Wireless Security

Wireless Taps?

In the last few years, wireless home networks have exploded onto the scene, driven by inexpensive equipment and the desire to set up home networks quickly and easily to access broadband Internet connections. Wireless networks require no drilling and eliminate unsightly cables hanging from the ceiling or tangling under desks.

However, many home users don't realize that by eliminating cables, they are exposing themselves to significant security risk. Cabled networks have an inherently secure feature; only computers physically attached to the network can access the data. Wireless networks, however, are often configured by default to allow access to any computer that attempts to connect to the network. In other words, anyone driving by with a laptop looking for stray wireless signals or anyone with a wireless network card in a neighboring house can use networks configured in that way.

Since wireless networks are so easy to set up, users often don't realize that they are offering free bandwidth to anyone who wants to use it – for any purpose. Obviously, most people would not want to allow their home network to be used for possibly illegal activity, like transmission of child pornography or spamming. But many don't know how to keep it from happening.

Wireless Security and Encryption

Fortunately, there are two wireless security encryption standards you can use. Wireless Encryption Protocol (WEP) has been around for several years, is supported by all routers and wireless adapters, and provides adequate security for home users. Newer routers and wireless adapters offer the even more secure WiFi Protected Access (WPA), the latest standard in wireless network encryption. If your network router and the wireless adapter in your computer both support WPA, use it. Otherwise, you'll have to use WEP security.

Configuring WEP and WPA

Since there are many different router manufacturers, and they all have their own setup procedures, it's not possible to cover WEP/WPA configuration for all products. However, we can cover the basics and refer you to the user manual for specifics.

The first step is to configure your wireless router to use encryption. (Some routers are shipped with encryption turned off, and some are configured with default passwords that must be changed.) This requires connecting to the router physically (usually using a network cable or USB cable) and setting the security to WEP or WPA following the instructions that came with the router. (Trying to configure the network while connected wirelessly is difficult, because the computer loses connection immediately when the security change kicks in.)

To connect with your router, you'll need to know its IP address. Open a Windows command prompt by clicking Start / Run, then enter CMD and press Enter. When the command prompt window appears, enter the IPCONFIG command. The address shown on the Default Gateway line is the one you want, and is usually 192.168.0.1 or 192.168.1.1 but in any case, your router's manual should tell you the address if you can't otherwise find it. Open your web browser and enter something like this: http://192.168.0.1 (but use the correct address for YOUR router).

If you don't have the user manual, just poke around in the setup screens to find the right place to change the wireless security settings. In a nutshell, you must supply your own SSID (be creative), make sure encryption is turned ON, and provide a key (password) that any wireless computer will need to connect to your network. Remember, the screenshot above is just an example. If you have a different router, the screen will be somewhat different, but those are the basics. See the screenshot above for a D-Link DI614 router that supports the WEP standard.

Some Notes on WPA Setup

As mentioned before, if your router and your computer's wireless adapter both support WPA, that's the most secure and the recommended way to go. Here's a screenshot for a NetGear router that supports the WPA standard:

WPA networks require a password -- sometimes called a passphrase or Pre-Shared Key (PSK) -- that is used to authenticate computers attempting to connect to the network. I recommend that you make your WPA password at least thirty-two characters long and a mixture of uppercase letters, lowercase letters, and numbers to enhance the security of your network.

Note: If your router offers something called Enterprise or RADIUS security, don't go there. RADIUS security is for business networks and requires a separate server on the network to manage security.

Configuring Your Wireless Adapter

Once you have enabled WEP or WPA, selected an SSID, and provided a password, each wireless computer on the network needs to be configured to access the network. Follow the instructions that came with your computer or wireless adapter to set each computer's wireless interface for WEP or WPA encryption and enter the same password that was entered on the router. Windows XP has greatly simplified making a wireless connection, so in most cases you will simply be prompted to enter the security password.

Your wireless computers should now be able to connect to the network and share the Internet connection. If it doesn't work, refer to the troubleshooting instructions that came with the wireless adapter.

Wireless Security On the Go

Is it safe to use wireless Internet access in public places? Two words: Probably Not! If you use wireless Internet access in public places like Starbucks or the airport, you should take some simple precautions to make sure you're not broadcasting your passwords and other personal info to others in the vicinity.

See http://www.askbobrankin.com/is_public_wi-fi_access_safe.html.