Wireless networking offers some benefits that are apparent – no wires and the most obvious is portability to allow you to surf the Internet by your pool, your fireplace, or anywhere else in your house. Or you can play online game wirelessly with your XBOX console in the comfort of the living room without the clutter of the wires. Like the “wired LAN”, wireless network is also vulnerable to any types of security threats such as Denial of Services (DoS); Spamming; spoofing; Sniffers. The question is how to secure a wireless network?
Security might be the last thing on your mind when setting up a wireless network. As a general rule, you should employ a level of security that corresponds to the sensitivity of the data on your network. Unlike wired systems, which can be physically secured, wireless networks are not confined to the inside of buildings. They can be picked up as far as 1,000 feet outside of the premises with a laptop and a hi-gain directional antenna. Therefore a guideline in how to secure a wireless network is very essential to know.
Wireless security is inherently easier to crack than wired networks because there’s no need for a physical connection to your network. Data transfer occurs over the airwaves, and that makes accessing it easier. Therefore, a systematic approach in how to secure a wireless network is absolutely a must including:
- Securing the wireless connection against unauthorized users within the network coverage
- Securing the end point of the network facing the internet.
Securing a wireless connection
How to secure a wireless network connection against any unauthorized access? There are couple of techniques you can use, wireless encryption and MAC address filter. The first generation of wireless connection security is WEP – Wireless Equivalent Privacy which was intended to provide confidentiality comparable to that of a traditional wired network. WEP is the wireless security which is embedded to mostly the 802.11b/g standards. Unfortunately the researchers had found several weaknesses in this WEP system.
The latest industrial wireless security is Wi-Fi Protected Access (WPA and WPA2) which is a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks.
How to secure a wireless network using WPA/WPA2? Firstly you should select the wireless devices that support WPA/WPA2 encryption such as WRT610N wireless router by Linksys or NETGEAR WNDR3700 Rangemax router.
There are two options you can configure how to secure a wireless network using WPA/WPA2 encryption, using Windows Connect Now and manual configuration.
If your wireless router doesn’t support WCN (Windows Connect Now), then you need to manually configure the router as follows:
- Using the UTP network cable that came with your wireless router, temporarily connect your computer to one of the Switch LAN ports on your wireless router (any port that isn’t labeled Internet, WAN, or WLAN).
- Turn your computer on; it will automatically connect to your router.
- Open the Internet browser and type in the address to configure your router, as described in your router’s instruction manual. The following table lists known wireless router default address, username and password as your reference.
- Type in the appropriate username and password to logon to the router.
- The browser will show your router’s configuration page. Find the wireless security page to select the wireless security modes available. Mostly wireless routers / AP support six wireless security modes: WPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, RADIUS, and WEP.
| Router | Address | Username | Password |
| 3Com | http://192.168.1.1 | admin | Admin |
| D-Link | http://192.168.0.1 | admin | (leave blank) |
| Linksys | http://192.168.1.1 | admin | Admin |
| NETGEAR | http://192.168.0.1 | admin | password |
If your router supports Windows Connect Now, you can quickly and easily configure the router by following the instructions in Using Windows Connect Now technology.
If you are using WPA, always remember that each device in your wireless network MUST use the same WPA method and shared key, or else the network will not function properly.
MAC Address filter
Wireless access can be filtered by using the MAC addresses of the wireless devices transmitting within your network’s radius. Select Enabled/Disabled the Wireless MAC filter in the router’s configuration page, default setting is disabled. You should enable the setting to configure the wireless MAC filter either prevent or permit access.
You should know the MAC addresses of the wireless device to be included in the permit or prevent MAC address record. The MAC address on wireless network adapters is typically printed on the network adapter’s underside.
But if your Wi-Fi adapters (PCI wireless adapters) have been installed in the desktop PCI slot, you cannot recognize the physical address visually. In a command line prompt (press Windows + R keys simultaneously and type in CMD and press enter) type ipconfig /all command and you can find the device physical address.
Change the default wireless network name or SSID
Wireless devices have a default wireless network name or Service Set Identifier (SSID) set by the factory. This is the name of your wireless network, and can be up to 32 characters in length. Each wireless product has their own default SSID as the default wireless network name. You should change the wireless network name to something unique to distinguish your wireless network from other wireless networks that may exist around you, but do not use personal information (such as your Social Security number) because this information may be available for anyone to see when browsing for wireless networks.
Change the default password
Wireless routers / AP have a default username and password set by the factory. See the above table. Mostly have their default username is admin or some have their default password as password. Hackers know these defaults and may try to use them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device’s password so it will be hard to guess.
Securing the end point of the network facing the internet
How to secure a wireless network from any types of internet threats? It depends on the wireless routers security features, but typically all the wireless routers support dual-firewall features: NAT and SPI which is enabled by default. NAT (Network address translation) helps you to hide the private network from the public network (the internet), and the stateful packet inspection will examine the incoming packets thoroughly for any false positive packets.
Suggested readings:
- Best of wireless network
- Wireless USB printers
- Wireless network routers
- Laptop wireless modem
- Home wireless network setup
Recent Comments