As wireless networks become more and more common these days, networks are becoming easier to break into. The problems stem from the fact that WLANs are very easy to set up and configure. Another reason is that most of the networks are set up with default factory setting which understandably has no restrictions. However, I don’t mean to defame WLANs, because if properly configured, they can become a boon for mobile users.
So how do we secure our Wifi infrastructure?
Do not broadcast your SSID
Almost every access point and router persistently broadcasts the network’s name, or SSID (Service Set Identifier). While this makes setting up wireless clients extremely easy since they discover a WLAN without having to know what it’s called, it will also make your WLAN visible to any wireless system that is within the proximity. Turning off SSID broadcast makes your WLAN invisible to any passer-by.
Change the default password of your AP
Do not leave your access point connected to your network with default passwords. Use a strong password to protect your AP.
Use MAC filtering to control access
Find out the MAC (Media Access Control) address of every system that will connect to your WLAN so that you can limit network access to only your systems by using MAC filtering.
Use WPA encryption instead of WEP
WEP (Wired Equivalent Privacy) encryption has some weaknesses that makes it vulnerable to network crackers. WPA (Wi-Fi Protected Access) provides better protection and is also easier to use, since your password characters aren’t limited to 0-9 and A-F as they are with WEP. A newer version, WPA2, is found in newer hardware and provides even stronger encryption.
Control remote administration
Most WLAN routers can be remotely administered via the Internet. Keep remote administration turned off, unless you absolutely need this capability. Even if you need to use this feature, define a specific IP address or limited range of addresses that will be able to access the router.
Control your broadcast area
Adjust the signal strength and direction of your AP so that your signals won’t exceed your exterior walls. This is likely to prevent malicious users with snooping equipments from picking up the wireless signals.
Use a firewall
Make sure you have a personal firewall up and running before you start using the public hotspots in an airport or hotel lobby.
Change the default SSID of your AP
Change the default SSID of your AP. Do not use anything obvious like your office name or your department name as your SSID.
Using a RADIUS server provides centralized authentication and accounting which is likely to increase security.
Limit the scope of DHCP addresses
Most access points also act as a DHCP server which provides IP Addresses to clients. Limit the DHCP scope to the number of addresses that is actually required for your network. This is likely to prevent unauthorized users from obtaining IP address from your AP and connecting to your network.