First, it is extremely important that you secure your network the best you can. There are several ways to do this and as with everything else in this world, some ways are better, or more effective than others. So, here is a list of security measures you need to take:
- Use Encryption, either WEP or WPA/WPA2.
- Rename the SSID to something other than the default.
- Enable MAC Address Filtering, and other advanced hardware firewall options.
- Use a software firewall in addition to the hardware firewall in the router.
Encryption:
There are two choices for encryption on today's wireless networks. The first is known as WEP or Wireless Equivalent Privacy, and has until recently been the standard for wireless encryption. WEP offers two different levels of encryption, 64 bit and 128 bit.
The second choice is WPA/WPA2 (PSK) or Wireless Protected Access (Pre-Shared Key). WPA/WPA2 PSK is a recent standards-based security technique where each packet of information is encrypted with a different code, or key. This key is generated automatically from the pass phrase or Pre-shared key, and it changes constantly which makes WPA/WPA2 extremely secure. The biggest threat to this type of encryption is if someone were to discover your Pre-shared Key, so if you write it down somewhere be sure to keep it out of reach of anyone that shouldn't have it.
The only reason you should use WEP is if any your hardware devices won't support WPA/WPA2. WPA/WPA2 pass phrases are case sensitive, so "y" is not the same as "Y". This enables you to generate a much more secure key.
Rename the SSID:
The SSID is the "Site Survey Identification." When you purchase a wireless router, the default SSID usually includes the manufacturer's name. For example, Belkin uses the following: SSID=belkin54g, and 2Wire uses SSID=2WIREnnn where "n" equals a digit from 0-9. Other brands uses similar methods and if you don't change this default value, it tells anyone in your area who conducts a site survey what type of hardware you're using. This presents a problem because when security holes are discovered by hackers they share the information with one another. When they see a certain brand of router then they use their inside knowledge to hack that network.
Changing the SSID on most, if not all routers is usually a very simple process and should be done as soon as the router is connected to your devices. It is important to make the SSID something generic that has no meaning other than simply Identifying the device. For example, "SSID=Router651" would be a good choice. Nobody can tell anything about that other than the fact that it's a router, which they already know anyway. Don't use any computer name-brands, operating systems, or networking specific information when naming your SSID, simply keep it generic.
MAC Address Filtering:
MAC stands for Media Access Controller and all network components including cards, adapters, and routers, have a unique "serial number" called a MAC address. For instance, no two network cards (NIC) on the planet should have the same MAC address.
You should be able to enable MAC address filtering on your router and list only the addresses that will be allowed to access your network. This makes for a simple and moderately effective security measure. Of course, it is still possible for a really good hacker to spoof a MAC address and bypass this measure, but it isn't likely that someone would go through that hassle to gain access to a home network, especially if other forms of security measures have also been taken such as encryption.
No comments:
Post a Comment