Secure A Home Wireless Network - 10 Tips
Saturday, June 5, 2010
Secure A Home Wireless Network - 10 Tips
--
1.Change Your Router Default Password - A must in the first line of defense. Create a strong password with a mix of numeric, alpha and symbolic characters. Password length should be between 8 and 15 characters, or longer in length, and should not be obvious to you (such as kids or wife name, birthdays, favorite cars or sports teams, etc). If your wireless router includes a user name, it's a good idea to change it to another name other than the default name.
--
2.Rename and Disable SSID Broadcast on your Wireless Router - SSID (Service Set Identifier) is the network name or identifier for the wireless router. SSID's broadcast a beacon signal (usually about 10 times each second) which announces to the world that the network is live and ready to go.
--
3.Enable Infrastructure Mode - When using the "ad-hoc" mode, which lets clients set up peer-to-peer networks, rogue users will be able to connect to your network through a legitimate wireless client. This setting configuration can be found on your PC wireless network card.
--
4.Use MAC Addressing Filter On Your Wireless Router - Many routers let you restrict access to known MAC (Media Access Control) addresses. Each network device, such as a computer network card (NIC) has a unique MAC address. By allowing access only to pre-defined MAC addresses you can reduce the risk of rogue clients connecting to your home network.
--
5.Change the Default Router IP Address Setting - Router manufacturers set every router with an IP address. For example, Linksys routers are configured with an IP address of 192.168.1.1. These address settings are well known and published, and can be easily discover by hackers if they know the router manufacturer and type.
--
6.Use WPA or WPA2 PSK (Wi-Fi Protected Access with Pre Shared Key) Encryption - When possible use WPA or WPA2 PSK over WEP (Wired Equivalent Privacy). Both Windows XP and Mac OS X support them, along with any access point manufactured within the past few years. WPA and WPA2 both have a mode called the PSK mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.
--
7.HTTPS, Firewall and Remote Access Settings On Your Wireless Router - Make sure HTTPS is enable for connecting to the router administration setup over your local network. Verify the firewall is enabled and all incoming ports are blocked. Disable remote access over the Internet setting.
--
8.Enable And Monitor Your Wireless Access Logs - Check your logs frequently for rogue access points (AP) or clients attached to the network. If you spot unknown clients or AP's connected to your network, change your WEP or WPA code, and do a little detective work in identifying unknown connections to your network.
Also check the status screen that shows the MAC addresses of all clients currently connected to the network and verify they are known devices.
--
9.Backup Your Router Configuration Settings - Although, not considered a security setting, backing up the router configuration before making changes will allow you to easily restore the settings in the event you make a mistake. This will prevent your router from being vulnerable if you are unsure about any changes you have made.
--
10.Turn off Your Wireless Router When Not In Use - Why would you want to do this? When your router is powered off, your network cannot be compromised. Consider doing this when you go on vacation or you will not be using you network for extended periods of time. Just turning off your PC may prevent the PC from being attacked, but it will not prevent someone from breaking into your network via your router if it is powered on.
----------------
Bonus Security Tip - Get in the habit of changing your router password every 30 to 60 days. Also change your PSK several times a year. Changing these two settings may just kick that un-detected guest off your network (take that neighbor!). Limit the maximum number of DHCP users allowed on your network to just the known number of PC's in your house. Limiting this setting can be an indication of someone on your network to you if one of your PC's cannot obtain an IP address from your router.
--
1.Change Your Router Default Password - A must in the first line of defense. Create a strong password with a mix of numeric, alpha and symbolic characters. Password length should be between 8 and 15 characters, or longer in length, and should not be obvious to you (such as kids or wife name, birthdays, favorite cars or sports teams, etc). If your wireless router includes a user name, it's a good idea to change it to another name other than the default name.
--
2.Rename and Disable SSID Broadcast on your Wireless Router - SSID (Service Set Identifier) is the network name or identifier for the wireless router. SSID's broadcast a beacon signal (usually about 10 times each second) which announces to the world that the network is live and ready to go.
--
3.Enable Infrastructure Mode - When using the "ad-hoc" mode, which lets clients set up peer-to-peer networks, rogue users will be able to connect to your network through a legitimate wireless client. This setting configuration can be found on your PC wireless network card.
--
4.Use MAC Addressing Filter On Your Wireless Router - Many routers let you restrict access to known MAC (Media Access Control) addresses. Each network device, such as a computer network card (NIC) has a unique MAC address. By allowing access only to pre-defined MAC addresses you can reduce the risk of rogue clients connecting to your home network.
--
5.Change the Default Router IP Address Setting - Router manufacturers set every router with an IP address. For example, Linksys routers are configured with an IP address of 192.168.1.1. These address settings are well known and published, and can be easily discover by hackers if they know the router manufacturer and type.
--
6.Use WPA or WPA2 PSK (Wi-Fi Protected Access with Pre Shared Key) Encryption - When possible use WPA or WPA2 PSK over WEP (Wired Equivalent Privacy). Both Windows XP and Mac OS X support them, along with any access point manufactured within the past few years. WPA and WPA2 both have a mode called the PSK mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.
--
7.HTTPS, Firewall and Remote Access Settings On Your Wireless Router - Make sure HTTPS is enable for connecting to the router administration setup over your local network. Verify the firewall is enabled and all incoming ports are blocked. Disable remote access over the Internet setting.
--
8.Enable And Monitor Your Wireless Access Logs - Check your logs frequently for rogue access points (AP) or clients attached to the network. If you spot unknown clients or AP's connected to your network, change your WEP or WPA code, and do a little detective work in identifying unknown connections to your network.
Also check the status screen that shows the MAC addresses of all clients currently connected to the network and verify they are known devices.
--
9.Backup Your Router Configuration Settings - Although, not considered a security setting, backing up the router configuration before making changes will allow you to easily restore the settings in the event you make a mistake. This will prevent your router from being vulnerable if you are unsure about any changes you have made.
--
10.Turn off Your Wireless Router When Not In Use - Why would you want to do this? When your router is powered off, your network cannot be compromised. Consider doing this when you go on vacation or you will not be using you network for extended periods of time. Just turning off your PC may prevent the PC from being attacked, but it will not prevent someone from breaking into your network via your router if it is powered on.
----------------
Bonus Security Tip - Get in the habit of changing your router password every 30 to 60 days. Also change your PSK several times a year. Changing these two settings may just kick that un-detected guest off your network (take that neighbor!). Limit the maximum number of DHCP users allowed on your network to just the known number of PC's in your house. Limiting this setting can be an indication of someone on your network to you if one of your PC's cannot obtain an IP address from your router.
Labels:
Internet
Posts
