More Info: Setting up your wireless network
PDF Print E-mail

Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible, simply taking the wireless router out of the box and turning it on. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive.

There are numerous ways to better secure your connection and safeguard your data. Our technicians can help you setup these protocols yourself for your wireless network or devices. Here are just a few things you should remember to do on your wireless network to improve your security.

1. Change Default Administrator Passwords (and Usernames)

At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

The default passwords for popular models of wireless network gear are well-known to hackers and often posted on the Internet. Most devices do not allow the administrative username to be changed, but if yours does, seriously consider changing this name as well.

Finally, to maintain home network security in the future, continue changing this administrative password regularly, not just one time. Many experts recommend changing passwords every 30 to 90 days. Use words that would be very difficult for others to guess.

2. Turn on (Compatible) WPA / WEP Encryption

All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. Our technician will be happy to help you determine the strongest feasible encryption for your home or office. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore we may need to find a "lowest common demoninator" setting.

3. Change the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network and don't necessarily call it something easy to recognize if you live in a densely populated building, such as an apartment building. Naming your SSID "Joe's Wireless" tells everyone who's account it is they're using and might make you a more attractive target to a hacker.

Want a few suggestions to help you get started?

  • Don't use your name, address, birthdate, or other personal information as part of the SSID.
  • Likewise, don't use any of your Windows or Internet Web site passwords.
  • Don't tempt would-be intruders by using tantalizing network names like "SEXY-BOX" or "TOP-SECRET".
  • Do pick an SSID that contains both letters and numbers
  • Do choose a name as long or nearly as long as the maximum length allowed.
  • Do consider changing your SSID every few months.

4. Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address, kind of like a fingerprint is to a human. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
Without MAC address filtering, any wireless client can join (authenticate with) a Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled, however, the access point or router performs an additional check on a different parameter. Obviously the more checks that are made, the greater the likelihood of preventing network break-ins.

To set up MAC address filtering, you as a WLAN administrator must configure a list of clients that will be allowed to join the network. First, obtain the MAC addresses of each client from its operating system or configuration utility. Then, they enter those addresses into a configuratin screen of the wireless access point or router. Finally, switch on the filtering option.

Once enabled, whenever the wireless access point or router receives a request to join with the WLAN, it compares the MAC address of that client against the administrator's list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN.

MAC addresses on wireless clients can't be changed as they are burned into the hardware. However, some wireless clients allow their MAC address to be "impersonated" or "spoofed" in software. It's certainly possible for a determined hacker to break into your WLAN by configuring their client to spoof one of your MAC addresses. Although MAC address filtering isn't bulletproof, still it remains a helpful additional layer of defense that improves overall Wi-Fi network security.

Do not confuse MAC address filtering with content filtering. Content filtering on a wireless access point or router allows administrators to maintain a list of Web site URLs or addresses that should not be accessed from the home WLAN.

5. Disable SSID Broadcast

In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

6. Do Not Auto-Connect to Open Wi-Fi Networks

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.

To verify whether automatic connections to open Wi-Fi networks are allowed, our technicians will check the computer's wireless configuration settings. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called "Automatically connect to non-preferred networks." To check this setting yourself right now, follow these steps:

1. From the Start Menu, open Windows Control Panel
2. Inside Control Panel, click the "Network Connections" option if it exists, otherwise first click "Network and Internet Connections" and then click "Network Connections."
3. Right-click "Wireless Network Connection" and choose "Properties."
4. Click the "Wireless Networks" tab on the Properties page
5. Click the "Advanced" button in this tab
6. Find the "Automatically connect to non-preferred networks" setting. If checked, this setting is enabled, otherwise it is disabled.

While Windows XP does not enable automatic non-preferred connections by default, some users enable it in an attempt to simplify connecting to their own home network. Users should instead configure these as Windows XP Preferred networks which allows automatic connection to the home equipment yet still prevents auto-connection to other networks.

7. Assign Static IP Addresses to Devices

Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

8. Enable Firewalls On Each Computer and the Router

Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router. Our technicians can do this for you using products such as BlackICE, one of the most highly regarded personal firewalls available.

9. Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.

To position your wireless equipment for optimal network performance, follow these guidelines:

  • First and foremost, don't settle prematurely on a location for the wireless access point or router. Experiment; try placing the device in several different promising locations. While trial-and-error may not be the most scientific way to find a good spot for your equipment, it is often the only practical way to assure the best possible Wi-Fi performance.
  • Strive to install the wireless access point or router in a central location. If you have only one wireless client, installing the base station near this client is best. For WLANs with multiple wireless clients, find a good compromise position. Clients too far away from the base station will manage only 10% - 50% the bandwidth of clients nearby to it. You might need to sacrifice the network performance of one client for the good of the others.
  • Next, avoid physical obstructions whenever possible. Any barriers along the "line of sight" between client and base station will degrade a Wi-Fi radio signal. Plaster or brick walls tend to have the most negative impact, but really any obstruction including cabinets or furniture will weaken the signal to some degree. Obstructions tend to reside closer to floor level; therefore, some folks prefer to install their wireless access point / router on or near the ceiling.
  • Avoid reflective surfaces whenever possible. Some Wi-Fi signals literally bounce off of windows, mirrors, metal file cabinets and stainless steel countertops, lessening both network range and performance.
  • Install the wireless access point or router at least 1 m (3 feet) away from other home appliances that send wireless signals in the same frequency range. Such appliances include some microwave ovens, cordless telephones, baby monitors, and home automation equipment like X-10 devices. Any appliance that transmits in the same general range as 802.11b or 802.11g (2.4 GHz) can generate interference.
  • Likewise, install the unit away from electrical equipment that also generates interference. Avoid electric fans, other motors, and flourescent lighting.

If the best location you find is only marginally acceptable, consider adjusting the base station antennas to improve performance. Antennas on wireless access points and routers can usually be rotated or otherwise re-pointed to "fine tune" Wi-Fi signalling. Follow the specific manufacturer's recommendations for best results.

10. Turn Off the Network During Extended Periods of Non-Use

The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.

If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.

Several clear advantages apply if you turn off your equipment when not using it, although some disadvantages exist also. Consider these pros and cons:

  • Security - Powering off your gear when not using it improves your network security. When network devices are offline, hackers and Wi-Fi wardrivers cannot target them. Other security measures like firewalls help and are necessary but not bulletproof.
  • Electricity cost savings - Powering down computers, routers and broadband modems saves money. In some countries, the savings is low, but in other parts of the world, costs are significant.
  • Surge protection - Unplugging network devices prevents potential damage from power surges. As with other types of consumer electronics, surge protectors may also prevent this damage. However, surge units, particularly the inexpensive ones, generally cannot protect against severe power spikes like those from lightning strikes.
  • Noise reduction - Networking gear has grown quieter in recent years, as noisy built-in fans get replaced with solid state cooling systems. Your senses might be adjusted to the relatively low levels of home network noise, but you might also be pleasantly surprised at the added tranquility of a residence without it.
  • Hardware reliability - Frequently power cycling a computer network device can shorten its working life due to the extra stress involved. Disk drives are particularly susceptible to damage. On the other hand, high temperature also greatly reduces the lifetime of network equipment. Leaving equipment always-on very possibly causes more damage from heat than will powering it down occasionally.
  • Communication reliability - After power cycling, network communiations may fail to reestablish. You must take care to follow proper start-up procedure. For example, broadband modems generally should be powered on first, then other devices only later, after the modem is ready. You may also experience start-up failures due to "flaky" or unstable installations. Troubleshoot these problems when they arise, or you'll be faced with bigger networking problems down the road.
  • Convenience - Network devices like routers and modems may be installed on ceilings, in basemenets or other hard-to-reach places. You should shut down these devices gracefully, using the manufacturer-recommend procedure, rather than merely "pulling the plug." Powering down a network takes time to do properly and may seem an inconvenience at first.
 

Undergoing Maintance

Thanks for visiting Twisted Networx. During the week of March 8 through March 12 our site will be undergoing planned maintanance while we redesign our customer experience. Please bear with us during this change! All our services will be back online and improved next week!