Wireless Security Tips and Tricks
This week’s Q&A introduces a few tips you can easily implement on your current wireless network that should help keep it as secure as possible until you’re able to upgrade your equipment to WPA later this year.
By Ron Pacchiano
Last week we discussed the problems associated with the Wired Equivalent Privacy (WEP) security protocol and its upcoming successor, WiFi Protected Access (WPA). While we would all like to take advantage of the superior features of WPA today, for most of us right now, that’s not an option. And even though WEP might not be the most secure protocol out there, it is better than nothing.
As we mentioned last week, many SOHO users have a tendency to set up their wireless routers or access points using nothing but the default settings. This creates a major security hole in an already weak security model. So here are a few suggestions that you can easily implement on your wireless network that should help keep your WLAN as secure as possible until you’re able to upgrade your equipment to WPA later this year.
One of the simplest and easiest things you can do to protect your wireless network is to simply change the default configuration settings on your router. I can’t tell you how many people I’ve come across who are still using the default password on their router’s Admin account. Since access to this account controls every aspect of your WLAN, changing its default information is of paramount importance. Additionally, almost every vendor from NetGear to D-Link has their default router configuration information posted on their websites, so even the kid next door would be capable of gaining full access to your network. Bottom line: CHANGE THIS IMMEDIATELY! You also might want to try broadcasting your wireless signal on a different channel than the one it defaults to. Wireless channels range from 1 to 11.
The next thing you should do is enable MAC filtering on your router. MAC filtering is a process where you record the MAC addresses of each network adapter in use on your network in your router’s Access Control List. MAC filtering basically instructs your router to not let any adapter gain access to the network if it hasn’t previously been given authorization.
Another small precaution you can take is to not broadcast your SSID name. Even though a site survey program would be able to pick up the presence of a wireless network, they wouldn’t be able to identify the name of the network, making it harder for intruders to gain access to your files.
Additionally, encryption levels vary between different router manufacturers. Most WEP-enabled routers support encryption levels of 40-bit to 128-bit. Some, like D-link, for example, even support 256-bit encryption. For maximum protection, you should always use the highest encryption level that your router supports. When setting a passphrase or security key, make sure that you do not use any proper names like “John” or “Fluffy,” as they are too easy to guess by would be hackers. The majority of people use their child’s name or pet’s name for passwords, unknowingly making themselves more vulnerable to hacking.
The most effective passwords are those that are long and composed of alphanumeric characters (both letters and numbers). Some routers are even case sensitive, so a capital “P” or lowercase “p” would make a difference in the passphrase being recognized. Since most people type in lowercase by default, having a passphrase with a couple of capital letters within it would only make it stronger. Remember, the higher the encryption level and the more complex the passphrase or key is, the longer it is going to take for a hacker to crack it.
While none of this is going to be able to completely protect you, it should prove to be more than sufficient in dissuading a wanna be hacker on Friday night. And be sure to regularly check your router manufacturer’s website on a regular basis to see if they’ve released a WPA upgrade for your equipment. Good luck!
I’m having a problem with a computer that’s hooked up to the Internet via a router. I know the Internet connection is working correctly because I’m able to log in to America Online. On the other hand, my Web browser, which was Internet Explorer 5.0, doesn’t work. Every time I try to go to a site, I get an error message saying the page is unavailable. I upgraded it to IE 6.0 hoping that it would solve the problem, but it didn’t.
Instead, I received a message saying it could not detect my proxy settings. My PC is connected to a FriendlyNet FR1004 router, but I don’t think that’s the problem. I have another computer and my laptop is also connected to it, and they’re working fine. Do you have any suggestions for me that might help? Thank you!
You’re right, if you have other computers functioning properly off of that same router, then the problem is with neither your router nor your ISP — it must be with that specific PC.
Since you know that you have a working Internet connection by way of AOL, it sounds like the most likely scenario is the browser on your wayward machine has somehow been configured to use a proxy server. If it is and there is no proxy server present, you won’t be able to get out to the Net. Basically, a proxy server is normally used in a business setting — it sits between the client users and the real server that lets you out to the Internet. It can be used for security purposes or for speeding up browsing by caching frequently visited Web pages, or both.
To remedy this, launch IE and then select Tools, Internet Options, and finally the Connections tab. Now click the LAN settings button near the bottom of the window. You should find a check mark in the box labeled “Use a Proxy Server for your LAN.” Clear it, close IE, open IE again, and you should be ready to roll. It’s hard to say how this box got checked in the first place, but it was probably done inadvertently and should not recur the next time you reboot your machine. Hope this helps!
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|