Introduction to Wireless Network Security

Birth of Wireless Home Networking

By Tony Bradley, CISSP-ISSAP, About.com

It wasn’t too long ago that computers were a luxury rather than a necessity. Only the lucky and the wealthy had even one in their home and a network was something reserved for large corporations.

Fast forward a decade or so and everyone has to have their own computer. There is one for the parents (sometimes two if the parents can’t share nice) and one or more for the kids to use for homework and games. Home users have gone from no Internet access to 9600 kbps dial-up Internet access beyond 56 kbps dial-up access and are moving on to broadband connections to rival or match the T1 connections they relish at work.

As the Internet and the World Wide Web have exploded into our culture and are replacing other media forms for people to find news, weather, sports, recipes, yellow pages and a million other things, the new struggle is not only for time on the computer at home, but for time on the Internet connection.

The hardware and software vendors have come forth with a variety of solutions allowing home users to share one Internet connection among two or more computers. They all have one thing in common though- the computers must somehow be networked.

To connect your computers together has traditionally involved having some physical medium running between them. It could be phone wire, coaxial cable or the ubiquitous CAT5 cable. Recently hardware has been introduced that even lets home users network computers through the electrical wiring. But, one of the easiest and least messy ways to network computers throughout your home is to use wireless technology.

It is a fairly simple setup. The Internet connection comes in from your provider and is connected to a wireless access point or router which broadcasts the signal. You connect wireless antenna network cards to your computers to receive that signal and talk back to the wireless access point and you are in business.

The problem with having the signal broadcast though is that it is difficult to contain where that signal may travel. If it can get from upstairs to your office in the basement then it can also go that same 100 feet to your neighbors living room. Or, a hacker searching for insecure wireless connections can get into your systems from a car parked on the street.

That doesn’t mean you shouldn’t use wireless networking. You just have to be smart about it and take some basic precautions to make it more difficult for curiosity seekers to get into your personal information. The next section contains some simple steps you can take to secure your wireless network.

1. Change the System ID: Devices come with a default system ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). It is easy for a hacker to find out what the default identifier is for each manufacturer of wireless equipment so you need to change this to something else. Use something unique- not your name or something easily guessed.

2. Disable Identifier Broadcasting: Announcing that you have a wireless connection to the world is an invitation for hackers. You already know you have one so you don’t need to broadcast it. Check the manual for your hardware and figure out how to disable broadcasting.

3. Enable Encryption: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) encrypt your data so that only the intended recipient is supposed to be able to read it. WEP has many holes and is easily cracked. 128-bit keys impact performance slightly without a significant increase in security so 40-bit (or 64-bit on some equipment) encryption is just as well. As with all security measures there are ways around it, but by using encryption you will keep the casual hackers out of your systems. If possible, you should use WPA encryption (most older equipment can be upgraded to be WPA compatible). WPA fixes the security flaws in WEP but it is still subject to DOS (denial-of-service) attacks.

4. Restrict Unnecessary Traffic: Many wired and wireless routers have built-in firewalls. They are not the most technically advanced firewalls, but they help create one more line of defense. Read the manual for your hardware and learn how to configure your router to only allow incoming or outgoing traffic that you have approved.

5. Change the Default Administrator Password: This is just good practice for ALL hardware and software. The default passwords are easily obtained and because so many people don’t bother to take the simple step of changing them they are usually what hackers try first. Make sure you change the default password on your wireless router / access point to something that is not easily guessed like your last name.

6. Patch and Protect Your PC’s: As a last line of defense you should have personal firewall software such as Zone Alarm Pro and anti-virus software installed on your computer. As important as installing the anti-virus software, you must keep it up to date. New viruses are discovered daily and anti-virus software vendors generally release updates at least once a week. You also must keep up to date with patches for known security vulnerabilities. For Microsoft operating systems you can use Windows Update to try and help keep you current with patches.