High Speed Internet and wireless go together like toast and jam. Wireless extends the Internet’s reach, providing convenient access throughout your home without the muss and fuss of cables. But without wireless network security, wireless can reach a bit too far, compromising your privacy and exposing your home network to intruders. In this article, we describe five quick and easy steps that you can take to safeguard your home wireless network.
1. Configure a unique network name
Wi-Fi networks are given names so users can find and connect to them. Technically, that name is called a Service Set Identifier (SSID). Every wireless router has a factory default SSID — Linksys routers use “linksys,” while Netgear uses “Wireless.” When you install your router, change that default to a value that you will recognize as your own.
Why? Suppose you and your neighbors get a deal on Linksys routers. By default, all of those networks will be named “linksys.” Whenever your laptop connects to “linksys,” it could well connect to a neighbor’s router. Giving your network its own unique name lets you connect to your own network, avoiding accidental connections to others nearby.
Pick an SSID that doesn’t disclose anything about you. Don’t use a password or surname, because your router will announce its SSID to everyone within a few hundred yards, and you cannot completely hide that value. So, just set your router’s SSID to any unique string of letters and numbers that you will remember later. Figure 1 illustrates setting a Linksys WAP54G to use “MyHomeNetwork” — your own router may look a bit different.
Figure 1. Wireless Configuration on a Linksys WAP54G
2. Turn on Wi-Fi Protected Access
Next, enable your router’s wireless network security, choosing the strongest mode supported by your router and all of the laptops and desktops and peripherals you want to connect to it. In home networks, that is usually Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK).
WPA scrambles all messages sent to and from users connected to your router. Without WPA, those messages could be overhead by anyone nearby — family, neighbors, or someone driving past your home. WPA protects your privacy. It also stops outsiders from replaying your messages at a later time — for example, trying to break into your online accounts or sending bogus email messages in your name.
Turning on protected access is the most important step you can take to defend your wireless network. It’s also the most complicated — but not so complicated that you should skip it. Start by examining wireless security settings for every device in your home network, looking for the following terms: WEP, WPA and/or TKIP, WPA2 and/or AES.
- If every device supports WPA2, set router mode to WPA2-PSK and AES encryption. You will also be asked for a password or pre-shared key (see below).
- Alternatively, if every device supports at least WPA (an early version that’s nearly as good), set router mode to WPA-PSK and TKIP encryption as shown in Figure 1. Here again, you must enter a password or pre-shared key (see below).
- Otherwise, if every device supports at least WEP (a weak mode used by very old systems), set router mode to WEP (sometimes called 128-bit WEP). Follow your router’s instructions to configure 4 WEP keys — cryptic-looking hexadecimal strings that you must also configure into your laptops and desktops.
WEP is better than nothing, but it is easily bypassed. Consider upgrading any old wireless gear that has only WEP or no security at all. All new home Wi-Fi devices now support WPA-PSK or WPA2-PSK. Visit www.wi-fi.org to search for “WPA-Personal” or “WPA2-Personal” certified products or look for those markings on product packaging, which helps with wireless network security.
3. Choose a wireless password
In Step 2, you may have spotted other security modes, like WPA-Enterprise, WPA RADIUS, or WPA 802.1X. Those modes are used by businesses where everyone has his or her own login and password that is checked by a network authentication server. For simplicity’s sake, most home networks just use Pre-Shared Keys (PSKs).
PSK is a fancy term for a password that is shared by everyone that is allowed to use your wireless network. A good PSK stops an outsider who doesn’t know the password from stealing Internet access without your permission. But, just like any password, it is critical to share your router’s PSK only with those you trust, and to choose a PSK that will be hard for others to guess.
For best results, make up a phrase that contains at least 20 letters and numbers, such as “W0nderBugs49Voo123D00.” Avoid using your spouse, child, or pet’s name or a word found in the dictionary. Capitalization counts; do not use spaces. Configure that PSK into your router and give it to those who deserve to use your network. If you ever want to rescind access, you will need to choose a new PSK and repeat this step.
4. Set up each wireless user
Once these security settings have been configured into your wireless router, it’s time to whip those wireless laptops and desktops and peripherals into shape. To access your secure network, each user’s wireless connection must now match your router’s settings.
Figure 2 shows how to connect to a wireless network from a PC using Windows XP. On devices that run Vista or MacOS or another connection manager such as Cisco Aironet, the connection interface will look different, but you will be prompted for similar values.
Whenever you enable a wireless connection in XP, a list of nearby networks is displayed. Simply choose your network’s SSID from the list of available networks and enter your router’s password (WPA or WPA2 PSK) when prompted. Thereafter, Windows automatically tries to connect whenever that named network is within range.
Figure 2. Connecting to Wireless using Windows XP
Settings can also be viewed or changed using the wireless connection’s Properties panel. As shown in Figure 3, open the Properties panel and choose the Wireless Networks tab. There you will see a prioritized list of networks used by this PC in the past. To reach the settings for each network, highlight the SSID and click on the Properties button. For example, if you ever change your router’s PSK, use this panel to update the wireless connection’s “network key” (yet another Windows synonym for “PSK”).
Figure 3. Wireless Connection Settings in Windows XP
Sometimes, Windows XP can be a bit too friendly, letting your PC connect to devices beyond those you intended. To avoid this, click the “Advanced” button shown above. Clear the “Automatically connect to non-preferred networks” box and check the “Access point (infrastructure) networks only” button. Unless you intend to share files or printers with wireless users, clear the “Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks” boxes. It is also a good idea to enable the Windows Firewall (found on the Advanced tab). Such extra steps aren’t required to reach your own router, but they can help protect your PC from wireless network security hackers.
5. Keep an eye on your network
After security settings are configured into every device, network setup is complete. Users can access your Internet connection over wireless without worrying about privacy, while you can feel comfortable that outsiders aren’t using your wireless network.
But security is a job that’s never really done. It’s smart to monitor wireless use to detect and avoid unpleasant surprises. For example, after the first power outage, check your router to verify that settings have not reverted to factory defaults. Whenever you add devices or upgrade software, recheck security settings. Periodically eyeball your router’s log to see which wireless devices have tried to connect. Finally, if you’re a techie who likes to get your hands dirty, consider running a simple wireless monitoring program such as AirSnare that can alert you to unexpected network activity.
Wizards and other shortcuts
The five easy steps outlined here can be used to ensure wireless network security, including those networks containing a mixture of devices from a variety of vendors. But, depending on the products that you use, there are some shortcuts.
If every user in your network runs Windows XP, try Microsoft’s Wireless Network Setup Wizard, launched from the View Available Wireless Networks window. Shown in Figure 4, that wizard helps you choose security settings, including a long PSK that resists password guessing. It writes a configuration file to a USB stick that gets inserted into every user’s PC to configure matching wireless connections. However, unless you use a Microsoft wireless router, you must still configure at least that device manually.
Figure 4. Microsoft Wireless Network Setup Wizard
Several other wireless manufacturers have created their own setup wizards with names like SecureEZSetup and JumpStart. Such wizards often require using wireless gear manufactured by a single company. Check your router’s documentation to determine whether a secure network setup wizard is available for your products.
Despite security improvements, studies show that many home networks still operate without security. To help change that, the Wi-Fi Alliance recently published a Wi-Fi Protected Setup (WPS) specification. By late 2007, you will be able to buy and install new devices that ask you to enter an eight-digit PIN or push a button. Security settings will then be obtained from your router without further user interaction. WPS will be particularly handy for wireless devices that do not have computer screens and keyboards, like wireless-enabled cameras, phones, printers, and media players.