DEFEND YOUR DATA

Wireless 101

Wireless networking is really changing the computing landscape and allowing much greater access to your data
from more locations than ever. Nowadays, many homes and businesses are equipped with broadband Internet
connections (cable, FiOS, DSL, etc) and wireless routers. In addition, many public places such as airports, hotels,
coffee shops and even some metropolitan cities are implementing wireless Internet connectivity for anybody with
a wireless enabled device. Many of these Wireless Local Area Networks (WLANs) are not secured properly...

Setting up a home wireless network


1)   Change Default Administrator Passwords (and Usernames)
At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment,
manufacturers provide Web pages that allow owners to enter their network address and account information.
These Web tools are protected with a login screen (username and password) so that only the rightful owner
can do this. However, for any given piece of equipment, the logins provided are simple and very well-known
to hackers on the Internet. Change these settings immediately.

2)   Enable Encryption
All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over
wireless networks so they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi
today. Naturally you will want to pick the strongest form of encryption that works with your wireless network.
However, the way the technologies work, all Wi-Fi devices on your network must share the identical encryption
settings. Therefore you may need to find a "lowest common denominator" setting.

3)   Change the Default SSID
Access points and routers all use a network name called the SSID. Manufacturers normally ship their products
with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID
does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when
someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it.
Change the default SSID immediately when configuring wireless security on your network.

4)   Enable MAC Address Filtering (Authentication)
Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points
and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the
owner an option to key in these addresses of their home equipment. That restricts the network to only allowing
connections from those devices. Do this, but also realize that this feature is not as powerful as it may seem.
Hackers and their software programs can fake MAC addresses easily.

5)   Disable SSID Broadcast
In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the
air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may
roam in and out of range. In the home, this roaming feature is unnecessary and it just increases the likelihood
someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast
feature to be disabled by the network administrator.

6)   Do Not Auto-Connect to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot or the neighbor's home router exposes your
computer to security risks. Although not normally enabled, most computers have a setting available that allows
these connections to happen automatically without notifying you (the user). This setting should only be enabled
in temporary situations.

7)   Assign Static (Fixed) IP Addresses to Devices
Most home networkers like DHCP because it is easy to setup, but do not use dynamic IP addresses. The ease
of using DHCP also works to the advantage of network attackers, who can easily obtain valid IP addresses from
your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead,
then configure each connected device appropriately. Use a private IP address range (such as 192.168.0.x) to
prevent computers from being directly reached from the Internet.   Private IP Address Ranges

8)   Enable Firewalls on Each Computer and the Router
Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that
your router's firewall is turned on. For extra protection, consider installing and running personal firewall software
on each computer connected to the router.

9)   Position the Router or Access Point Safely
Wi-Fi signals normally reach to the exterior of a home. Small amount of signal leakage outdoors is not a problem,
but the further the signal reaches, the easier it becomes for others to detect and exploit. Wi-Fi signals can often
reach through neighboring homes and into streets, for example. When installing a wireless home network, the
placement of the access point(s) and/or router determines its reach. Try to position these devices near the center
of the home rather than near windows to minimize leakage.

10) Turn Off the Network During Extended Periods of Non-Use
The ultimate in wireless security measures, shutting down the network will most certainly prevent outside hackers
from breaking in! While impractical to turn off and on the devices frequently, you should at least consider doing so
during travel or extended periods offline. Even though computer disk drives have been known to suffer from power
cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.