The first thing that I have to write is that regardless of how secure you set up your wireless network, it is always possible that someone will be able to access your wireless network. The only thing that you can actually do is keep out the casual hacker from accessing your network. I also want to state that a lot of the settings that I specify in this blog entry is "overkill" so the least that you should do with your wireless network is to change the router's default password and to enable WPA encryption.
When setting up your wireless network, the first thing you have to do is to change the default password. After changing the password, you should enable encryption. Without enabling encryption, someone can easedrop on your wireless network and possibly get your passwords as well as see the information that is being transferred back/forth between your computer and the internet. Unless you have something that doesn't support WPA, I would set the router's encryption to one of the WPA variants over WEP because WEP networks can be "easily" hacked. For the WPA Shared Key or passphrase, even though it might be easier to remember and to enter into new devices, picking a totally random string is better than picking something composed of words that can be found in a dictionary. You can pick a random string for your router's passphrase from Gibson Research Corporation's website but this might be going overboard and will make entering your passphrase in your wireless devices very cumbersome.
The more restrictive you configure the router, the fewer wireless devices will be able to connect to this. I use this as a general rule when I configure wireless routers. However, it does make connecting new devices to the router a bit more difficult.
The next thing that I will normally do is pick the wireless mode based on my devices. Generally, for compatibility with all my devices, I will pick a "mixed" mode if my router supports it. If I only have devices that support G (or another mode), I will pick G (or the other mode). For security purposes, there is no point in picking "mixed" mode if all your devices support G (or another mode) and you have no plans on getting a device that supports the non-specified mode. If you configure your router for G-only or N-only (or another mode only), all other devices that don't support that mode won't be able to connect to it.
The next thing that I will generally do is to scan the wireless channel spectrum with a program to see which wireless channel I should pick. I will pick the channel with the least overlap. Depending on the OS, there are a few free programs that do this.
Although this doesn't make a big difference (and I wouldn't rely on it as the sole means to protect a wireless network), I will generally disable the broadcasting of the SSID unless one (or a few) of my devices can only connect to SSIDs that are broadcasting. At the same time, I would also enable MAC filtering. MAC filtering allows only devices with the MAC address that I've specified on the router to connect to it. If for some reason, I am forced to enable the SSID broadcasting, I will set the SSID name to something that can't be identified to my network (for example, I would never pick my name, address, phone number, etc. as the SSID name).
The final thing that I will generally do is to set the DHCP settings for the router outside the common network settings for that specific router as well as restrict the DHCP address range. For example, if I only have 10 devices (both wireless and wired) that will access my router, there is very little point in creating a DHCP address range with a large number greater than 10 IP addresses. This doesn't really offer any real protection on the network since if someone knows what network your wireless router is configured to use and is able to connect to your router, he/she can specify a static IP address and would be able to access your router's internet connection.
The only negative thing about configuring all of these settings onto a wireless router is that, depending on your viewpoint, it takes a little bit or a lot more work in order to connect a new wireless device to this router. Personally, the extra few minutes (less than 5 minutes) in order to connect a new wireless device to my wireless router doesn't bother me.
If you have any questions/comments regarding this blog entry, please don't hesitate to leave a comment in the comments section.
Posts
No comments:
Post a Comment