It’s estimated 80,000 homes have wireless networks. Our guess is anything up to 50% are not secured properly. How do you go about securing one?

The most obvious result is the risk of massive excess Internet fees or having your service slowed when it exceeds the monthly data allowance. But there are other risks. Some of which can be very embarrassing.

One household we were called to was being disconnected every month because someone was using their network to send spam. Recently one of our techs once walked out of setting up a new home wireless network to find a couple snooping with a laptop.

Another risk is an unsecured network can be used for illegal activity. Given most viruses, spam and phishing scams start from compromised computers and networks, it's your responsibility not to be one of them.

The risks don't end there either. To track down the bad guys, authorities start with the network address. This means if your Internet connection is being used to send phishing scams, pornography or file sharing, it's your door the police will be knocking on.

So it's important to secure your wireless network. The manufacturers are aware of these issues and have a number of features built into most wireless equipment. Properly used, these settings will keep all but the most dedicated hacker off your system.

Before securing your network, you must read the manual that came with your wireless router or access point. If you get your settings wrong, you will be locked out, so you need to know how to reset it. It’s also best to use a computer wired directly to the access point when configuring security.

Naming your wireless network

Every wireless network has it"s own name, known as a Service Set IDentifier. If you don't change it from how it comes from the shop (ie "Netgear", "Default" or "Motorola") it's easy for the casual hacker to guess your passwords. It's a good idea not to use your address or name as the SSID, you don't want to give away too many secrets to the neighbourhood.

Enable Wi-Fi Protected Access

WPA encrypts the wireless signal making it difficult for a hacker to connect without knowing the passkey. A passkey should be something long and relatively difficult to guess. A combination of letters, both capital and lower case, and numbers are a good idea, your dog's name followed by your phone number followed by your suburb is the sort of thing to put in here but remember to write it down.

Older equipment might only come with Wired Equivalent Privacy. WEP is an older and less secure standard than WPA. The passkeys for WEP are usually a mind numbing long string of letters and numbers which is a good incentive for buying newer WPA gear.

MAC Address filtering

Every computer network deivce has a unique number, known as the Media Access Control address. You can set your wireless router to only accept connections from known addresses. Even if the neighbours can see your network, they can’t connect without a permitted number.

Hide your SSID

You can hide your network name by turning off your SSID broadcast, which means your system doesn't tell the neighbours it's name. This is not recommended by purists as it's against the WiFi standards. It also makes some devices stop working, so we tend not to do this.

Disable DHCP

Every computer connected to the Internet has it's own address, called a TCP/IP number. You can either get one from your server or you can have a "fixed" one that you enter yourself.

On a home network the Internet router gives IP addresses out. This is called Dynamic Host Configuration Protocol. By turning it off on your wireless network, a hacker has to guess the addresses before they can connect. This should only be done by those who understand TCP/IP addressing and subnets.

Virtual Private Networking

A Virtual Private Network encrypts the talk between computers. While not strictly part of a wireless network, it adds another level of difficulty for someone trying to figure out how your network is set up. VPNs are notoriously difficult to setup, so this is not something we recommend for the home user.

Reduce your power

Many wireless routers and access points allow you to adjust the power used. The less signal that escapes your premises, the less likely an outsider can find your network. One everything is working, reduce the power to the minimum you need to connect.

Secure your network

To further hide your system from the bad guys, it’s a good idea to only share the minimum you need to share. Don’t share entire drives and don’t use the default network names generated by Windows.

Protect your system

Trojan horses and viruses can creep onto your system and compromise your security. Follow our Protection Kit guidelines. The best secured network will be defeated by a well placed Trojan horse or spyware.

The aim of this is to keep your neighbours and their curious 15 year old son off your network. If the kid next door is a serious hacker they can defeat all these precautions with the right skills, tools and plenty of time. Should you get infected with a trojan or virus, then all of this is pointless anyway (which is true of a wired network as well).

As this article shows, setting up a secure wireless network is not for the faint hearted. No matter how much the product is improved, wired networks are more secure, faster and more reliable. We recommend only considering wireless networks if wiring a building is not feasible.

Home	ABC	Tips & Hints	Archive	Links	Search	Our Services	Contact us

	Securing a wireless network 11 January 2007 *It’s estimated 80,000 homes have wireless networks. Our guess is anything up to 50% are not secured properly. How do you go about securing one?* One of the most common problems we see are unsecured wireless networks. Unlike a wired network, anyone can connect to a wireless network unless it has been secured properly. While it probably doesn't matter if your neighbours connect accidentally to check their email, there can be some serious problems. The most obvious result is the risk of massive excess Internet fees or having your service slowed when it exceeds the monthly data allowance. But there are other risks. Some of which can be very embarrassing. One household we were called to was being disconnected every month because someone was using their network to send spam. Recently one of our techs once walked out of setting up a new home wireless network to find a couple snooping with a laptop. Another risk is an unsecured network can be used for illegal activity. Given most viruses, spam and phishing scams start from compromised computers and networks, it's your responsibility not to be one of them. The risks don't end there either. To track down the bad guys, authorities start with the network address. This means if your Internet connection is being used to send phishing scams, pornography or file sharing, it's your door the police will be knocking on. So it's important to secure your wireless network. The manufacturers are aware of these issues and have a number of features built into most wireless equipment. Properly used, these settings will keep all but the most dedicated hacker off your system. Before securing your network, you must read the manual that came with your wireless router or access point. If you get your settings wrong, you will be locked out, so you need to know how to reset it. It’s also best to use a computer wired directly to the access point when configuring security. Naming your wireless network Every wireless network has it"s own name, known as a Service Set IDentifier. If you don't change it from how it comes from the shop (ie "Netgear", "Default" or "Motorola") it's easy for the casual hacker to guess your passwords. It's a good idea not to use your address or name as the SSID, you don't want to give away too many secrets to the neighbourhood. Enable Wi-Fi Protected Access WPA encrypts the wireless signal making it difficult for a hacker to connect without knowing the passkey. A passkey should be something long and relatively difficult to guess. A combination of letters, both capital and lower case, and numbers are a good idea, your dog's name followed by your phone number followed by your suburb is the sort of thing to put in here but remember to write it down. Older equipment might only come with Wired Equivalent Privacy. WEP is an older and less secure standard than WPA. The passkeys for WEP are usually a mind numbing long string of letters and numbers which is a good incentive for buying newer WPA gear. MAC Address filtering Every computer network deivce has a unique number, known as the Media Access Control address. You can set your wireless router to only accept connections from known addresses. Even if the neighbours can see your network, they can’t connect without a permitted number. Hide your SSID You can hide your network name by turning off your SSID broadcast, which means your system doesn't tell the neighbours it's name. This is not recommended by purists as it's against the WiFi standards. It also makes some devices stop working, so we tend not to do this. Disable DHCP Every computer connected to the Internet has it's own address, called a TCP/IP number. You can either get one from your server or you can have a "fixed" one that you enter yourself. On a home network the Internet router gives IP addresses out. This is called Dynamic Host Configuration Protocol. By turning it off on your wireless network, a hacker has to guess the addresses before they can connect. This should only be done by those who understand TCP/IP addressing and subnets. Virtual Private Networking A Virtual Private Network encrypts the talk between computers. While not strictly part of a wireless network, it adds another level of difficulty for someone trying to figure out how your network is set up. VPNs are notoriously difficult to setup, so this is not something we recommend for the home user. Reduce your power Many wireless routers and access points allow you to adjust the power used. The less signal that escapes your premises, the less likely an outsider can find your network. One everything is working, reduce the power to the minimum you need to connect. Secure your network To further hide your system from the bad guys, it’s a good idea to only share the minimum you need to share. Don’t share entire drives and don’t use the default network names generated by Windows. Protect your system Trojan horses and viruses can creep onto your system and compromise your security. Follow our Protection Kit guidelines. The best secured network will be defeated by a well placed Trojan horse or spyware. The aim of this is to keep your neighbours and their curious 15 year old son off your network. If the kid next door is a serious hacker they can defeat all these precautions with the right skills, tools and plenty of time. Should you get infected with a trojan or virus, then all of this is pointless anyway (which is true of a wired network as well). As this article shows, setting up a secure wireless network is not for the faint hearted. No matter how much the product is improved, wired networks are more secure, faster and more reliable. We recommend only considering wireless networks if wiring a building is not feasible.

Securing a wireless network