How To Lock Down Your Wireless Network

Buy an ad on DigitalJournal.com

There are several ways of locking down a wireless network, most of which I will mention in this article. There is almost a step by step at the end of this article to help but there are far too many different kinds of wireless routers (each with their own interface) to supply a specific step by step. For that reason I would recommend having a computer technician who is reputable set up your wireless network for you (and test it after they leave by having a friend come over with a laptop) but if you want to try it yourself just clear your afternoon and look for the terms mentioned below in your router and computer settings.

One very effective way helping to lock down a wireless network is to turn off the broadcasting of the SSID. This is not a method I use except in extreme cases of security because it's not really needed if the other methods are in place. The extreme cases I mention would be, for example, a business that deals with financial data where security is of utmost importance. I actually recommend against a wireless network at all for companies like that but if they insist then I would turn off the broadcasting. That almost makes the network invisible to people nearby. I say almost because the clients (the computers connecting to the network) broadcast as well. So you would not only have to turn off broadcasting on the router, you would also have to turn off broadcasting on the client. Which, for Windows, involves downloading an update to the zero config utility (it's not a critical update so it must be chosen manually) which then gives you the ability to turn off the client broadcasting. I don't normally bother implementing this because it vastly increases the complexity of troubleshooting connection problems.

The earliest and arguably most popular method of locking down a wireless network is by using WEP. This method encrypts and decrypts the traffic at either end of the wireless connection. It does slow down your connection a little bit (because of the time it takes to encrypt and decrypt the data) but it means anyone capturing the data nearby will not be able to see what the data is and use it to connect to your router (with the right software they can capture the packets from your computer without connecting to the router). Or at least it used to mean that the data could not be seen. Now the algorithms used are completely cracked so it wouldn't take a hacker long to break into a network that was locked down using only WEP. In fact, the latest proof WEP cracking tools can get onto most WEP protected networks in under one minute. Just listen to Steve Gibson and Leo Laporte's Security Now Podcast and almost every week they will mention that WEP is no longer secure.

Another early method of locking down a wireless network is using MAC filtering. Evey network adapter (including wireless ones) has a unique MAC address (which stands for Media Access Control but Microsoft calls it the 'physical address', could they be trying to avoid using the letters MAC together?) and MAC filtering involves telling the router to only allow connections from computers that have the MAC addresses you list (then you list the MAC address of all the computers you are using on the network). The problem with this method is that with the right software it is possible to spoof a MAC address. In other words a hacker can make the router think his computer is your computer.

For computers that are older and can't do the newer methods I'll be mentioning next I am confident that a combination of WEP and MAC filtering provides adequate protection for the average home user. It's just like the security system on your house. You don't need the best system in the world, you just have to make your house less attractive to thieves than any other house in the area.

For real wireless protection the latest incarnation of encryption is WPA (this is what I strongly recommend using). There are two flavours of WPA and both are almost equally secure. The first is WPA-TKIP which is really just an improvement on WEP. But it is an improvement that works. It involves changing the algorithm keys on a regular basis to stop hackers from discovering them. The other is WPA-AES (sometimes called WPA2). It involves algorithms that are so complicated that they are considered unhackable (so far). The AES part does require more processing power though, so you can expect that method to slow down your connection ever so slightly again.

Setting up WPA or WPA2 involves putting a 'password' into the router (an advanced password that is not easily guessed at is recommended) and putting the same password into the settings on your computer. Router manufacturers are always trying to make this easier and easier. Usually, once you've configured your router, getting the settings into your computer is simple. When you try to connect to the wireless network it will ask you for the password and once you type it in the system should remember it for next time. One thing to watch out for though, is that if you type the password in wrong it won't tell you it's wrong. It just won't work. So be prepared to remove the wireless settings from your computer and trying again and if you still have trouble you'll be resetting the router and starting over a few times if this is your first time.

To get really advanced and secure you could combine WPA with MAC filtering but I would only recommend that for people who really enjoy playing with computers (as opposed to playing on computers).

Almost a Step by Step:

Assuming your router is already working for wired internet connections you'll need to connect to your router again to lock down your wireless. For most routers you can do this through a browser. First open your browser (internet explorer, FireFox, whatever you are using) and go to the IP address of the router. That will be the same as your computer's default gateway and is usually something like 192.168.1.1, or 192.168.0.1, or 192.168.123.254 (those are the most common ones but they will all start with 192.168. or 10. or 172.).

That should take you to a login page. The default login is usually a blank username and a password of admin (or often the other way around, it should be listed in the router's documentation).

Once logged in you'll usually be clicking on a link called wireless and another for wireless security. On that page you should find the settings I've been talking about (remember I strongly recommend WPA with a strong password). Once this is set there will usually be a save button or apply button to save the settings. Then you can try connecting to the wireless network. Simply type it in and the settings should be saved for next time. If you've done everything right that should be all it takes. Congratulations.

And remember, if you get stuck there are plenty of companies willing to help. You'll get piece of mind knowing it's done right and you'll avoid the frustration and inconvenience of doing it yourself.

--------------------------------------------------------------------------------------------

image:31059:0::0

This article was awarded Top TechAdvice Column by Digital Journal Editors as part of Digital Journal's Weekly Top Find Awards. Digital Journal staff review all articles published by Citizen Journalists every week, selecting the top stories for special recognition. To see a full report of all news and more details on this award, check out TopFinds.