Running a wireless lan is great, but there are risks. You can use a computer anywhare in the house and sometimes further. Sadly ? with this flexibility comes some risk. You can never secure your wireless network 100% but you can make it harder for people to use the network or monitor your trafic. The highest risk for home users is going to be from people living nearby with wireless networks.
When I moved into my new home 8 months ago and set up my wireless network someone nearby was running a wireless network. With two or three clicks of the mouse I was able to browse the internet and see the persons computers. I managed to alert this person via netsend and he then secured the network.
There are several steps you can take to make it harder for nearby users to break into your network. These are listed bellow.
- WEP or Wired Equivalent Privacy.
WEP is a system that encodes packets going to and from your wireless card and router/access point. It is a fairly good system but it is not fool proof. There are several WEP modes available on most routers/access points. The higher the WEP level the more protection you have. The type of web that your cards and router will support will be detailed in the products user guide. WEP should be enabled all the time and should be treated as minimum protection for your wireless network. Be aware that WEP encoding/decoding will slow down your connection. This can be a problem if you are using a slow computer as the WEP system will use a great deal of system resorces.
More information on WEP can be found here.
- The SSID or Service Set Identifier.
The SSID is like the workgroup on your home network. It is the name of the wireless network. You need to have the SSID to connect to a wireless lan. Once you have set up your wireless network you can safely disable the router or access point from sending out the SSID. Do not leave the SSID on its default name. Some cards or wireless lan scanners can still pick up the SSID so the system is by no means infalable. It will stop casual computer users from joining your network though. I recomend that you make a note of the SSID as your cards will no longer be able to detect the SSID name and you will need to input this information.
- MAC filtering. or Media Access Control filtering.
The MAC address is a unique string of information in hexadecimal format. Every network card has a different MAC address. Its like a fingerprint for the network card and allows the network to identify the card. One way of making life very hard for unauthorised users is to enable the MAC filter on your router or access point. This will only allow listed MAC addresses access the network. It will not however stop people from sniffing the network trafic. For this you need to use WEP. The mac address can usualy be found on the underside of a wireless network card. If you cant find it you can discover the address from windows. For windows 95/98/ME click on start then run. In the box type winipcfg in the box that appers click the more info button and ensure that the network card is slected from the drop down menu in the middle of the box. The hexadecimal string next to physical address is your MAC address. For 2000/XP/NT click on start then run. In the box type cmd and press enter. In the black box that apears type ipconfig /all in the lines of text that apears you will see an entry called physical address. This is your mac address.
- Using IPSEC To Further Protect The network.
If you have windows 2000 or XP pro then you may be able to use IPSEC. IPSEC is a encrption system that windows uses to send encoded data to other computers or a server. This method will only work if your pc is talking to another pc and not if your pc is talking to a router. Windows 9x based operating systems do not fully support IPSEC.
If you need any further information or you are stuck with a problem then please read the user guide that was dispatched with the product. If you are still stuck then read it again. If that does not help then please post and we will be happy to offer advice and help.
- Using WPA (Also Known As: Wi-Fi Protected Access)
WPA is a security technology for wireless networks. WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.
Why WPA is better than WEP?
One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.
One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or ?passphrase? as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. (Many Thanks to s1lv3r for this info)
This article was originally written by stuartbe on the CF forum.