Services
the north bay's leader in technical support for home and business
line

Tips for Wireless Home Network Security

Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi products don't always help the situation as configuring their security features can be slow and non-intuitive. The recommendations below summarize the steps you should take, in order to importance, to improve the security of your home wireless LAN.

Change Default Administrator Passwords (and Usernames)
At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

Turn on (Compatible) WPA / WEP Encryption
All Wi-Fi equipment supports some form of "encryption." Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. To function, though, all Wi-Fi devices on your LAN must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.

Change the Default SSID
Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow anyone to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and may be more likely to attack it. Change the default SSID immediately when configuring your LAN.

Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the "physical address" or "MAC address." Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Be aware however this feature is not as powerful as it may seem. Hacker software programs can fake MAC addresses easily.

Disable SSID Broadcast
In Wi-Fi networking, the access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may come and go. In the home, this feature is unnecessary, and it increases the likelihood an unwelcome neighbor or hacker will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

Do Not Auto-Connect to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.

Assign Static IP Addresses to Devices
Most home networkers grativate toward using dynamic IP addresses. DHCP technology is indeed quick and easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from a network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range, then set each connected device to match. Use a private IP range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

Position the Router or Access Point Safely
Wi-Fi signals normally reach to the exterior of a home. A small amount of "leakage" outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.

Turn Off the Network During Extended Periods of Non-Use
The ultimate in security measures, shutting down the network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this should not be a concern for broadband modems and routers.




Search
Services
Business Services
Home Services
Support
Emergency Support
Schedule an Appointment
Service Plans
Secure Area
Check E-Mail
Client Logon
Staff Logon
Pay My Bill Online
(Visa, MC, Amex & Discover)
Tips/Self Help
Basic Wi-Fi Troubleshooting
Creating Your Own Website
Dropped Wi-Fi Connections
Planning a Home Network
Positioning Wireless Eqpt.
Troubleshooting File Sharing
Wireless Security Tips
Contact
P.O. Box 846
Sonoma, CA 95476

Tel: 707.320.2337
Fax: 707.320.2339

E-mail: info@sccs.biz
© 2006 Sonoma County Computer Services