Wireless Security

Wireless connectivity is a wonderful thing. No wires to tether you to a particular room or pulling new wires through walls, attics and crawl spaces; you can move from place to place and still have the convenience of surfing the internet or printing a document.

However, wireless comes with an added level of concern: security. Since wireless is based on radio signals, a user has no control as to where these signals go; they radiate out in every direction from the wireless router, access point or other wireless device. Therefore, without additional precautions taken by the user or organization, anyone can hijack the signal for their own use.

So, what are some measures you can take to safeguard your wireless network?

Disabling Broadcasting SSID
The SSID (Service Set Identifier) is essentially the name of your wireless router or access point. When you turn on your wireless laptop and look for available wireless networks, the list it shows you contains the name (SSID) of every network in the area that you can connect to. In the early days of wireless, experts recommended that users turn off broadcasting the SSID to hide the network. However, the SSID was never intended to be used as a secret password. Since the SSID is still used to establish a connection and is never encrypted, any rookie hacker could find it. Thus, turning it off is really optional but it does add an additional layer of annoyance to any would be hacker.

However, one good practice is to use an SSID that doesn't give away who you are. Why tempt any one by using an SSID that says "John Does House" or "Bobs Wireless". Just use something generic like "Wireless1" or "MyWireless". This is especially true if you use an ISP's (Internet Service Provider) wireless router/access point. Many come with an SSID that identifies the type of wireless router it is (e.g. 2wire1234). This gives a hacker a key piece of information and a great starting point toward compromising your network.

Enable Encryption
Almost all wireless routers and access points today come with encryption built in. Encryption is a method by which one device scrambles the data before sending it (including passwords) and the other device unscrambles it after receiving it. The scrambling/unscrambling is based upon agreed upon keys between the two devices and, therefore, any device without a key cannot read the data or even connect to your wireless network.

    Encryption Options:

  1. WEP (Wired Equivalent Privacy)

    This was the industry's first attempt at providing secure communication. Despite the optimistic name, this protocol never lived up to its promise. Within a short time, hackers discovered several flaws in it that allowed the keys to be uncovered relatively easily. That said, if you have no other options because of the age of your wireless equipment, some encryption is better than none and you should activate it.

  2. WPA (Wi-Fi Protected Access version 1)

    This protocol was developed to address the shortcomings of WEP. The encryption method was updated to be more secure. Also, additional options were added that allowed the wireless security to be integrated into a corporate security setting (WPA-Enterprise). An important aspect of WPA was that only a device's software (also called firmware) had to be updated. The hardware didn't need to be changed.

  3. WPA2 (Wi-Fi Protected Access version 2) aka IEEE 802.11i

    This is the current gold security standard of the wireless world. It has all the benefits of WPA but uses an even stronger encryption method. However, it also requires newer hardware. (No software-only upgrading.) If your equipment supports it, use it!

There is one more thing to consider when dealing with encryption. When using the non-Enterprise version of WPA or WPA2 (known as WPA-Personal or WPA-PSK), you use a passphrase (i.e. a long password) that is entered in both of the wireless devices. The longer and more cryptic you make this passphrase, the harder it is to crack. Since you only have to enter the passphrase once in each device (you'll never be prompted to re-enter it unless you change your wireless card or device), try something completely random. Using a passphrase such as "Pass" could be cracked within seconds by even a rookie hacker but using something like "Sfgsd94sdVnx*&$fjDa!klfa" will make life very hard for even the most determined hacker.

MAC Address Filtering
This technique is a bit more of a hassle to implement but does add a another layer of protection to your network. The basic idea is to only limit access to your wireless router/access point to specific equipment. Every wireless device has a unique address called a MAC Address that is assigned by the device manufacturer. Therefore, you can tell your wireless router/access point to only allow connections from devices whose MAC Address is on its approved list.

The problem with is that anytime you want to allow a new connection, such as when you get a new laptop or want to allow a friend to access to the internet, you not only have to set the passphrase on the device but also log in to your wireless router/access point and add the MAC Address to the approved list.

Changing the Admin Password on the Wireless Router or Access Point
An often overlooked aspect of any computing device is the fact that the default administrative password of the device is not changed. The administrative password is used to access the device and change its settings. When a wireless router or access point is shipped from the factory, it contains the same default password as every other device that is shipped from that vendor. If you don't change this password, anyone on your network can look on the Internet, download User Guide of the device and find out what the default password is. They can then go in and reconfigure your wireless router and just completely mess it up.

Some final thoughts about wireless security...
No security system is ever 100% foolproof, especially a wireless one. The key point to understand is that you want to make it difficult or time-consuming for a potential hacker to break into your system. If there are easier targets available, then a hacker will concentrate his or her efforts on them and simply avoid your network altogether.

If all this seems a little daunting but you still want a secure network, feel free to contact us at Nexiter and we would be happy to help set up your network for you.