Wireless Network Security Checklist

Category: Security , Wireless

I have a wireless router, with several computers and game consoles in my home connected to wifi, but I'm worried about the security of the wireless network. How can I make sure that nobody can secretly access my computers through a wireless connection?

Checklist: Is Your Wireless Network Safe?

The purposes of wireless security is to keep unauthorized parties from using the wireless Internet access that you pay for, and to keep unauthorized parties from accessing the computers on your wireless network. For home and small business wireless network operators, "unauthorized parties" are usually not mastermind cybercriminals but casual freeloaders.

Your wireless network's range is a few hundred yards, at most. That means the people most likely to "hack" into your WiFi network are your neighbors and transient passersby. Fortunately, it does not take much to deter such gate-crashers. A few easy, free tweaks to your WiFi router's settings are enough.

  • Change the router's default username and password. The default login credentials for most WiFi routers are well known to hackers, and gaining access to the router enables them to do anything they wish. Note that this is NOT the same as the password one must enter to connect to a wifi network.
  • Wifi Security Checklist

  • Lock down your wifi with a password. Enable user authentication so that only persons who have a secret password can connect to your WiFi network. Authentication relies on encrypting the wireless signal so that only those who have the password can decrypt and use it. Several kinds of encryption are built into most routers. Steer clear of WEP which is an older and weaker form of encryption that hackers can break. The WPA protocol with RC4 encryption, or the WPA2 protocol with AES encryption is recommended. (Geeky side note: WPA with TKIP encryption is crackable.)
  • Choose a really good password. Make your wifi passwords long or random so that they are difficult to guess or hit upon with "brute force" password-cracking software. A strong authentication key is at least 12 characters long and includes a random mixture of upper- and lower-case letters, digits, and special characters such as the underscore. Most devices will remember an authentication key, so the user only has to type it once.
  • Change the wifi password occasionally. If any user no longer needs access, i.e., if you fire an employee or throw your brother-in-law out of your house, changing the wifi password will block them from your wireless network.
  • Don't advertise yourself. Set your router to not broadcast its SSID - the network name that identifies your wireless network, i.e., "Linksys", "SmithFamily" or "123Main". Then your network won't show up in the list of "available networks" that casual freeloaders browse to find open wifi networks.
  • Use MAC address filtering. MAC addresses can be used to allow and disallow specific devices (computers, iPods, smartphones) on your wireless network. A MAC address (which has nothing to do with Apple Macs) is a unique string of hexadecimal numbers embedded into almost every digital device, akin to a Social Security Number. A router can be configured to allow only devices from a list of specific MAC addresses on a network, or to block specific MAC addresses and allow all others.
  • Be stingy with IP addresses. Limit the range of IP addresses that can be issued by your router's DHCP server. If only three computers in your home or office are authorized to use the wireless network, don't leave a dozen or more IP addresses available for the DHCP server to issue to whoever drives by.

To modify any of these wifi security settings, you first have to login to the router. Most commonly, you can enter http://192.168.0.1 or http://192.168.1.1 in your web browser to connect to the router. If you don't get a login prompt, enter the ipconfig command at a Windows command prompt. Look for the "Default Gateway" line, and you'll find the router address there. On a Mac, click the Apple, then System Preferences / Network / Ethernet /Advanced / TCP/IP tab, and the router address is displayed.

Unfortunately, I can't give specific instructions for changing the security settings, because there are so many types of routers, and the interface for each is different. A bit of Googling or your router's user manual should help you find the right place to make each change to the wireless security settings.

None of these techniques are fool-proof, but taken together they will add layers of security to your wifi network, and keep you safe from hackers looking to take advantage of soft targets.

Do you have something to say about wireless network security? Post your comment or question below...

 
How Else Can I Help You?   (Enter your question in the box above.)
 

Sign up now for AskBob Updates!

Boost your Internet IQ, keep up with the latest online trends... get your FREE subscription now!


Email:


Posted by on 23 Dec 2010


For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Disk Defraggers

The Top Twenty
Next Article:
Digital Photo Image Management

Link to this article from your site or blog. Just copy and paste from this box:


Most recent comments on "Wireless Network Security Checklist"

Posted by:

Tom
01 Jan 2011

When I first installed a wireless router I didn't bother to make it a secured network. Then I noticed that someone was accessing it on a daily basis. Since then I reset the modem and set it up as a security network with a p/w that includes numbers, letters as well as capitals. Now the only one to use my network is myself, as it well should be!


Posted by:

Morty
01 Jan 2011

I'm presently using a 25 character password. It has upper case, lower case, numbers and pucntuation symbols. If someone cracks that code, I'm going back to my faithful IBM Selectric.

Happy New Year all.


Posted by:

Jeeva
01 Jan 2011

Hi Jeeva,

Here is really good infos about security of wireless connection


Posted by:

Robert Cole
01 Jan 2011

Contrary to Bob's opinion (in this case) Microsoft shares a totally different one. Please see article at web URL: http://www.brighthub.com/computing/smb-security/articles/1211.aspx

EDITOR'S NOTE: The articles you cite recommend against hiding the SSID for two reasons:

1) It may inadvertantly help hackers find open (unsecured) routers. But that's not relevant if you're using WPA2 encryption, as I've recommended.

2) It may cause employees to connect to unsecured wireless networks, because they're unable to find the hidden company router. This is a (slightly) better argument, but it boils down to an education issue. And of course does not apply to home networks, which is my focus.

All told, this advice is like saying "Don't put a weak lock on your front door, because bad guys with the proper tools can open it anyway."


Posted by:

bob
02 Jan 2011

How did you notice that someone was accessing your router on a daily basis? I currently have an unprotected router and want to know if anyone in my neighborhood is using it.

Maybe I'm naive, but as long as they aren't harming my system, I really don't mind the piggy-backing.

EDITOR'S NOTE: My router has an option to view current connections and a log of all connections that have been made.


Posted by:

Lee McIntyre
03 Jan 2011

In response to the writer who said, "Maybe I'm naive, but as long as they aren't harming my system, I really don't mind the piggy-backing."

Suppose your next-door neighbor piggy backs on your system to upload or download porn or other nefarious stuff. When the authorities come sniffing him down, the trail will lead to YOUR network, and you will have the task of proving, "It wasn't me. Honest."

Or, so I've been told.


Posted by:

mike curtis
03 Jan 2011

Someone using your router?

Just close all prgrams that you use to access the internet and watch the lights on your routers and modems. If any send/receive lights are blinking rapidly then who's just come in your door?


Posted by:

john spence
06 Jan 2011

There is a low cost version of Network Magic that will show, among other things, when you have an intruder or the network is down.
It will also restart the router if you config it to do so.
Keep it up Bob!!

jbs


Posted by:

M G
07 Jan 2011

Thanks for the "Be stingy with IP addresses" tip; didn't know that one.

What about changing DNS servers to OpenDNS, Comodo, etc.? (I use Open DNS)


Posted by:

luftiq
18 Mar 2011

Check out another wireless network security tutorial: http://www.kimpl.com/?p=498


Posted by:

BarefootNH
29 Mar 2011

Your second point is very misleading, and actually incorrect: hackers cannot break WPA! Those headlines from a couple years ago were to do nothing more than sell newspapers.

WEP is indeed broken, but not the RC4 encryption. WPA fixes the mistakes of how WEP improperly used RC4. The use of RC4 in WPA is now actually quite good (especially if QoS is turned off or non-existent).

WPA2 is slower than WPA because of its use of AES. The use of AES in WPA is non-standard and not certified, and should be avoided; if you really want AES then you should use WPA2. No matter whether WPA or WPA2 is used, it all comes down to how robust the password is!

https://secure.wikimedia.org/wikipedia/en/wiki/RC4

http://www.grc.com/sn/sn-170.htm

EDITOR'S NOTE: Thanks for the refresher. It was actually the TKIP encryption method (used with WPA) that was cracked. As you say, WPA+RC4 or WPA2+AES are good choices.


Posted by:

Dan S.
06 Jan 2012

Hi Bob, Have you ever used a 3rd party encryption software for wifi access?

EDITOR'S NOTE: Not sure what you mean. Can you clarify?


Posted by:

Irv Zaritsky
24 Mar 2013

Hi Bob, When I turn off the SSID, my mobile Apple (iOS) devices can't find my network. Any suggestions? Thanks!

EDITOR'S NOTE: I think you can pick "Other" and enter the SSID manually.


Posted by:

Al S
21 May 2013

Network Magic is no longer available for sale. Linksys Routers have it built in now It configures when you set up the router.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Wireless Network Security Checklist (Posted: 23 Dec 2010)
Source: http://askbobrankin.com/wireless_network_security_checklist.html
Copyright © 2005 - Bob Rankin - All Rights Reserved

 
Free
Newsletter
Get the FREE  "AskBob Updates" newsletter!       Email:    (Details)