Securing your Wireless Network - top 10 steps
1.Change Admin account:
I use a Linksys wireless router and by default the Admin account is accessed by leaving the username blank and admin as the password. So when I first setup my router I changed the password before I made any other configuration changes. This is just common sense, because you don’t want anyone else to be able to get on your router and make changes, and wouldn’t you look like a fool if someone did, and they used the default password. I would also recommend changing the password regularly.
2.Change the SSID (Service Set Identifier)/ Use SSIDS wisely:
Make this unique, don’t leave it set to default. Why? Because when someone scans for open wireless networks and sees one that says Linksys, then they know two things right off the bat, 1) What brand of equipment you are using and 2.) a starting point to break in. The second thing I would do with the SSID is turn off the broadcast. If they can’t see it, it makes it harder to get into it. Linksys recommends you change this often.
3.Turn off DHCP:
This one is a big one, easy to fix, but a big one none the less. Why? Well let’s say that someone happened to find your network, all they would have to do is connect to it and then they would be given an DHCP assigned IP address and would be able to access your network resources because your router didn’t know that you didn’t want them on. And lets get serious, how many of you have so many machines on your network that it would take more than a few seconds to give each machine a static ip? This will at least make them work at getting on.
4.Turn on WEP Encryption:
Ok, I want to make one thing perfectly clear, WEP (Wired Equivalent Privacy) will not make you safe; it will just make it harder for a hacker to break in. You are not impenetrable because you run WEP Encryption.
5.Enable MAC address filtering:
This will allow your router to only provide access to those MAC address that you assign here. This will take some time, but it does help secure your network. No, this is not a full proof measure, but it will make it harder for someone to gain access. They will have work at it.
6. Limit the number of user addresses:
If you don’t have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have. Then if everyone in the group tries to connect but some can’t, you know there are unauthorized log-ons.
7. Limit access rights:
Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only. Enterprising individuals can spoof MAC addresses, however, which brings us to the next tip.
8. Update your firmware to the latest and greatest:
This will hopefully fix any bugs that have been found for your router and also help with any known security flaws in the router itself.
9. Use RADIUS:
Installing a RADIUS server provides another authentication method. The servers tend to be expensive, but there are open-source options, such as FreeRADIUS (www.freeradius.org), for UNIX-savvy administrators.
10. Ban rogue access points:
If an AP is connected to your home or office network, make sure you or the network administrator put it there. Bob in Accounting isn’t likely to secure his rogue AP before he connects it. Free software like NetStumbler (www.netstumbler.com) lets you sweep for unauthorized APs.
Written by admin on February 15th, 2007 with
no comments.
Read more articles on Miscelenous.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article