Remember no network will be completely secure, but following the recommendations and providing multiple layers of security, will lessen the risk from someone breaking into your network. Some of the tips include technical terms. Always consult your wireless router vendor documentation or website support as needed. Before making any changes, backup the router configuration or write down all configured settings.
All tips are for home use. If you are connecting to your Company network with your wireless router, contact your Company I.T. department for assistance.
- Change Your Router Default Password - A must in the first line of defense. Create a strong password with a mix of numeric, alpha and symbolic characters. Password length should be between 8 and 15 characters, or longer in length, and should not be obvious to you (such as kids or wife name, birthdays, favorite cars or sports teams, etc). If your wireless router includes a user name, it's a good idea to change it to another name other than the default name.
- Rename and Disable SSID Broadcast on your Wireless Router - SSID (Service Set Identifier) is the network name or identifier for the wireless router. SSID's broadcast a beacon signal (usually about 10 times each second) which announces to the world that the network is live and ready to go.
With broadcasting off, wireless clients must first know the SSID before they can connect. If you have multiple PC's on your home network simply type the new name in your wireless client's setup to connect to your router when SSID is disabled.
Remember to always change the SSID name to something other than the default. - Enable Infrastructure Mode - When using the "ad-hoc" mode, which lets clients set up peer-to-peer networks, rogue users will be able to connect to your network through a legitimate wireless client. This setting configuration can be found on your PC wireless network card.
- Use MAC Addressing Filter On Your Wireless Router - Many routers let you restrict access to known MAC (Media Access Control) addresses. Each network device, such as a computer network card (NIC) has a unique MAC address. By allowing access only to pre-defined MAC addresses you can reduce the risk of rogue clients connecting to your home network.
- Change the Default Router IP Address Setting - Router manufacturers set every router with an IP address. For example, Linksys routers are configured with an IP address of 192.168.1.1. These address settings are well known and published, and can be easily discover by hackers if they know the router manufacturer and type.
Changing the IP address during the setup process, for example to 192.168.80.1 does not secure the router, but will make any attackers guessing for the IP address. Changing this setting, will automatically change the DHCP IP addresses handed out by your router to PC's allowed on your network. - Use WPA or WPA2 PSK (Wi-Fi Protected Access with Pre Shared Key) Encryption - When possible use WPA or WPA2 PSK over WEP (Wired Equivalent Privacy). Both Windows XP and Mac OS X support them, along with any access point manufactured within the past few years. WPA and WPA2 both have a mode called the PSK mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.
If your hardware does not support WPA2 use WPA. Creating a strong shared key (PSK) will lessen the chance of attackers successfully breaking in to your network. If you router only supports WEP, and your concerned about security, considered upgrading to a new router along with your PC NIC cards. - HTTPS, Firewall and Remote Access Settings On Your Wireless Router - Make sure HTTPS is enable for connecting to the router administration setup over your local network. Verify the firewall is enabled and all incoming ports are blocked. Disable remote access over the Internet setting.
If for any reason you need to provide remote access via the Internet, enable it only when needed and change the default management port setting to something other than 8080. - Enable And Monitor Your Wireless Access Logs - Check your logs frequently for rogue access points (AP) or clients attached to the network. If you spot unknown clients or AP's connected to your network, change your WEP or WPA code, and do a little detective work in identifying unknown connections to your network.
Also check the status screen that shows the MAC addresses of all clients currently connected to the network and verify they are known devices. - Backup Your Router Configuration Settings - Although, not considered a security setting, backing up the router configuration before making changes will allow you to easily restore the settings in the event you make a mistake. This will prevent your router from being vulnerable if you are unsure about any changes you have made.
- Turn off Your Wireless Router When Not In Use - Why would you want to do this? When your router is powered off, your network cannot be compromised. Consider doing this when you go on vacation or you will not be using you network for extended periods of time. Just turning off your PC may prevent the PC from being attacked, but it will not prevent someone from breaking into your network via your router if it is powered on.
No comments:
Post a Comment