Top 10 tips for Wireless Home Security

A wireless home network brings many benefits – all the family can access the Internet simultaneously, you can use a laptop anywhere within the radius of the wireless network, freeing you from physical constraints, you don’t have to string Cat-5 cabling throughout your house (no holes in the wall either!) – but a wi-fi network also brings it’s own set of security problems. The following recommendations itemise the steps which should be taken to improve your wi-fi network’s security.

1. Put the access point in a central position

Wi-Fi signals radiate from the router or access point, so positioning the access device as centrally as possible achieves two objectives. Firstly it ensures that the wi-fi signal will reach all areas in your house, and secondly it will minimize the amount of signal leakage beyond your property. This is important to minimize the chance of drive-by access to your system. If your signal can be accessed by someone in the street, it may be detected and exploited by unscrupulous people, and if your network security is not sufficient, they may even be able to access your confidential information.

2. Enable an Encryption Scheme for devices on your network

All Wi-Fi equipment supports some form of encryption which makes messages sent over a wireless network less likely to be read by an external entity. Available encryption schemes vary, with WEP being the weakest (and oldest) and WPA -  and now WPA2 -  being stronger and better. You can’t mix and match, though, as all wi-fi devices on your network must use the same encryption scheme. WEP may be not as good as the WPA settings, but remember that it’s far better than no encryption at all.

3. Choose new default Usernames and Administrator Passwords

An Access Point or Router is the heart of a home wi-fi network. These come from the factory with default administrator usernames and passwords. Manufacturers set both the account username and password at the factory. The admin account allows a user to enter network addresses and account information. The username is often simply the word admin or administrator. The password is typically blank or consists of the words "admin", "public" or "password". Hackers are well aware of these defaults and if you don’t change them, there is a grave danger of leaving your network open to access by a baddie. As soon as you set up your access point or router, change the admin username and password and it’s a good idea to change them on a regular basis, say every 30 to 60 days.

4. Change the default SSID name

Manufacturers of wi-fi access points and routers normally ship their products with a default network name (the SSID). SSID stands for Service Set Identifier, which is a 32-character sequence that uniquely identifies a wireless LAN. In other words, the SSID is the name of the wireless network. In order for a wireless device to connect to a wireless network it must know the SSID of the wireless network in question. If you plug your wireless router or access point in and leave the default SSID, it won't take long for an attacker to determine what the SSID is. As soon as you configure your access point or router, change the SSID to a unique name that will be difficult to guess.

5. Disable SSID Broadcasting

SSID broadcasting by your access point or router occurs every few seconds and is intended to allow users to find, identify and connect to wi-fi networks. If you have a wireless device, this feature allows you to discover which networks are within range, and what their names are. It’s the first step to connecting to a wi-fi network. This feature is not necessary in a home network, however, and is undesirable since it allows external entities to discover your network’s SSID. It is strongly advised that home network users disable this feature in order to improve the security of your wi-fi network.

6. Enable MAC Address filtering

The functionality known as Media Access Control (MAC) address filtering uses a computer's physical hardware. Each computer has its own unique MAC address. MAC address filtering allows the network administrator to enter a list of MAC addresses that are allowed to communicate on the network. It also allows the network administrator to deny access to any MAC address not specifically allowed onto the network. This method is very secure, but if you buy a new computer or if visitors to your home want to use your network, you'll need to add the new machine’s MAC address to the list of approved addresses.

7. Assign Static IP Addresses to Devices

Static IP address assignment (sometimes also called fixed addressing) is an alternative to dynamic addressing (called DHCP) on Internet Protocol networks. Dynamic Host Configuration Protocol (DHCP) is an Internet protocol for automating the configuration of computers that use TCP/IP. DHCP can be used to automatically assign IP addresses to devices connected to your wi-fi network.. Dynamic addressing is convenient. It also allows mobile computers to more easily move between different networks. Unfortunately, this can work to the advantage of hackers, who can get valid IP addresses from your network’s DHCP pool. To avoid this possibility, turn off DHCP on your access point or router and assign a fixed IP address to each device on the network.

8. Enable hardware and software Firewalls on your network

Most routers these days contain built-in hardware firewall capabilities, but it’s also recommended that each computer (PC or laptop) connected to your wi-fi network should have its own personal software firewall installed. A software firewall will protect your computer from intrusion by scanning incoming messages and blocking suspicious traffic from entering your system. It will also prevent unauthorized outgoing messages which may prevent Trojans on your system from sending your valuable information to a hacker.

9. Disable automatic connection to open Wi-Fi networks

If your wi-fi enabled device detects an open (i.e. unsecured) wi-fi network, such as a free wireless hotspot or even a neighbors unsecured network, it may connect automatically without informing you. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called "Automatically connect to non-preferred networks." Once connected, you could be exposing your system to a security risk. Disable all automatic connections, or at least only allow connection once you have been informed and have approved the connection.

10. Shut down your network when you’re not using it

If your wi-fi network isn’t turned on, hackers can’t get to it. This is possibly the very best way to avoid security problems. Of course, if it’s turned off, you can’t use it either… However, consider turning off your wireless system during periods of non-use, such as vacations, if you are away from home on business, or any other periods when you know you won’t be using it.