Securing a Wireless Network -- Part III
Here's a third segment of Chapter 2 of Home Network Security Simplified--an easy-to-follow explanation of how to make sure that your home network is secure--why it's important, and amazingly, how
February 12, 2007
<="" b="">
Here is an overview of the steps you'll go through in this section:
Change the router's default password.
Stop advertising your wireless network.
Enable wireless encryption.
Disable ad-hoc networking.
Prevent unintentional roaming.
Change the Router's Default Password
As previously mentioned, routers from the same manufacturers all come with the same password. Although it may be easy to keep it the way it is out of the box, it is well worth the 30 seconds it takes to change it.
Here are the configuration steps that you need to do:
Access the wireless router using your Internet browser.
Click the Setup tab.
Click the change password option.
Stop Advertising Your Wireless Network
By default, wireless routers are set up to broadcast their SSID to make it easy for wireless cards to learn the wireless network without having to know information in advance. Nice feature, bad security practice. Broadcasting the SSID of our wireless home network is entirely unnecessary. So, the first step to securing our network is to shut it off.
Here' s the configuration steps that we need to do:
Access the wireless router using your Internet browser. You should be connected via a wired connection because any change you make could break the connection between the router and the computer if you have only a wireless connection at the time.
Click the Wireless tab.
On the line labeled Wireless SSID Broadcast, checkmark Disable (See Figure 3)
Figure 3. Disabling the SSID BroadcastWhile you are on that screen, change the SSID name to something random (write it down). Remember that you also need to change the name on the wireless set screen of each computer you access this network with.
Click Save Settings. That's it!
Very Important: As a reminder, never use the default SSID that the wireless router is set up with. (For Linksys products this is linksys). If the SSID is not being broadcast but is easily guessed by intruders, your wireless network is still vulnerable. Change the SSID to something else, such as a random series of uppercase letters, lowercase letters, and numbers. Write it down.
Enable Wireless Encryption
Even with reduced visibility to your wireless network,, a more sophisticated eavesdropper still might be able to learn the SSID and try to obtain access, so you need more security. The next step to securing the wireless network is to turn on encryption. Again, by default, encryption is disabled in wireless router products out of the box. To turn on encryption, we make up a secret key (see the previous section on encryption) that is known only by the wireless router and the wireless NICs in our wireless network (NIC stands for network interface card, which is the wireless-enabled card in your computer that allows connection to a wireless router). To communicate, this secret key must be known; otherwise the conversation is unintelligible.
In general, both the wireless router and all wireless cards in your network have to be running the same encryption method. However, depending on the age of the wireless product, they may not support all options listed in Table 1. The key then is to examine what each device (including the router) supports and use the highest level of encryption that all of them can handle. Meaning, start at the top of the table, if all your devices support WPA2, use it. If even one of the devices you plan to network doe not, you either need to replace it with one that does or go down in the table (for example, WPA or 128-bit WEP).
Very Important: Keep in mind that even 128-bit WEP is pretty good and will defeat "curious neighbors," but it will not keep a real hacker out. WPA2 is approaching the level of wireless network security that large corporations rely on. So, although you do not need to be overly alarmed if your network "only" supports 128-bit WEP, you should consider upgrading to products that support WPA, or better yet WPA2.
After you choose your method of encryption, you need to implement it on the wireless router and all wireless cards in your network. Each device must be "told" what the super-secret key is to be able to join the conversation.
Enabling WEP Encryption on the Wireless Router
First, let's take an example of implementing 128-bit WEP encryption. We will pick a passphrase of 64Gx3prY19fk2. Now, let's program the wireless router to use this WEP key:Very Important: It is good practice to always make any modifications to the setting son your wireless router from a computer that has a wired connection, not a wireless connection. This is especially true when changing the wireless settings, such as WEP encryption. If you make a mistake (a typo for example on the passphrase), you will be unable to reconnect your computers to the router, thus cutting off the limb you are standing on.
As we have done several times, access the wireless router using your Internet browser. Click the Wireless tab.
Click the Wireless Security subtab (See Figure 4). On the line labeled Security Mode, select WEP.
Figure 4. Select WEP as Your Security ModeOn the line labeled WEP Encryption, select 128 bits. On the line labeled Passphrase, enter the passphrase you made up. In our example, we chose 64Gx3prY19fk2 (See Figure 5). Click Generate. This translates the passphrase into the actual key to be used. Do not forget to write down the passphrase.
Figure 5. Generate the WEP KeyClick Save Settings.
Immediately after you click Save Settings, any computers that were connected with a wireless card to the wireless router will lose connectivity. This is normal because you have just changed the way they are supposed to communicate with the wireless router, but you have not told them the super-secret password to use yet.
Very Important: You may notice four keys are listed after you generate the WEP key. In general you can choose any of the four keys, but most often you can just pick key number one. The other three keys are just alternate keys that you can use if you want to keep the same passphrase but change the actual key. Keep in mind that if you choose a key other than number one, write it down because this is the key you will also need to enter in all the wireless NICS.
Next: Enabling WEP Encryption on the Wireless NIC
About the Authors
Jim Doherty is the director of marketing and programs with Symbol Technologies' industry solutions group. Before Symbol, Jim worked at Cisco Systems, where he led various marketing campaigns for IP telephony and routing switching solutions. Jim holds a B.S. degree in electrical engineering from N.C. State University and an M.B.A. from Duke University.
Neil Anderson is a senior manager in enterprise systems engineering at Cisco Systems and is currently responsible for large corporate customers in the areas of routing and switching, wireless, security, and IP communications. Neil holds a bachelor's degree in computer science.
To contact either author, please email: [email protected] and use Home Network Security Simplified/post question as the subject line.
Title: Home Network Security SimplifiedISBN: 1-58720-163-1 Authors: Jim Doherty, Neil AndersonChapter 2: Tip 2: Secure Your Wireless NetworkPublished by Cisco Press
Reproduced from the book Home Network Security Simplified. Copyright [2006], Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.
*Visit Cisco Press for a detailed description and to learn how to purchase this title.Another article by the same authors: Voice over IP--The Basics
Read more about:
2007You May Also Like