Securing Your Home Wireless Network

Posted on September 8, 2007 by Eric 
Filed Under Security

This article is part of the Securing Your Money Online series.

Wait. That’s not OUR wireless connection is it?

These days, people do their shopping, banking, investing, and retirement planning from the comfort of their home using their computer. A large percentage of those folks use wireless access points at home to get their internet connectivity. I know our neighbors certainly use wireless. When I connect to our home wireless access point I get a list of somewhere between 7 and 10 other wireless networks, depending on the time of day, in addition to seeing our own network.

I can imagine that at least some, if not all, of our neighbors use their internet connection for something financially related. By doing a few simple things, you can keep casual observers and attackers from getting easy access to your bank account information. And in any case, who wants to have your next door neighbor’s son using your open wireless connection to search the Internet for who knows what online.

Being the good neighbor, I informed my neighbors that they might have insecure wireless networks because I had seen several networks without encryption. Having some experience in this area, I offered up some advice on how to secure their networks.

Here are 6 steps to secure wireless connections:

  1. Make sure that your wireless access point has a good administrative password. Don’t just use the default, or a password that comes from the dictionary. If you have trouble remembering passwords, checkout Password Corral.

  2. Use Wireless Protected Access (WPA). WPA is the recommended method for encrypting traffic on your network. WPA Pre-Shared Key is what you should select for most home networks. This allows you to set a pre-shared key, or passphrase, that is required for a user to be able to login to your network, or to see any of your traffic. If your wireless access point only supports Wired Equivalent Privacy (WEP) for protection, you should buy a new access point or upgrade the firmware. WEP is worse than not using any encryption (at least when you don’t have encryption, you know where you stand). WEP can trivially be hacked and is no longer recommended for protecting your wireless network.

  3. Use a strong passphrase to protect your network. Your passphrase is different from the administrative password we set in step 1. The passphrase is the key you will use when connecting to your network. Most wireless clients, like the default one in Windows, will cache your passphrase so you only have to enter it the first time you connect. I highly recommend you choose a passphrase that is intentionally long, contains numbers, letters, and special characters so as to make it incredibly difficult for someone to guess. Maybe something like Man12This!!is@an&incredibly()long-passphrase. Your access point may or may not allow all of those characters, so get creative with the characters you can use.

  4. Use MAC address filtering. Your Media Access Control (MAC) address is the hardware ID of your wireless network adapter. You can limit what computers can visit your network by their hardware identification. A savvy attacker can find ways to bypass this, but it does put a stumbling block in place for the casual observer of the network who wants to try and easily get access to your network.

  5. Change your wireless network’s ID. Your network ID, or network name, is also known as a Service Set Identifier (SSID). By default, it might be set to something like “linksys” if you use a Linksys access point. Using the default name might indicate to hackers that you haven’t secured your network. Don’t choose something that identifies who you are (your name, address, or phone number for instance), or contains anything from the password (or passphrase) you set for the system.

  6. Use SSID cloaking. When you cloak your SSID, you keep certain default wireless messages from broadcasting the ID to anyone and everyone. This doesn’t keep someone from getting your SSID, but it can stop the casual observer from seeing your network easily. If someone is watching while you actively use your network, they will likely see your real SSID. This isn’t a problem, but if someone is just driving by and gathering wireless network information (a process known as War Driving), there is a chance they will pass right by your network.

The list isn’t comprehensive, but if you follow the recommendations, you’ll be better off than many of the networks I’ve seen. The last two are of debatable importance, but they are something I do as a best practice. You only gain a little more anonymity rather than security, but I prefer not showing off my network by broadcasting anything about it.

For the truly concerned, many wireless access points will have some way for you to get logs of attempted connections. Check the manual for your access point if you want to use this feature.

Even if you don’t do any of your banking or financially related activities over wireless, following these steps to protect your wireless network will still provide some security and peace of mind.

Related Posts

Comments

One Response to “Securing Your Home Wireless Network”

  1. The Friday Gathering for 9/14/2007 | Gather Little By Little on September 14th, 2007 6:23 am

    [...] Penny Closer tells you how to secure your home wireless network – If yours isn’t secure go secure it right [...]

U COMMENT
I FOLLOW

Leave a Reply