Home based wireless networking is becoming the norm these days. With the availability of hardware, coupled with the affordable pricing of such hardware, it has become cheaper to setup a wireless network in your home. Along with this affordability though, comes liability. When you connect your new access point for your wireless home, you’ll find almost every vendor’s hardware works right out of the box. Simple, 5 minute setup time they advertise and it’s true more often than not. But, are you done with your wireless setup? The simple answer is no, you’re not. Let’s look, though, why that answer is really not so simple.
Depending on the hardware that you purchased, there are many configuration changes that you could implement. Since we can’t possibly cover every piece of hardware on the wireless market and every setting they may have, we’re going to focus on wireless networking as a whole. First thing, let’s get that wireless network some security. Now, while this won’t be impregnable security, it will add some layer of protection while we work on the other parts. Remember, security is like anything else, just one strategy doesn’t defend against every possible negative thing. We have to approach this in a “layers” mentality.
So we’re ready for our first level of security. Let’s log into our wireless access point and add a WEP or WPA key (which one depends on the hardware you bought. Some do both types of security key, some only do WEP). We’ll want to assign a 128-bit key (a 256-bit key is preferable if your hardware supports it). One point here though is that your wireless access point and the wireless cards in your computers or handhelds must be able to support the same protocol and encryption level you choose. If they don’t match, your device isn’t getting connected. You have to enter the same key on your computer’s wireless card too.
Now, let’s change our SSID (this is the wireless name of your network). As an example, a Linksys brand wireless access point (WAP) has a default SSID of LINKSYS. We don’t want to leave it this way. All the people that want to break into your WAP knows that LINKSYS SSID had a login of ADMIN and password of ADMIN. You should think of something clever, but something not too easy to break into. You’ll also want to turn off broadcast of SSID after you change it’s name. That way sniffer programs that look for SSID’s won’t be able to see your WAP is online. Known examples of good SSID’s are:
Ok, we’re on a roll. We have a few layers of security in place (The SSID is changed, the channel we broadcast on is not default, the SSID broadcast is turned off, we changed our WAP login/password). Now let’s get even more specific. We know we have X amount of computers in our home (for example let’s say 2, 1 desktop and 1 laptop). So in the DHCP IP section of our router, we can tell the router to only issue 2 ip’s. That way if a third computer (one of our neighbors or someone) wants to get on our network, they can’t get an IP adress. Our last layer is setting up the WAP to only issue IP addresses to specific MAC addresses. If you log into one of your computers and go to start>run>cmd>and then type IPCONFIG /ALL into the dos box, one of the line items will be Hardware address. Write down that info, go back to your router administration screen and enter this hardware address. Now only that MAC address can get one of your 2 IP addresses Now go to your second machine (in our example) and do the same steps. Now only those 2 mac addresses can can the 2 IP’s that it will hand out.
Now, we’ve gone several layers deep to improve security on our WAP and to keep intruders off the network. Most people will stop trying if they have to defeat three layers of security, especially for just a home network. You have 6 layers and most likely won’t see an intruder. Keep in mind, each access point is different but these basic settings are included in the major vendors (Linksys, DLink, Buffalo, Netgear, Microsoft).
Enjoy your new wireless computing!