Wireless networks are becoming more and more popular in homes and offices as they offer a very convenient way to network. The concerning issue is that in many sites we have visited wireless networks were poorly configured and insecure. Compounding the problem is some of the more spurious advice that is around on wireless networking security.

In this article we will give you details of how best to secure your wireless network and dispel some of the myths.

Why is wireless security so important?

Wireless network security is of paramount importance! You wouldn't leave your premises unlocked and yet leaving your wireless network open is doing exactly this!

An insecure wireless network allows anyone in the vicinity to attach to your wireless network. Once they are on your wireless network they have access to your file servers, databases, email servers, etc. Even if they are secured the hacker has a foot in the door and can work on stealing and abusing your network resources even if it is only your internet bandwidth.

Common wireless networking misconceptions.

Wireless networking is insecure.
This is only if it is poorly configured, however it is very easy to secure a wireless network to a point where it is more secure than your average wired network.

Your wireless router or access point is secure by default.
Just because your wireless router or access point says it is secure on the box does not mean that it is configured so. In most cases we have found routers to be shipped with no security configuration by default and so it is down to the user to do this.

Securing your network by hiding your Service Set Identifier (SSID).
Hiding your network ID would only stop the most casual browser from bumping into your network. For all the security this offers you may as well enable it to simplify user setup and administration because Windows® XP zero configuration needs the SSID.

Restricting access using the MAC address.
Whilst offering slightly more security than hiding your SSID this again is of little value as you can obtain free utilities that will allow you to obtain a list of MAC addresses which you can then use to impersonate another computer. It's also a real pain to administer if you have more than a handful of computers or you have guests who require access.

WEP is a suitable encryption method.
WEP offers little protection and can be easily cracked using freely available utilities to calculate the encryption key. Dynamic WEP is better than static WEP however there are newer improved encryption protocols available.

Disabling DHCP
It would take a hacker very little time to determine an IP address for you network and so by disabling DHCP your are simply adding to your support requirements.

Antenna / Access point placement
Probably the most absurd method of securing your network! A hacker will usually have a far more powerful antenna than you capable of picking up even the weakest signals. Always design your wireless network for optimum coverage although it is sensible to try to avoid excessive radiation beyond your perimeter.

How should I secure my wireless network?

Change the admin password.
First and foremost change the default administration password to something that can't be guessed to prevent anyone gaining access and configuring your router.

Restrict admin access.
It's a good idea to only grant administration access to those connected to the LAN however remote access is often necessary for small businesses with remote I.T. support. Where remote access is required use SSL if it is available.

Physical security.
Depending on the environment you are in physically secure the wireless router or access point to restrict access and prevent resetting.

Use appropriate encryption and authentication
We recommend you use WPA with Temporal Key Integrity Protocol (TKIP) to secure your network. There are various forms of WPA available however for most the easiest method is to use a pre shared key. You can also use WPA with an authentication (RADIUS) server to authenticate users against however this is better suited to larger organizations.

In some cases we have found that wireless network cards need their software upgrading in order to support WPA however most newer wireless cards will support it but you should check before buying one.

Conclusion

Secure wireless network products don't necessarily come secured out the box and also support insecure security techniques however once armed with a little know how you are only a few clicks away from securing your wireless network.

Useful links

• How to Secure Your Wireless Home Network with Windows XP
  This article from Microsoft looks at securing your Wireless network with Windows XP.
• Wireless networking security
  This article from Microsoft looks at wireless networking security in more technical detail.
• Dispelling the Myth of Wireless Security
  A more technical and practical look at how easy it is to hack wireless network security.