After reading the two articles on Wireless security, it’s safe to say that there are many ways to secure a wireless connection to the internet. Each offers another level of security to prevent others from connecting to your wireless network. People can easily access your network if none of these security measures are implemented, and can use this connection to access the internet or even access files on any other computer connected to the same wireless network. Many of these security measures are easy to implement and require no extra devices or software. Both articles made suggestions as to what you can do to make your wireless network more secure. One article was focused on wireless security at home while the other focused on wireless security for your business and the possibility of needing to secure many computers as opposed to just a few.
The first thing you should do is to change the default administrator username and passwords for all of your access points. Doing this stops others from changing options on your access point or router.
Both articles suggest that you enable WEP or Wired Equivalent Privacy, which uses an encryption key to secure access. WEP can possess either 64 or 128 bit encryption. One of the articles also mentioned WAP encryption. WAP or Wi-Fi Protected Access is like the next generation of WEP. WEP uses a static encryption code which hackers can discover using reverse-engineering. Using WAP allows you to use a temporary encryption key, which changes with every data packet sent or received. While WAP is supposedly more secure both systems can be hacked into and are not 100% foolproof.
Both article also mentioned to change the Default SSID of your modem/router. Your SSID is the name of the wireless signal broadcast to computers within range. Normally the default SSID is the brand name of your WIFI device. Most devices broadcasting a default SSID are considered to be poorly configured WIFI networks, especially considering that changing the SSID is one of the easiest things to do. One of the articles suggested not changing the SSID to your company’s name, address, or any name that would attract attention. Another option for your SSID mentioned by both articles, is to disable the broadcast of your SSID. Disabling “Broadcast SSID” will prevent your SSID from appearing as an available network when nearby computers are trying to connect to a network. You must then know the SSID to connect to your network as opposed to just choosing it from a list of networks.
Enabling MAC address filtering is another security measure mentioned by both articles. MAC address stands for Media Access Control address. Every device that can connect to a wireless network has a MAC address. By enabling MAC address filtering on your router, you can effectively limit the MAC addresses that your router allows to connect to it to only your wireless devices. Similarly each device has an IP address. DCHP automatically assigns an IP address to devices trying to connect to a network. By assigning static IP addresses for each computer or device and turning DCHP off on your router and only allowing IP addresses from your devices.
Positioning your router in the middle of your home or office building will not only spread access throughout your building, but also limit the area outside that can access your network. Try to keep your router away from an outside wall or windows.
Other ways of improving security are by enabling firewalls on your computers and/or routers, turning your network off during extended periods of non-use, and don’t connect to open WIFI networks.
For large networks connecting many computers (usually a business or corporation) I’d recommend using a VPN to provide the best security out of any of these options. The downfall to VPN’s are they are expensive to set up. For a private home network or small business, I’d recommend using a few of the techniques above. The more you use, the more secure your network is.
No comments:
Post a Comment