L
Lanarkshire IT Services
New Member
A Guide To Securing Your Wireless Network
Wireless networks are great and allow us to set up networks quickly, easily and without the hassle of physically running cables etc.
However wireless networks need to be secure from outside / unauthorised users otherwise people can use your network for their own malicious intentions. An example of this is people using your wireless connection to connect to the internet and download illegal content. And if your internet connection has a download limit and other people are downloading from your connection then you will be billed for this. Worse still, people can then join your network and "browse" the contents of your computers quite easily. It is amazing the amount of networks we see that are totally wide open to the world. As it is your internet connection it is your responsibility. In our recent survey of of residential areas in towns around North Lanarkshire we found that around 70% of wireless networks were unsecure and wide open to anyone.
So how can you tell if your wireless network is not secure?
In XP:
Open Control Panel > Network Connections > View Network Connections >Right Click your wireless adaptor and select View Available Wireless Networks. If your wireless network is listed as Unsecured as shown then other people can use your internet connection.
Unsecure WLAN XP
In Vista:
Open Control Panel > Network and Sharing Center > Then select Manage Wireless Networks (top left) > Now any wireless networks that you can connect to should be listed as shown. If your wireless network is listed as Unsecured as shown then other people can use your internet connection.
Unsecure WLAN Vista:
Or you can use a Freeware program such as Netstumber to identify security issues or identify unsecure wifi networks - Get Netstumbler here
So how do you secure your wireless network?
Well there are several things you can do so here are some basic security steps:
* Change the name of your SSID (wireless network name) from default to something else. For example a SSID named Netgear easily identifies your network and its hardware.
* TURN OFF SSID Broadcasting - Once you have all your required wireless clients / computers on your network, TURN OFF SSID broadcasting so that no one can see your wireless network.
* Change default router username and passwords. Most routers have the same, default admin username and password for admin / setup purposes. So all an intruder has to do is login to your router using the defaults and then lock you out.
* Use MAC address filtering - set which devices can connect to your wireless network by their MAC address. Use ipconfig / all to identify your MAC address.
* Use IP filtering or IP address reservations so that only those IP's can access the network.
* Turn OFF DHCP on your router and set IP addressess on clients manaually. DHCP is great and automatically assigns IP settings to your clients / computers. However if it can assign IP addressess to your clients it can also assign an intruder a valid IP address for your network.
* Limit the DHCP address range
* Check your router and view the list of attached devices - if there are more listed than the number of computers you have then someone could be on your network
* Use Port filtering / blocking to block ports you do not need open.
* Use authentication - either PSK or EAP - DO NOT LEAVE AUTHENTICATION OPEN.
* Use encryption to protect your data. WEP and WPA(2) are 2 types of encryption however WPA(2) is recommended.
* Set logon hours so that people cannot access your network out of hours or simply turn your router off especially with today environmental issues.
* Use a wireless network analyser such as Netstumbler (free) to test / analyse your network.
Using the above wireless network security steps will help protect your wireless network from unauthorised use and prying eyes.
Wireless networks are great and allow us to set up networks quickly, easily and without the hassle of physically running cables etc.
However wireless networks need to be secure from outside / unauthorised users otherwise people can use your network for their own malicious intentions. An example of this is people using your wireless connection to connect to the internet and download illegal content. And if your internet connection has a download limit and other people are downloading from your connection then you will be billed for this. Worse still, people can then join your network and "browse" the contents of your computers quite easily. It is amazing the amount of networks we see that are totally wide open to the world. As it is your internet connection it is your responsibility. In our recent survey of of residential areas in towns around North Lanarkshire we found that around 70% of wireless networks were unsecure and wide open to anyone.
So how can you tell if your wireless network is not secure?
In XP:
Open Control Panel > Network Connections > View Network Connections >Right Click your wireless adaptor and select View Available Wireless Networks. If your wireless network is listed as Unsecured as shown then other people can use your internet connection.
Unsecure WLAN XP
In Vista:
Open Control Panel > Network and Sharing Center > Then select Manage Wireless Networks (top left) > Now any wireless networks that you can connect to should be listed as shown. If your wireless network is listed as Unsecured as shown then other people can use your internet connection.
Unsecure WLAN Vista:
Or you can use a Freeware program such as Netstumber to identify security issues or identify unsecure wifi networks - Get Netstumbler here
So how do you secure your wireless network?
Well there are several things you can do so here are some basic security steps:
* Change the name of your SSID (wireless network name) from default to something else. For example a SSID named Netgear easily identifies your network and its hardware.
* TURN OFF SSID Broadcasting - Once you have all your required wireless clients / computers on your network, TURN OFF SSID broadcasting so that no one can see your wireless network.
* Change default router username and passwords. Most routers have the same, default admin username and password for admin / setup purposes. So all an intruder has to do is login to your router using the defaults and then lock you out.
* Use MAC address filtering - set which devices can connect to your wireless network by their MAC address. Use ipconfig / all to identify your MAC address.
* Use IP filtering or IP address reservations so that only those IP's can access the network.
* Turn OFF DHCP on your router and set IP addressess on clients manaually. DHCP is great and automatically assigns IP settings to your clients / computers. However if it can assign IP addressess to your clients it can also assign an intruder a valid IP address for your network.
* Limit the DHCP address range
* Check your router and view the list of attached devices - if there are more listed than the number of computers you have then someone could be on your network
* Use Port filtering / blocking to block ports you do not need open.
* Use authentication - either PSK or EAP - DO NOT LEAVE AUTHENTICATION OPEN.
* Use encryption to protect your data. WEP and WPA(2) are 2 types of encryption however WPA(2) is recommended.
* Set logon hours so that people cannot access your network out of hours or simply turn your router off especially with today environmental issues.
* Use a wireless network analyser such as Netstumbler (free) to test / analyse your network.
Using the above wireless network security steps will help protect your wireless network from unauthorised use and prying eyes.
