With the proliferation of home wireless networks it is sometimes easy to forget that they are not as inherantly secure as a wired network and can be compromised. However you can obtain a reasonable secure home wireless network fairly easily and without a lot of technical knowledge.
1. Change Default Administrator Username and Password
At the core of the Wi-Fi home networks is the access point/router. To set up these pieces of equipment, manufacturers provide an administration page that allow owners to enter their network address and account information. These admin pages are usually accessed by a web browser and typing in the default gateway IP address such as 192.168.0.1. These administration web pages are protected with a login screen (username and password) so that only the rightful owner can login. All home wireless routers have a default username and password that is used to login for the first time such as admin and admin (for the username and password). These should be changed immediately
2. Turn on (Compatible) WPA / WEP Encryption
All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies and standards exist for Wi-Fi today, the strongest being WPA2 with AES. However, all the devices must be able to support that. If not, you will have to "step down" to a authentication and encryption scheme that they do support.
3. Change the Default SSID and disable SSID broadcasts
Access points and routers all use a network name called the SSID which is the name that shows up when you view wireless networks. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network (which it more then likely is) and are probably more prone to attack it. This SSID is also broadcast at regular intervals and is designed to permit roaming in and out of range of the access point. For your home network, you probably won't be roaming out of range so SSID broadcasts can be turned off
4. Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many access points permit the configuring of permissable MAC addresses that can connect, restricting access to only those devices. Keep in mind though that this is not that powerful a feature and MAC addresses can be spoofed
5. Assign Static IP Addresses to Devices
Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.
6. Enable Firewalls On Each Computer and the Router
Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
No comments:
Post a Comment