How to protect your wireless network
- Secure administrative login credentials
Every router comes with a preconfigured password, and intruders know about this. Thus it is exceedingly easy for them to hop onto the wireless network and gain full control over its administrative permission and wreak possible havoc. If the intruders detect the SSID (Service Set Identifier) of the wireless network is being named as “Linksys”, they can easily make a guess that the default username and password could be “admin” as this Linksys networks’ factory settings. The first task we should do is to change the default login credentials of the router to something else. While setting an administrative password for the router, choose a more complicated password, the best is a combination of letters and numbers. - Stop broadcasting the network’s SSID
The SSID (Service Set Identifier) is a broadcast message that telling every device within range of the wireless network’s presence. If passers-by know what the SSID is, it will be very easy for them to detect the signal of wireless network and get connected to it. Thus stop broadcasting the network’s SSID will help to be invisible to unauthorized users. - Enable WEP or WPA encryption
To prevent unauthorized users from eavesdropping on the wireless network, encryption of wireless data is essentially required. WEP (Wireless Equivalent Privacy) and WPA (Wireless Protected Access or Wi-Fi Protected Access) are ways of forcing authorized users to pass through the authentication by providing login credentials before getting connected to the wireless network. WEP is the most common but it is found to be fundamentally flawed as it can be easily cracked by determined hackers. WEP restricts access by identifying the password and shared key. Unauthorized users who know the WEP key can still hop onto the wireless network. WPA (Wireless Protected Access) is the next generation of encryption and designed to leverage the deficiency of WEP encryption. Recently WPA has been even supplanted by WPA2. WPA and WPA2 replace the WEP encryption with a mechanism called TKIP (Temporal Key Integrity Protocol). This protocol dynamically changes the key to prevent the sort of hacking techniques that used to crack WEP encryption before. - Restrict users access based on their MAC address of network devices
A MAC address (Machine Access Code) consists of a series of unique number that every network device can be identified by. So we can setup our router based on MAC (Media Access Control) addresses to determine certain devices are allowed to connect to the wireless network, and certain MAC addresses that are not listed in a table contained in the router/AP will be banned from accessing the network. - Reduce the wireless network transmitter power
Some routers or access points (AP) allow network administrator to adjust the power of the wireless network transmitter and thus the range of transmission signal is reduced. This practice helps to limit how far outside premises the signal can reach and minimizes the probability that passers-by may detect the wireless network. - Always turn on the firewall
The communications between the wireless network and the rest of the network can be restricted by using firewall or router ACL (Access Control Lists). We can even control the access by wireless devices so that authorized users connected to the wireless network can only surf the Web, or only allowed to access certain folders and applications while connecting the wireless network to the internal network via a web proxy or VPN (Virtual Private Network). - Disable remote administration feature
Most of the routers can be administered remotely through the Internet. We should turn this feature on only if the router lets us define a specific IP addresses or limited range of addresses that are allowed to access the router. If we can’t restrict the range of allowed IP, then anyone could potentially find and access the router from anywhere. As a matter of fact, it is always the best to turn the remote administration feature off.
Comments are closed.