Wireless networks are becoming more and more popular in homes and offices as
they offer a very convenient way to network. The concerning issue is that in
many sites we have visited wireless networks were poorly configured and insecure.
Compounding the problem is some of the more spurious advice that is around on
wireless networking security.
In this article we will give you details of how best to secure your wireless
network and dispel some of the myths.
Why is wireless security so important?
Wireless network security is of paramount importance! You wouldn't leave your
premises unlocked and yet leaving your wireless network open is doing exactly
An insecure wireless network allows anyone in the vicinity to attach to your
wireless network. Once they are on your wireless network they have access to
your file servers, databases, email servers, etc. Even if they are secured the
hacker has a foot in the door and can work on stealing and abusing your network
resources even if it is only your internet bandwidth.
Common wireless networking misconceptions.
Wireless networking is insecure.
This is only if it is poorly configured, however it is very easy to secure
a wireless network to a point where it is more secure than your average wired
Your wireless router or access point is secure by default.
Just because your wireless router or access point says it is secure on the
box does not mean that it is configured so. In most cases we have found routers
to be shipped with no security configuration by default and so it is down
to the user to do this.
Securing your network by hiding your Service Set Identifier (SSID).
Hiding your network ID would only stop the most casual browser from bumping
into your network. For all the security this offers you may as well enable
it to simplify user setup and administration because Windows® XP zero
configuration needs the SSID.
Restricting access using the MAC address.
Whilst offering slightly more security than hiding your SSID this again is
of little value as you can obtain free utilities that will allow you to obtain
a list of MAC addresses which you can then use to impersonate another computer.
It's also a real pain to administer if you have more than a handful of computers
or you have guests who require access.
WEP is a suitable encryption method.
WEP offers little protection and can be easily cracked using freely available
utilities to calculate the encryption key. Dynamic WEP is better than static
WEP however there are newer improved encryption protocols available.
It would take a hacker very little time to determine an IP address for you
network and so by disabling DHCP your are simply adding to your support requirements.
Antenna / Access point placement
Probably the most absurd method of securing your network! A hacker will usually
have a far more powerful antenna than you capable of picking up even the weakest
signals. Always design your wireless network for optimum coverage although
it is sensible to try to avoid excessive radiation beyond your perimeter.
How should I secure my wireless network?
Change the admin password.
First and foremost change the default administration password to something
that can't be guessed to prevent anyone gaining access and configuring your
Restrict admin access.
It's a good idea to only grant administration access to those connected to
the LAN however remote access is often necessary for small businesses with
remote I.T. support. Where remote access is required use SSL if it is available.
Depending on the environment you are in physically secure the wireless router
or access point to restrict access and prevent resetting.
Use appropriate encryption and authentication
We recommend you use WPA with Temporal Key Integrity Protocol (TKIP) to secure
your network. There are various forms of WPA available however for most the
easiest method is to use a pre shared key. You can also use WPA with an authentication
(RADIUS) server to authenticate users against however this is better suited
to larger organizations.
In some cases we have found that wireless network cards need their software
upgrading in order to support WPA however most newer wireless cards will support
it but you should check before buying one.
Secure wireless network products don't necessarily come secured out the box
and also support insecure security techniques however once armed with a little
know how you are only a few clicks away from securing your wireless network.