A Comprehensive Guide to Secure Your Wireless Network

By Angsuman Chakraborty, Gaea News Network
Friday, September 26, 2008

Gone are the days of wired networking devices. Wireless networking is the future. It is the gen-x mode of communication. But as is said, “With great power comes great responsibility” so it has some real security loopholes too. You can never imagine how stealthily your wireless network can be hacked and it can have tremendous implications not only on your security but also your personal safety and peace. What if some terrorist uses your open wireless network to send terror emails or bomb threats? You will soon have cops swarming on your doorstep. Try convincing them that it was not you. At the least your whole life will be turned topsy-turvy and you will be in headlines all over the country and I assure you it won’t be complimentary. So let me tell you some important but easy ways to protect your wireless network:

1. Password Protection

First things first.

  • Start from the scratch and password protect all the computers with internet access.
  • Include numbers, symbols, upper and lowercase letters in passwords to give the toughest time to someone who is trying to use brute-forcing.
  • Again, use a strong security question (if prompted for)

2. Internet Security with Anti-virus and Firewalls

Secure your connection and network with a good anti-virus and good firewall. They are the resident watch-dogs of your computer network and believe me, with the likes of NOD32 and KASPERSKY its very difficult to intrude into the system

Note: -> Update these softwares regularly and keep a check on the latest versions.

3. Enable Wireless MAC Filtering

This is a setting that you will HAVE TO do. To do so, restrict your permission to the physical drives who can use W-LAN . Here is how:

  • Enter the Router settings page
  • in the Wireless (or W-LAN) option, go to Wireless MAC Filter Window. Some Router manufacturers also term this as Access Control List.
  • You will see an option saying Permit only PCs listed to access the wireless network. Select this one.
  • Go to Edit MAC Filter List.
  • Add MAC addresses in the following format — 00:19:DS:C3:AC:A7 — in the Wireless Client MAC List. You can get MAC id (physical address) of a PC by entering the command ipconfig /all in the command prompt for that PC.
  • Save settings.

4. Change The Default Password

Changing passwords to your ip-service and computers are not enough these days. One needs a port-scanner and your ip only to crack through your router. Because by default every router has a default password of admin.

Let’s take the example of BSNL Broadband.

  • Go to your browser address bar
  • Type 192.168.1.1 and ENTER
  • On the menu page change your password from admin to anything strong.
  • Your router is safer now.

5. Create a VPN Network

Create a Virtual Private Network (VPN) for your business. A VPN establishes a private network across the public network by creating a tunnel between the two endpoints so that nobody in between can intercept the data.You can ever let remote users to connect to your network. This makes the network relatively secure.

6. Isolate your Wi-Fi Signal

Wireless Isolation is a service that makes you invisible in your locality while you are using wi-fi so that other wi-fi users, potential intruders can not see you and try to break into your network. This is a default service but you need to physically enable it and its a MUST too.

7. Hide Your SSID

You may ask me what is this SSID. So here you go,

service set identifier is a 32-character unique identifier attached to the header of packets sent over a W-LAN that acts as a password

or

it can act as the name of your network too.

To hide it from unauthorized users do the following:

  • Enter the Router settings page. In the Wireless (or W-LAN) option go to Basic wireless Settings Window.
  • Create a SSID of your choice.
  • Select Wireless SSID Broadcast as Disabled.
  • Save settings.

But SSID will need to be added manually in the network list of that PC / Laptop.

To add

  • Go to Control Panel -> Network Connections -> Wireless Network Settings -> Right Click and go to View Available Wireless Networks.
  • Click on Change Advance Settings -> Wireless Networks -> Click on Add -> Enter the SSID of your wireless network -> OK

8. Enable Encryption

This is another recommended step for Wireless network protection. Most of the new routers now offer WPA or WiFi Protected Access and Wired Equivalent Privacy or WEP passwords. But encryption over WPA/WPA2 is far better because it uses dynamic key encryption. Now follow the instruction to use this property

  • Go to SSID profile that is created by you. Go to properties
  • In the profile properties on your laptop/ desktop choose the same type of encryption configured in wireless router and configure a password (Encryption Key).
  • Save settings.

9. Personal Awareness

That is the most VITAL point I intend to discuss. Casually we ourselves harm the system and then we blame the hardware or software for not detecting the intrusion. Actually We must keep in mind these seemingly trivial things. Like,

  • Do not connect or attach to any ad-hoc even if the url says it comes from a very trusted source, unless you know about it. Because many a crackers can hide the actual URL under it and trespass into your system just like that.
  • Do not click on unnecessary links or instructions from other websites. You never know how many stealth key-loggers, password stealer and etc can be installed into your PC just because you allowed them. So be extremely careful with links.
  • Use your firewall very restrictively. Monitor the inbound and outbound ip-addresses once. It is a bit time consuming but log files of good firewalls (like Zonealarm) can aware you of a possible threat.

I have discussed a handful of techniques that are easy to implement to secure your wireless network and provide you peace of mind. We will update this post from time to time as new information becomes available. Till then take care.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :