| A wireless home network brings many benefits | | | | are within range, and what their names are. |
| – all the family can access the Internet | | | | It’s the first step to connecting to a wi-fi |
| simultaneously, you can use a laptop anywhere | | | | network. This feature is not necessary in a home |
| within the radius of the wireless network, freeing | | | | network, however, and is undesirable since it |
| you from physical constraints, you don’t have | | | | allows external entities to discover your |
| to string Cat-5 cabling throughout your house (no | | | | network’s SSID. It is strongly advised that |
| holes in the wall either!) – but a wi-fi network | | | | home network users disable this feature in order |
| also brings it’s own set of security problems. | | | | to improve the security of your wi-fi network. |
| The following recommendations itemise the steps | | | | 6. Enable MAC Address filtering |
| which should be taken to improve your wi-fi | | | | The functionality known as Media Access Control |
| network’s security. | | | | (MAC) address filtering uses a computer's physical |
| 1. Put the access point in a central position | | | | hardware. Each computer has its own unique MAC |
| Wi-Fi signals radiate from the router or access | | | | address. MAC address filtering allows the network |
| point, so positioning the access device as centrally | | | | administrator to enter a list of MAC addresses |
| as possible achieves two objectives. Firstly it | | | | that are allowed to communicate on the network. |
| ensures that the wi-fi signal will reach all areas in | | | | It also allows the network administrator to deny |
| your house, and secondly it will minimize the | | | | access to any MAC address not specifically |
| amount of signal leakage beyond your property. | | | | allowed onto the network. This method is very |
| This is important to minimize the chance of | | | | secure, but if you buy a new computer or if |
| drive-by access to your system. If your signal | | | | visitors to your home want to use your network, |
| can be accessed by someone in the street, it | | | | you'll need to add the new machine’s MAC |
| may be detected and exploited by unscrupulous | | | | address to the list of approved addresses. |
| people, and if your network security is not | | | | 7. Assign Static IP Addresses to Devices |
| sufficient, they may even be able to access your | | | | Static IP address assignment (sometimes also |
| confidential information. | | | | called fixed addressing) is an alternative to |
| 2. Enable an Encryption Scheme for devices on | | | | dynamic addressing (called DHCP) on Internet |
| your network | | | | Protocol networks. Dynamic Host Configuration |
| All Wi-Fi equipment supports some form of | | | | Protocol (DHCP) is an Internet protocol for |
| encryption which makes messages sent over a | | | | automating the configuration of computers that |
| wireless network less likely to be read by an | | | | use TCP/IP. DHCP can be used to automatically |
| external entity. Available encryption schemes | | | | assign IP addresses to devices connected to your |
| vary, with WEP being the weakest (and oldest) | | | | wi-fi network.. Dynamic addressing is convenient. |
| and WPA - and now WPA2 - being stronger | | | | It also allows mobile computers to more easily |
| and better. You can’t mix and match, though, | | | | move between different networks. Unfortunately, |
| as all wi-fi devices on your network must use the | | | | this can work to the advantage of hackers, who |
| same encryption scheme. WEP may be not as | | | | can get valid IP addresses from your |
| good as the WPA settings, but remember that | | | | network’s DHCP pool. To avoid this possibility, |
| it’s far better than no encryption at all. | | | | turn off DHCP on your access point or router and |
| 3. Choose new default Usernames and | | | | assign a fixed IP address to each device on the |
| Administrator Passwords | | | | network. |
| An Access Point or Router is the heart of a | | | | 8. Enable hardware and software Firewalls on your |
| home wi-fi network. These come from the | | | | network |
| factory with default administrator usernames and | | | | Most routers these days contain built-in hardware |
| passwords. Manufacturers set both the account | | | | firewall capabilities, but it’s also recommended |
| username and password at the factory. The | | | | that each computer (PC or laptop) connected to |
| admin account allows a user to enter network | | | | your wi-fi network should have its own personal |
| addresses and account information. The username | | | | software firewall installed. A software firewall will |
| is often simply the word admin or administrator. | | | | protect your computer from intrusion by scanning |
| The password is typically blank or consists of the | | | | incoming messages and blocking suspicious traffic |
| words "admin", "public" or "password". Hackers are | | | | from entering your system. It will also prevent |
| well aware of these defaults and if you don’t | | | | unauthorized outgoing messages which may |
| change them, there is a grave danger of leaving | | | | prevent Trojans on your system from sending |
| your network open to access by a baddie. As | | | | your valuable information to a hacker. |
| soon as you set up your access point or router, | | | | 9. Disable automatic connection to open Wi-Fi |
| change the admin username and password and | | | | networks |
| it’s a good idea to change them on a regular | | | | If your wi-fi enabled device detects an open (i.e. |
| basis, say every 30 to 60 days. | | | | unsecured) wi-fi network, such as a free wireless |
| 4. Change the default SSID name | | | | hotspot or even a neighbors unsecured network, |
| Manufacturers of wi-fi access points and routers | | | | it may connect automatically without informing |
| normally ship their products with a default | | | | you. For example, on Windows XP computers |
| network name (the SSID). SSID stands for | | | | having Wi-Fi connections managed by the |
| Service Set Identifier, which is a 32-character | | | | operating system, the setting is called |
| sequence that uniquely identifies a wireless LAN. In | | | | "Automatically connect to non-preferred |
| other words, the SSID is the name of the | | | | networks." Once connected, you could be |
| wireless network. In order for a wireless device | | | | exposing your system to a security risk. Disable |
| to connect to a wireless network it must know | | | | all automatic connections, or at least only allow |
| the SSID of the wireless network in question. If | | | | connection once you have been informed and |
| you plug your wireless router or access point in | | | | have approved the connection. |
| and leave the default SSID, it won't take long for | | | | 10. Shut down your network when you’re not |
| an attacker to determine what the SSID is. As | | | | using it |
| soon as you configure your access point or | | | | If your wi-fi network isn’t turned on, hackers |
| router, change the SSID to a unique name that | | | | can’t get to it. This is possibly the very best |
| will be difficult to guess. | | | | way to avoid security problems. Of course, if |
| 5. Disable SSID Broadcasting | | | | it’s turned off, you can’t use it either… |
| SSID broadcasting by your access point or router | | | | However, consider turning off your wireless |
| occurs every few seconds and is intended to | | | | system during periods of non-use, such as |
| allow users to find, identify and connect to wi-fi | | | | vacations, if you are away from home on |
| networks. If you have a wireless device, this | | | | business, or any other periods when you know |
| feature allows you to discover which networks | | | | you won’t be using it. |