Securing a Wireless Home Network Part VI

Here are Part I, Part II, Part III, Part IV, and Part V.

Prevent Unintentional Roaming
Wireless networks are a bit like cell phones. Your cell phone ties to find the closest cell tower so that you can get the most bars of signal strength to have high-quality voice calls.

Wireless NICs work in a similar way in that they try to find the wireless router that has the strongest signal. The assumption is that the router it finds is yours because it is the closest and therefore has the strongest signal. However, that is not always true. If you have poor signal strength in a particular room of your house and your neighbor's router actually has a better signal in that room,, your wireless NIC might try to roam onto your neighbor's router, unless you instruct it not to.

You do not want your laptop unintentionally hopping over to your neighbor's wireless router whenever it sees a stronger signal or for whatever reason loses connectivity with your own router.

Using the Linksys NIC management utilities (such as WLAN Monitor), this is pretty easy. Simply do not add your neighbor's wireless SSID as a profile.When using Windows XP to manage wireless connections, an additional step is required:

Now, if the wireless NIC sees your neighbor's wireless router, it will not try to connect to it because it is not in the list of preferred networks.

Wireless Security Checklist
Wireless networks are extremely beneficial, but you must take some simple steps to protect them. Without taking the steps in this chapter, it is the equivalent of locking the front door and leaving all window and back doors unlocked and standing open. It is pretty easy (and so critical) to add appropriate security. Here's a quick checklist to refer to:

Summary
The steps in this chapter are really what most people need to keep their wireless network secure in all but the most extreme cases. The fact is that your SSID can be guessed or discovered, encryption schemes can be cracked (especially WEP), and MAC addresses can be spoofed (via a method called MAC address cloning); but this takes a great deal of skill, time, and money. If you want more protection than this, you can get it, but if you are still worried about wireless security, your best solution might be to stick with a wired network.

One additional wireless security measure that you can take that has not yet been discussed is MAC address locking (often called MAC address filtering). Because each wireless card has a unique identifier called a MAC address, and we know what the MAC addresses are for all of our wireless cards, we could instruct the wireless router to only accept connections from our cards and no one else's. This is called MAC address locking.Turning on MAC address locking is not trivial and can be a bit of trouble. Remember, with every security measure enabled, you typically lose some flexibility. For example, with MAC address locking enabled, you need to change the configuration on the wireless router if you buy a new wireless card or device. Also, if you have visitors who want temporary Internet access, you would have to grant them access by adding their MAC address to the permission table.

MAC address locking does provide an additional level of protection. If you want to enable it, see Appendix B, MAC Address Locking for Wireless Security. Click Appendix under "More Information."

One final thought for those of you who are really paranoid. There is one way to make your network 100 percent hacker proof: Turn everything off! Going to bed for the night? Leaving town for the weekend? Turn your network off.

If your wireless router and your broadband modem are on the same power strip, you can completely secure your network with the flip of a switch. This will not affect anything at all on your network (unless you're running a server, of course), and it gives you complete peace of mind while you are away from your network.

Finally, do mot forget to write down the information, including the SSID, WEP or WPA passphrase, WEP key, and so on. You will need these at some point when adding new devices or computers to your network.About the Authors
Jim Doherty is the director of marketing and programs with Symbol Technologies' industry solutions group. Before Symbol, Jim worked at Cisco Systems, where he led various marketing campaigns for IP telephony and routing switching solutions. Jim holds a B.S. degree in electrical engineering from N.C. State University and an M.B.A. from Duke University.

Neil Anderson is a senior manager in enterprise systems engineering at Cisco Systems and is currently responsible for large corporate customers in the areas of routing and switching, wireless, security, and IP communications. Neil holds a bachelor's degree in computer science.

To contact either author, please email: [email protected] and use Home Network Security Simplified/post question as the subject line.

Title: Home Network Security SimplifiedISBN: 1-58720-163-1 Authors: Jim Doherty, Neil AndersonChapter 2: Tip 2: Secure Your Wireless NetworkPublished by Cisco Press

Reproduced from the book Home Network Security Simplified. Copyright [2006], Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.*Visit Cisco Press for a detailed description and to learn how to purchase this title.

Another article by the same authors: Voice over IP--The Basics