August 2012-Volume 7, Issue 8-Securing Your Wireless Network
Wireless networks are not as secure as the traditional “wired” networks, but you can minimize the risk on your wireless network (at home or at work) by following the tips below.
How Does it Work?
The standard setup for a wireless network requires two components: a Wireless Access Point (WAP) and a computer with a wireless network adapter. Properly configuring a wireless device can be challenging and the steps will vary depending on the manufacturer.
The WAP connects to your high-speed Internet connection and/or your internal network. It provides the ability to use a computing device (copier, printer, etc) without being constrained by the distance of a wire. A wireless network adapter, used for transmitting and receiving information, may be required for each device you intend to connect to a WAP. The wireless network adapter is usually built into laptop computers, while it is an add-on component for other devices.
Tips for Securing Your Wireless Network
It is critical that every wireless network has encryption enabled. Encryption scrambles the data in a way that if your signal is intercepted there is reduced risk of someone being able to eavesdrop or monitor your communications. There are several standards of encryption common to most WAPs. Newer wireless access points include Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). WPA2 is stronger and the preferred method of encryption. If WPA2 is not available, it is recommended that you use WPA. If your network only allows for WEP (Wired Equivalency Privacy), an older standard of encryption, it is recommended that you replace your wireless network with one that supports WPA2 or WPA.
Change the Default Password
Change the default password that comes with your WAP. The default passwords used by manufacturers are well known to the hacking community. Be sure to use a strong password, that is at least eight characters in length and include a mix of upper and lower case letters, as well as special characters.
Change SSID Name
The Service Set Identifier (SSID) is the name of your wireless network. Default SSIDs are well known—often the name of the manufacturer—or easy to guess. Change the SSID name to something unique and be careful not to use a name that freely discloses information. For example, avoid using your family name. Avoid descriptive or functional names as well, such as “Payroll” or “Accounting” since this would advertise an attractive target for an attacker.
Turn Off SSID Broadcasting
By turning off SSID Broadcasting, your WAP does not advertise its presence. It is similar to having an unlisted telephone number. This is a way to reduce the visibility of your network to others within the range of your WAP. The only way to connect to a WAP with SSID Broadcasting turned off is to know the SSID name and password.
Use MAC Filtering on Your WAP
The MAC (Media Access Control) address is the unique ID assigned to your computer’s wireless adapter. It is referred to as the computer’s “physical address.” Enabling MAC filtering on your WAP allows you to designate and restrict which computers can connect to your WAP. If the computer’s address is not listed, a wireless connection cannot be made to the WAP.
- To look up a MAC address on a Windows computer, select “Start” then “Run” and type “cmd”; then a new window will open; type “ipconfig /all” and press the enter key. A number of attributes will be displayed. The MAC address is identified as the “Physical Address.”
- For a MAC Operating System, click on “System Preferences”; select “Network”; select “WiFi”; click on “Advanced”; in the tool bar that appears, click on “Hardware.” The MAC address will be displayed on the first line.
Update the Software/Firmware in Your WAP!
Contact the manufacturer for directions and guidelines on how to update the software and firmware in your WAP. If the option is available, enable the auto-update feature on your WAP.
For More Information:
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.