Wednesday, January 04, 2006

Wireless Network Security

With a wireless network, however, you have a radio signal that permeates the very air around us. Because of the broadcast nature of WLANs, it is far easier to access this sort of network, especially when the signal is usually powerful enough to emanate outside of a building and so potentially provide network access to those outside.

Another benefit of a cabled network is that the transfer of data between computers remains within the wires themselves. Contrast this with a Wireless network, in which the data is now easier to intercept and/or corrupt.

As a result you need to secure your wireless network in the following ways:

* Request user authentication to prevent unauthorized access to your network.
* Use data privacy to protect the integrity and privacy of the data being transmitted.


How do you secure your Wireless network?

1. Change the SSID When you configure your WAP change the default SSID (Service Set IDentifier). Don’t pick something that easily identifies you, like your name, street address, etc. Instead pick something complicated that is difficult to guess and is made up of a mixture of letters and numbers e.g. m6jvUm9mHuQfA4h5tgCH

2. Disable SSID broadcasting In addition, make sure your WAP isn’t configured to broadcast your SSID. Although this is not a secure method of protecting your network, it does mean your WLAN is not so openly available to intrusion.

3. Configure WPA or WPA2 To authorize access to your Wireless network you should choose a security setting of WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or better yet WPA2-PSK if available.

Although Windows XP supports both of these security methods, you still need a wireless adapter that supports WPA as well.

NOTE: WEP (Wired Equivalent Privacy) is the earlier attempt to secure wireless connections and it is not secure enough. If this is all your WPA has to offer then you should either upgrade the firmware on it, if this will then give you WPA, or purchase a newer device.

You also need to choose a password for WPA-PSK. Like your SSID, this too needs to be complicated and so not easy to guess.

4. Restrict access based on MAC authentication Your wireless network adapter has a physical address called a MAC (Media Access Control) address. You can take advantage of this by configuring your WAP to only allow access to those MAC addresses you want to give access to your network and so restrict which computers can get connected. Although a MAC address can still be spoofed, this is yet another obstacle to deter the casual hacker.

5. Change the administrator account/password Your WAP will come with a standard administrator account and password. So anyone who has bought the same device will know what these are. Change the password to one that isn’t easy to guess and if possible change the name of the administrator account as well.