March 2006

Volume 32 Number 2 | PAGE: 26 | BY: Dan Pinnington

Technology Tips & Tricks

The Wonders and Worries of Wireless: Seven Steps to Being Secure

Wireless is just so cool, but it is also a security nightmare. Do you know how to address the dangers of wireless by enabling the security features on your router? Time to learn how.

Few things are more seductive than a wireless network. Once you install one, you will be struck by computing wanderlust the instant you walk around your home or office with a wireless laptop. You will never want to go back to a hard-wired PC.

Today, wireless hardware is dirt cheap and easy to use. However, most people don’t realize that a wireless network is a tempting and very obvious target for hackers. Using wireless without security is the same as putting a giant neon sign on your front lawn that reads, “FREE Internet connection here.” Anyone cruising by with a wireless-equipped laptop can freeload on your Internet connection—and possibly gain access to your network and data.

When wireless hardware first became widely available, manufacturers shipped it with all security features enabled. Assuming that most users want to be as secure as possible, this was eminently logical. The practical result, however, was that most people couldn’t get wireless to work because the security prevented them from connecting. The brilliant solution: Ship everything with all security disabled, then you just plug it in and it works. This makes wireless dead easy to set up and use, but it creates a huge security hole because anyone can easily and instantly connect to your network.

It’s true that wireless security standards are evolving for the better. The latest standard (802.11i) offers far better security than older standards (being, from least to most secure, 802.11b, 802.11a and 802.11g). However, you must remember that with enough time and effort, a determined hacker can still break into most wireless systems. The key to protecting your data is to make hacking into your network as difficult as possible. You do this by enabling all possible security features on your router.

This month I will guide you through seven configuration changes you can make to enable and increase the security on a typical consumer-type router.

You access router configuration settings through a Web-based interface by connecting to the router with your browser. In most cases, entering a standard default gateway address of 192.168.0.1 or 192.168.1.1 will allow you to access this interface. Open this interface, and work through the following changes. Check your router manual for directions specific to your router.

#1: Change the default router password. Access to configuration interfaces is usually secured by a password. Routers are manufactured with a standard or default password. Yours will be in your router manual. These passwords are often common words (like “password” or “admin”) and are widely available on the Web. Changing the default password makes it much harder for a hacker to access a router’s configuration interface.

#2: Disable remote router access. Many routers have a remote administration feature that allows configuration changes to be made across the Internet. This is helpful for IT people, but it also allows hackers to access your router across the Internet. Disable remote administration to close this backdoor to your network.

Note that turning off remote access also prevents you from making configuration changes to the router across a wireless connection. After making this change, you will have to connect to your router with an Ethernet cable to make configuration changes.

#3: Disable SSID broadcasting. Routers broadcast a service set identifier (SSID) so they are easy to locate and connect to. This SSID is the name of your wireless network. The radio signal from your router radiates in a sphere 30 to 50 yards or more in diameter. SSID broadcasting is the neon sign advertising the existence of your network to all that can receive a signal from your router. Wireless-enabled laptops and PCs scan their surroundings for SSIDs, and will display a list of all networks for which they can pick up signals. Stop your router from advertising its presence by disabling SSID broadcasting. This effectively hides your network from wireless snoopers, aka war drivers.

#4: Change the default SSID. Specific makes and models of routers are configured with a default SSID. Like default passwords, these are common terms (such as “network”) and are also widely known or easily determined. Even if you disable SSID broadcasting, hackers can easily connect to the router if they know the appropriate SSID. Therefore, you must change your default SSID to a term only you know.

Change it to something that is not a common word or is not obviously connected to you. Ideally, use a combination of letters and numbers. Note that you will have to give the same SSID to all wireless devices on your network.

#5: Turn on the router firewall. Most routers also have their own firewall. Make sure the firewall is turned on (which is the default in most cases). Some firewall settings offer even more protection for your network. A “Block Anonymous Internet Requests” setting is on most router firewalls and should be enabled. Review your manual for other security settings you can enable on the router firewall. For maximum security, also run a software firewall on the computers on your network.

#6: Enable data encryption. Passwords and data transmitted by wireless devices can be intercepted and read by anyone who can receive wireless signals, especially at the point where wireless devices are initially connecting to one another. To prevent this, you need to enable the encryption features that are on most routers. Wired Equivalent Privacy (WEP), the oldest form of encryption, is on most routers in use today. It is not very secure, but it is better than nothing. Wi-Fi Protected Access (WPA) is newer and offers more protection than WEP. The newest wireless devices will have WPA2, which offers the best security. Unfortunately, WEP and WPA aren’t compatible with each other. Use WPA or WPA2 if all your devices have it; otherwise, use WEP.

After you enable WEP or WPA, you will see further configuration settings in your interface. Check your router manual for information on these settings and configure them as appropriate.

#7: Enable MAC filtering. A Media Access Control (MAC) address is an identifying number assigned to every network device. Like your home address, MACs give every device on a network a unique identity, thereby allowing data to travel across the network and get to the correct computer. MAC filtering improves security by letting you restrict the MAC addresses of wireless and network devices with which your router can communicate. Devices with unrecognized MAC addresses can’t connect to your network. You will have to add the MAC address of all devices on your network to the list on your router and then enable MAC filtering. MAC addresses are usually printed on a sticker that is attached to a wireless network card, or on the bottom of a wireless-enabled laptop.

Keep Thwarting the Hackers

Now that you better appreciate the worries of wireless, take the time to enable the security features needed to lock down your routers. Stay alert to the fact that with enough time and determination, a hacker can get into many wireless networks. Changing the seven router settings discussed here will make hacking your system much more difficult. Keep your data safe and secure.

 

 

LP

Advertisement