Add to Favorites     Email this Page to a Friend  

Home Wireless Network Security

Protect your Home Computer Network Security

Wireless Home Network Diagram ©Microsoft Corporation

Making your Wireless Home Network More Secure

Wireless home networks can be vulnerable to a malicious outsider gaining access principally because of the accessibility that wireless networks offer, present encryption methods and use of default settings on some wireless hardware.

Home wireless networks operate under a standard called 802.11b. Now with prices less than $50 for laptop cards and access points priced under $100, home users see these networks as cost savings versus home wiring. What's more they're so convenient! As a result there has been explosive growth in the deployment of 802.11b home networks - and concomitant security risk.

Installation is extremely simple - perhaps too simple. To install an access point, essentially you take it out of the box, plug it into the wired Ethernet segment of your home network (right on your cable or other modem) and turn it on! For many plug-and-play operating systems, you simply take the laptop card and plug it into the slot and it starts to seek out an access point.

802.11b transmits and receives in the 2.4GHz range and it is fast - capable of a network capacity of 11Mbps. To achieve these speeds, a user must usually be within a few hundred yards of the main connection (the access point), but even at distances of 300 yards, signal strength can be sufficient for network speeds in excess of 2 to 3 Mbps. Herein lies another problem - your wireless home network is potentially transmitting signals hundreds of yards outside your home.

Wireless access points repeatedly send out signals to announce themselves so that users can find them to initiate connectivity. This signal transmission includes what's called the access point's Service Set Identifier (SSID) and it is sent unencrypted. (SSIDs are names or descriptions used to differentiate networks from one another.) This could make it easy for unauthorized users to learn the network name and attempt an attack or intrusion.

So what's a wireless home network user to do?

The 802.11b standard permits what is called Wired Equivalent Privacy (WEP) encryption. There are two levels of WEP typically available: 64-bit encryption based on a 40-bit encryption key, and 128-bit encryption based on a 104-bit key.

Purchase access points and network adapters that support 128-bit WEP. Some products only support 64-bit (40 bit key) WEP, and are not as secure. Be sure to enable the highest level of WEP that your hardware provides. But enabling WEP is only the first important thing for you to do to protect your home computer network security.

Other steps you can take to make your home wireless network more secure.

• When it comes to finding a place in your home for your wireless access point, try to locate the hardware as close to the center of your home as possible, rather than near windows or exterior walls. (If the router is located near a window, remember that a signal could radiate outside your home making it easier for those outside to locate your network. You might actually take a portable computer equipped with a wireless network adapter, and walk around outside your home to see how far away you get any signal. You'll probably be surprised by how far the signal radiates. If you can connect from 100 feet or two houses away, someone else can too!)

• Change the default Service Set Identifier (SSID) and passwords for your network devices. Wireless routers have been known to ship from the manufacturer with default settings for the SSID and passwords which are set the same on all devices. Do not change the SSID or password to reflect your name or address, or anything that might be easy for someone to guess. Use a mix of upper and lower case letters, numerals and symbols for the password, if the hardware supports this. DON'T FORGET TO WRITE YOUR PASSWORD DOWN AND PUT IT IN A PLACE WHERE YOU KNOW YOU CAN FIND IT!

• Disable Dynamic Host Configuration Protocol (DHCP) and use static IP addresses instead. Using DHCP automatically provides an IP address to anyone, authorized or not, attempting to gain access to your wireless home network, again making it just that much easier for unauthorized penetration. Also consider changing the IP subnet to a different subnet that does not route on the Internet. Many wireless routers default to the 192.168.1.0 network and use 192.168.1.1 as the default router.

• Move or encrypt the SSID and the Wired Equivalent Privacy (WEP) key that are typically stored in the Windows registry file. Moving these privileged files makes it more difficult for a hacker to acquire privileged information. This step could either prevent an unauthorized intrusion or delay the intrusion until detection occurs.

• Try to set up a closed home computer network. In a closed network, you must type the SSID into the client application instead of selecting the SSID from a list. This feature makes it slightly more difficult for users to gain access, but it is yet another possible step to protect your home computer network security.

  (For businesses with many users it's also a good idea to change the SSID regularly so that terminated employees can't gain access to the network. Develop and implement an SSID management process to change the SSID regularly and to inform authorized employees.)

• Purchase an access point that has a flashable firmware. There are always new wireless network security enhancements that are being developed, and you want to make sure that you can upgrade your access point as these become available.

For more specific information about the implementation of these suggestions, see the documentation for your wireless network hardware or contact the hardware vendor.