Friday, December 19, 2008

10 Tips for Wireless Home Network Security

Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The recommendations below summarize the steps you should take to improve the security of your home wireless network.
1. Change Default Administrator Passwords (and Usernames)At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.
More Info
2. Turn on (Compatible) WPA / WEP EncryptionAll Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Sever al encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.
More Info
3. Change the Default SSID Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.
More Info
4. Enable MAC Address Filtering Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
More Info
5. Disable SSID Broadcast In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.
More Info
6. Do Not Auto-Connect to Open Wi-Fi Networks Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.
More Info
7. Assign Static IP Addresses to Devices Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.
More Info
8. Enable Firewalls On Each Computer and the Router Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
More Info
9. Position the Router or Access Point SafelyWi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
More Info
10. Turn Off the Network During Extended Periods of Non-UseThe ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers. If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router

without powering down the entire network.

Uses

A Wi-Fi enabled device such as a PC, game console, mobile phone, MP3 player or PDA can connect to the Internet when within range of a wireless network connected to the Internet. The coverage of one or more interconnected access points— called a hotspot — can comprise an area as small as a single room with wireless-opaque walls or as large as many square miles covered by overlapping access points. Wi-Fi technology has served to set up mesh networks, for example, in London.Both architectures can operate in community networks.
In addition to restricted use in homes and offices, Wi-Fi can make access publicly available at Wi-Fi hotspots provided either free of charge or to subscribers to various providers. Organizations and businesses such as airports, hotels and restaurants often provide free hotspots to attract or assist clients. Enthusiasts or authorities who wish to provide services or even to promote business in a given area sometimes provide free Wi-Fi access. Metropolitan-wide Wi-Fi (Muni-Fi) already[update] has more than 300 projects in process.There were 879 Wi-Fi based Wireless Internet service providers in the Czech Republic as of May 2008Wi-Fi also allows connectivity in peer-to-peer (wireless ad-hoc network). mode, which enables devices to connect directly with each other. This connectivity mode can prove useful in consumer electronics and gaming applications.
When wireless networking technology first entered the market many problems ensued for consumers who could not rely on products from different vendors working together. The Wi-Fi Alliance began as a community to solve this issue — aiming to address the needs of the end- and to allow the technology to mature. The Alliance created the branding Wi-Fi CERTIFIED to reassure consumers that products will interoperate with other products displaying the same branding.
Many consumer devices use Wi-Fi. Amongst others, personal computers can network to each other and connect to the Internet, mobile computers can connect to the Internet from any Wi-Fi hotspot, and digital cameras can transfer images wirelessly.
Routers which incorporate a DSL-modem or a cable-modem and a Wi-Fi access point, often set up in homes and other premises, provide Internet-access and internetworking to all devices connected (wirelessly or by cable) to them. One can also connect Wi-Fi devices in ad-hoc mode for client-to-client connections without a router. Wi-Fi also enables places which would traditionally not have network to be connected, for example bathrooms, kitchens
nd garden sheds The 'father of Wi-Fi', Vic Hayes, stated that being able to access the internet whilst answering a call of nature was 'one of life's most liberating experiences'.
As of 2007 Wi-Fi technology had spread widely within business and industrial sites. In business environments, just like other environments, increasing the number of Wi-Fi access-points provides redundancy, support for fast roaming and increased overall network-capacity by using more channels or by defining smaller cells. Wi-Fi enables wireless voice-applications (VoWLAN or WVOIP). Over the years, Wi-Fi implementations have moved toward "thin" access-points, with more of the network intelligence housed in a centralized network appliance, relegating individual access-points to the role of mere "dumb" radios. Outdoor applications may utilize true mesh topologies. As of 2007 Wi-Fi installations can provide a secure computer networking gateway, firewall, DHCP server, intrusion detection system, and other functions

Wi-Fi

Wi-Fi is a trademark of the Wi-Fi Alliance, originally founded in 1999 as WECA (Wireless Ethernet Compatibility Alliance). The organisation comprises more than 300 companies, whose products are certified by the Wi-Fi Alliance, based on the IEEE 802.11 set of standards (also called WLAN (Wireless LAN) and Wi-Fi). This certification grants the interoperability between different wireless devices.
The alliance was founded because in many products the IEEE 802.11 standards were not implemented correctly or entirely, and some included proprietary extensions. This led to many incompatibilities between products from different manufacturers.
The Wi-Fi Alliance tests the wireless components by their own terms of reference. Products that pass the test get the Wi-Fi certificate and are allowed to wear the Wi-Fi logo. But only the products of the Wi-Fi Members are being tested, as they pay a membership fee and a per-item-fee. According to that, a missing Wi-Fi logo does not necessarily mean an aberration from the standard.
In some countries (USA, France, Poland...) the term "Wi-Fi" is often used by the public as a synonym for wireless internet (W-LAN), although not every wireless internet product has a Wi-Fi certification. This is due to certification costs that have to be paid for every single certified device.
Wi-Fi certification is provided for the wireless technology used in home networks, mobile phones, video games and other electronic devices that require some form of wireless networking capability. In particular, it covers the various IEEE 802.11 technologies (including 802.11a, 802.11b, 802.11g, and 802.11n).
Wi-Fi certified technologies are supported by nearly every modern personal computer operating system, most advanced game consoles, laptops, smartphones and many printers and other peripherals.