You are on page 1of 8

It wasnt too long ago that computers were a luxury rather than a necessity.

Only the
lucky and the wealthy had even one in their home and a network was something reserved for
large corporations.
Fast forward a decade or so and everyone has to have their own computer. There is one
for the parents (sometimes two if the parents cant share nice) and one or more for the kids to
use for homework and games. Home users have gone from no Internet access to 9600 kbps
dial-up Internet access beyond 56 kbps dial-up access and are moving on to broadband
connections to rival or match the T1 connections they relish at work.
As the Internet and the World Wide Web have exploded into our culture and are
replacing other media forms for people to find news, weather, sports, recipes, yellow pages
and a million other things, the new struggle is not only for time on the computer at home, but
for time on the Internet connection.
The hardware and software vendors have come forth with a variety of solutions
allowing home users to share one Internet connection among two or more computers. They all
have one thing in common though- the computers must somehow be networked.
To connect your computers together has traditionally involved having some physical
medium running between them. It could be phone wire, coaxial cable or the ubiquitous CAT5
cable. Recently hardware has been introduced that even lets home users network computers
through the electrical wiring. But, one of the easiest and least messy ways to network
computers throughout your home is to use wireless technology.
It is a fairly simple setup. The Internet connection comes in from your provider and is
connected to a wireless access point or router which broadcasts the signal. You connect
wireless antenna network cards to your computers to receive that signal and talk back to the
wireless access point and you are in business.
The problem with having the signal broadcast though is that it is difficult to contain
where that signal may travel. If it can get from upstairs to your office in the basement then it
can also go that same 100 feet to your neighbors living room. Or, a hacker searching for
insecure wireless connections can get into your systems from a car parked on the street.
That doesnt mean you shouldnt use wireless networking. You just have to be smart
about it and take some basic precautions to make it more difficult for curiosity seekers to get
into your personal information. The next section contains some simple steps you can take to
secure your wireless network.
Change the System ID: Devices come with a default system ID called the SSID
(Service Set Identifier) or ESSID (Extended Service Set Identifier). It is easy for a hacker to
find out what the default identifier is for each manufacturer of wireless equipment so you
need to change this to something else. Use something unique- not your name or something
easily guessed.
Disable Identifier Broadcasting: Announcing that you have a wireless connection to
the world is an invitation for hackers. You already know you have one so you dont need to
broadcast it. Check the manual for your hardware and figure out how to disable broadcasting.
Enable Encryption: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected
Access) encrypt your data so that only the intended recipient is supposed to be able to read it.
WEP has many holes and is easily cracked. 128-bit keys impact performance slightly without
a significant increase in security so 40-bit (or 64-bit on some equipment) encryption is just as
well. As with all security measures there are ways around it, but by using encryption you will
keep the casual hackers out of your systems. If possible, you should use WPA encryption
(most older equipment can be upgraded to be WPA compatible). WPA fixes the security flaws
in WEP but it is still subject to DOS (denial-of-service) attacks.

Restrict Unnecessary Traffic: Many wired and wireless routers have built-in
firewalls. They are not the most technically advanced firewalls, but they help create one
more line of defense. Read the manual for your hardware and learn how to configure your
router to only allow incoming or outgoing traffic that you have approved.
Change the Default Administrator Password: This is just good practice for ALL
hardware and software. The default passwords are easily obtained and because so many
people dont bother to take the simple step of changing them they are usually what hackers try
first. Make sure you change the default password on your wireless router / access point to
something that is not easily guessed like your last name.
Patch and Protect Your PCs: As a last line of defense you should have personal
firewall software such as Zone Alarm Pro and anti-virus software installed on your
computer. As important as installing the anti-virus software, you must keep it up to date. New
viruses are discovered daily and anti-virus software vendors generally release updates at least
once a week. You also must keep up to date with patches for known security
vulnerabilities. For Microsoft operating systems you can use Windows Update to try and
help keep you current with patches.

Many folks setting up wireless home networks rush through the job to get their Internet
connectivity working as quickly as possible. That's totally understandable. It's also quite risky
as numerous security problems can result. Today's Wi-Fi networking products don't always
help the situation as configuring their security features can be time-consuming and nonintuitive. The recommendations below summarize the steps you should take to improve the
security of your home wireless network.
1. Change Default Administrator Passwords (and Usernames)
At the core of most Wi-Fi home networks is an access point or router. To set up these pieces
of equipment, manufacturers provide Web pages that allow owners to enter their network
address and account information. These Web tools are protected with a login screen
(username and password) so that only the rightful owner can do this. However, for any given
piece of equipment, the logins provided are simple and very well-known to hackers on the
Internet. Change these settings immediately.
2. Turn on (Compatible) WPA / WEP Encryption
All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles
messages sent over wireless networks so that they cannot be easily read by humans. Several
encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest
form of encryption that works with your wireless network. However, the way these
technologies work, all Wi-Fi devices on your network must share the identical encryption
settings. Therefore you may need to find a "lowest common demoninator" setting.
3. Change the Default SSID
Access points and routers all use a network name called the SSID. Manufacturers normally
ship their products with the same SSID set. For example, the SSID for Linksys devices is
normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break
into your network, but it is a start. More importantly, when someone finds a default SSID,
they see it is a poorly configured network and are much more likely to attack it. Change the
default SSID immediately when configuring wireless security on your network.
4. Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC
address. Access points and routers keep track of the MAC addresses of all devices that
connect to them. Many such products offer the owner an option to key in the MAC addresses
of their home equipment, that restricts the network to only allow connections from those
devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers
and their software programs can fake MAC addresses easily.
5. Disable SSID Broadcast
In Wi-Fi networking, the wireless access point or router typically broadcasts the network
name (SSID) over the air at regular intervals. This feature was designed for businesses and
mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming
feature is unnecessary, and it increases the likelihood someone will try to log in to your home
network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be
disabled by the network administrator.
6. Do Not Auto-Connect to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router
exposes your computer to security risks. Although not normally enabled, most computers
have a setting available allowing these connections to happen automatically without notifying
you (the user). This setting should not be enabled except in temporary situations.
7. Assign Static IP Addresses to Devices
Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is
indeed easy to set up. Unfortunately, this convenience also works to the advantage of network
attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off
DHCP on the router or access point, set a fixed IP address range instead, then configure each
connected device to match. Use a private IP address range (like 10.0.0.x) to prevent
computers from being directly reached from the Internet.
8. Enable Firewalls On Each Computer and the Router
Modern network routers contain built-in firewall capability, but the option also exists to
disable them. Ensure that your router's firewall is turned on. For extra protection, consider
installing and running personal firewall software on each computer connected to the router.
9. Position the Router or Access Point Safely
Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage
outdoors is not a problem, but the further this signal reaches, the easier it is for others to
detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for
example. When installing a wireless home network, the position of the access point or router
determines its reach. Try to position these devices near the center of the home rather than near
windows to minimize leakage.
10. Turn Off the Network During Extended Periods of Non-Use
The ultimate in wireless security measures, shutting down your network will most certainly
prevent outside hackers from breaking in! While impractical to turn off and on the devices
frequently, at least consider doing so during travel or extended periods offline. Computer disk
drives have been known to suffer from power cycle wear-and-tear, but this is a secondary
concern for broadband modems and routers.
If you own a wireless router but are only using it wired (Ethernet) connections, you can also
sometimes turn off Wi-Fi on a broadband router without powering down the entire
network.

These days wireless networking products are so ubiquitous and inexpensive that just about
anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment.
This widespread use of wireless networks means that there may be dozens of potential
network intruders lurking within range of your home or office WLAN.
What can I do?
Most WLAN hardware has gotten easy enough to set up that many users simply plug it in and
start using the network without giving much thought to security. Nevertheless, taking a few
extra minutes to configure the security features of your wireless router or access point is time
well spent. Here are some of the things you can do to protect your wireless network:
1) Secure your wireless router or access point administration interface
Almost all routers and access points have an administrator password that's needed to log into
the device and modify any configuration settings. Most devices use a weak default
password like "password" or the manufacturer's name, and some don't have a default
password at all. As soon as you set up a new WLAN router or access point, your first step
should be to change the default password to something else. You may not use this password
very often, so be sure to write it down in a safe place so you can refer to it if needed. Without
it, the only way to access the router or access point may be to reset it to factory default
settings which will wipe away any configuration changes you've made.
2) Don't broadcast your SSID
Most WLAN access points and routers automatically (and continually) broadcast the
network's name, or SSID (Service Set IDentifier). This makes setting up wireless clients
extremely convenient since you can locate a WLAN without having to know what it's called,
but it will also make your WLAN visible to any wireless systems within range of
it. Turning off SSID broadcast for your network makes it invisible to your neighbors and
passers-by (though it will still be detectible by WLAN "sniffers").
3)Enable WPA encryption instead of WEP
802.11's WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make
it relatively easy for a determined user with the right equipment to crack the encryption and
access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi
Protected Access). WPA provides much better protection and is also easier to use, since your
password characters aren't limited to 0-9 and A-F as they are with WEP. WPA support is built
into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware
and operating systems. A more recent version, WPA2, is found in newer hardware
and provides even stronger encryption, but you'll probably need to download an XP patch in
order to use it.
4) Remember that WEP is better than nothing
If you find that some of your wireless devices only support WEP encryption (this is often the
case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to
skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having
no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a
string of the same or consecutive numbers. Also, although it can be a pain, WEP users should
change encryption keys often-- preferably every week. See this page if you need help
getting WEP to work.
5) Use MAC filtering for access control

Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning
on MAC filtering you can limit network access to only your systems (or those you know
about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12character MAC address of every system that will connect to the network, so it can be
inconvenient to set up, especially if you have a lot of wireless clients or if your
clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person,
so while it's not a guarantee of security, it does add another hurdle for potential intruders to
jump.
6) Reduce your WLAN transmitter power
You won't find this feature on all wireless routers and access points, but some allow you lower
the power of your WLAN transmitter and thus reduce the range of the signal. Although it's
usually impossible to fine-tune a signal so precisely that it won't leak outside your home or
business, with some trial-and-error you can often limit how far outside your premises the
signal reaches, minimizing the opportunity for outsiders to access your WLAN.
7) Disable remote administration
Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you
should use this feature only if it lets you define a specific IP address or limited range of
addresses that will be able to access the router. Otherwise, almost anyone anywhere could
potentially find and access your router. As a rule, unless you absolutely need this capability,
it's best to keep remote administration turned off. (It's usually turned off by default, but it's
always a good idea to check.)
Enable G-only
If you only use wireless devices capable of using the g-standard (54 Mbit), then enable the Gonly setting in the wireless router. This option will eventually improve the wireless
connection quality.
Select a channel with less noise
For an optimal connection, one can choose between thirteen frequencies available for the
wireless network to operate on. If a frequency is used for more then one wireless router, it will
definitely result in bad connections. But also the neighboring frequencies can give a poor
connection as well! By changing the used frequency by the wireless router, the quality of the
wireless connection should improve significantly.
The tool NetStumbler for XP (download: http://www.netstumbler.com/) or Vistumbler for
Vista (download: http://www.vistumbler.net/) can be used to find out which frequencies the
neighboring wireless networks are using (the networks included of which the SSID (the name
of the network) has been hidden). The next step is to change the router settings, to make sure
the wireless network operates on a frequency with less noise. But remember that setting the
frequency as high as possible, might result in a bad wireless connection (or the network is not
visible anymore) depending on the used wireless adapter.
No icon for the wireless adapter available

If there is no wireless connection icon available in the system tray, you probably didn't install
the drivers yet. You can use the software shipped with the hardware, personally I prefer to
disable this software and use the Windows XP build in software (in some cases the utility
works better). Disabling the software is easily done with the tool MSCONFIG (tab Startup
and/or Services), but in most cases you can disable the installed utility by removing the icon
from the Startup folder in Start, All Programs. Besides deactivating the vendors software,
make sure the service Wireless Zero Configuration-service (XP) or WLAN Auto Config
(Vista) has been set to automatic.
Disable the SSID broadcast
Once you have a successful wireless connection, disable the SSID broadcast of the router
(most wireless routers support this option). Now you have to enter the SSID correctly before
the wireless router will communicate with a computer. This makes your router invisible to
others.
MAC-Address control
With the routers option MAC control, you are able to select your specific (wireless) hardware
ID's, and deny all other. This gives some extra security: if someone tries to crack your
wireless network, they have to clone one of your MAC addresses (it's not difficult to change
the MAC address, but it is an extra defense). Especially if you decide not to use any wireless
encryption, I advise to enable MAC address control.
Preferred network
If you are frequently connected with the wireless connection of one of your neighbors, you
need to move up your own wireless network as a preferred network. You can do this on the
tab Wireless Networks of the Wireless Network Connection Properties. Select your own
wireless network and press Move up.
Securing the wireless network with WPA or WPA2 encryption
A wireless router needs some extra attention, you need some extra security to make sure you
are not providing your neighbors with free internet (and possibly also your personal data). If
the wireless connection is not safe enough, the personal data (passwords, e-mail, Live
Messenger chats, visited websites, internet favorites and possibly the banking and income tax
information) is freely available by your neighbors! The wireless traffic needs to be encrypted
to make sure nobody is able to use (or abuse...) your internet connection. Most routers support
WEP and WPA/WPA2 encryption (if WPA/WPA2 is not available check for a firmware
upgrade).
Using WPA/WPA2 is not that difficult. First you have to change the router settings to use a
WPA key for encryption (or the even better WPA2 encryption). The next step is double
clicking the wireless icon in the system tray. You will see your wireless network name (SSID),
by selecting it you will be asked to enter the WPA key. If WPA/WPA2 is not supported by the

wireless adapter, check the manufacturers website for software updates and make sure the
latest Windows updates have been installed.
For the best type of data encryption, select AES (TKIP is a safe encryption as well, but not as
good as AES). Use Pre Shared Key (PSK) as the key for gaining access to the wireless
network, this is the password in the form of a sentence which is easy to remember. After the
setup procedure of the wireless router has been finished, try to connect to the network by
selecting the SSID (the given name of the wireless network) in the overview of available
websites (the wireless network won't be visible if the SSID is not broadcasted by the router
(hidden)). The wizard which will start after selecting the SSID, asks for the WPA key which
has been set in the router. After typing the pre shared key (PSK), the connection to the
wireless network will be realized.
You can also check these settings manually by editing the wireless connection settings in
advanced mode. On the tab Association you have to use the following settings after you have
entered the SSID: select WPA-PSK (Pre Shared Key) in the first combo box and TKIP
(Temporal Key Integrity Protocol) in the second combo box (as shown below), use the pass
phrase (used by your wireless router) as network key.

WPA OR WEP ENCRYPTION?


Instead of WPA/WPA2, it is also possible to use WEP encryption. WEP encryption is very
easy to crack, you only need to capture a lot of package and calculate the original key! WEP
uses the same key for every package send, while WPA/WPA2 changes the key for every
single package (only the first package of the wireless connection is always the same, mostly a
pass phrase). So, using WPA/WPA2 is much safer! If you have to use WEP encryption, make
sure you regularly change the key.
FREQUENT DROPS OF WPA CONNECTION

A dropping WPA connection is normal, you can always right click the connection icon and
select Repair if needed. Sometimes the wireless WPA connection drops to frequently. If this
is the case, make sure it's not caused by the firewall, update the firmware of the wireless
router and/or the drivers of your wireless adapter. If the WPA wireless connection drops
frequently because of noise, try the following registry tweak: add the DWORD value
AuthMode=2
in
the
following
key
(only
for
Windows
XP):
HKLM\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global
If nothing helps, you have to go back to the less secured WEP encryption. Don't buy cheap
wireless routers, always ask if you are allowed to return the router if it doesn't work to
your satisfaction!