Some Wireless Security Basics

Wireless networking makes it easy to share Internet access and data but of course you don't want to share your information with everybody. Because your information is traveling through the airwaves and not physical wires, anybody within range can "listen in". Here are the four essential security measures you should take to secure your wireless network.

(1) Change the default SSID.

Your wireless devices have a default SSID set at the factory. The SSID is the name of your wireless network and it can be anything you want. For example, Linksys wireless products use linksys as the default SSID. Hackers know these defaults and will try them in an effort to join your network. Change the network's SSID to something unique and make sure it doesn't relate to the networking products you use. As an added precaution, be sure to change the SSID on a regular basis so any hacker who may have figured out your network's SSID in the past will have to figure out the SSID again and again. This will deter future intrusion attempts.

(2) Disable the SSID broadcast option.

By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network. Hackers will also be able to connect so unless you're running a public hotspot, disable the SSID broadcast.

(3) Change the default password needed to access a wireless device.

Wireless products such as access points and routers ask for passwords when you want to change their settings. These devices have default passwords set at the factory. For example the Linksys default password is admin. Hackers know these defaults and will try them to access your wireless device and change your network settings. To stop any unauthorized modifications, change the device's password to something hard to guess.

(4) Enable MAC (Media Access Code) address filtering.

This has absolutely nothing to do with Apple computers. Instead, the MAC address is a unique series of numbers and letters assigned to every networking device in IEEE^® 802 software. If your wireless products such as access points and routers offer it, enable MAC address filtering. Once the MAC address filtering is enabled, wireless network access is provided solely for wireless devices with specific MAC addresses. This makes it harder for a hacker to access your network using a random MAC address.

Wi-Fi Protected Access ^TM (WPA and WPA2)

If you are going to buy a wireless router, make sure that it comes with and that you enable and update the Wi-Fi^TM Protected Access (WPA or WPA2) security standard (firmware) in it so that your neighbors and more importantly war drivers or mobile hackers do not have access to your Internet connection and your computer system. Just look for the WPA or WPA2 logo on the box. The security and peace of mind are well worth the extra cost.

WPA and WPA2 are the high security standards for wireless networking and they are forward compatible with the Wi-Fi IEEE 802.11i security standard. WPA2 provides even stronger encryption than WPA, and it is backward-compatible with WPA so there is no reason not to buy it.

So what's so great about WPA you wonder? Well, for a start, it keeps unwanted users out by checking for the proper permission and password before allowing network access. Moreover, WPA offers up to 256-bit encryption keys, which are significantly harder to decode than the older and unsafe Wired Equivalent Privacy (WEP) standard which uses 64 bit or 128 bit encryption keys. Another important feature is the dynamic nature of the WPA encryption key. It will automatically change as often as you want it to and a good example of this is the Linksys default interval of 50 minutes. This means that by the time the hacker has tried to figure out (decode) the WPA encryption key by eavesdropping on your network traffic, your network has already switched to a newer WPA encryption key. The nature of the WEP key on the other hand is static. Finally, WPA Wireless Routers are used both at home and in the office and thus there are two modes of operation:

The mode most suitable for home use is called the WPA Personal Mode, but it is also known as the Pre-Shared Key Mode (WPA-PSK). It is very easy to use and one just has to select this mode and enter the same password on every network device to activate WPA security.

The corporate mode is called the WPA-Enterprise Mode or the WPA-RADIUS (Remote Authentication Dial-In User Service) Mode. This mode requires each device be authorized according to a master list held in a special authentication server usually called a RADIUS Server.

Upgrading to WPA

If you already own a 802.11a-g Wired Equivalent Privacy (WEP or WEP+) router it may be possible to upgrade your wireless local area network to WPA and there are two very important items that you need to first verify.

(1) Check with your wireless router manufacturer to see if your particular router has free WPA support.
(2) Check with your wireless network card manufacturers to see if there are free WPA drivers available.

Firmware Updating for the Network Cards and Router

If you have to download the upgrades for your router and network cards, we recommend that you download all before upgrading anything and store the files where you can easily find them again. You must also get the exact information on to how to install and configure the upgrades for all the devices. If the instructions look a little more complicated than you are comfortable with, print out the instructions and take the computer, printed instructions and router to a service technician. Likewise write down the addresses where the upgrade files are stored, the file names, what each upgrade file is for. the WPA supplicant software on your operating system.

Wired Equivalent Privacy Is NOT Safe (WEP and WEP+)

If your present wireless router and wireless network cards use the Wired Equivalent Privacy (WEP) software (firmware) known as the IEEE^® 802.11a-g standard or the modified "WEP-Plus" security protocols, please be aware that these security protocols are not secure. They have well known flaws in them and they can be easily breached by any dedicated hacker or mobile hacker (war driver) in one minute. You must upgrade to WPA or WPA2 before anything else. A war drivers is a person who drives around in cities or towns, usually in the evening, looking for open Wi-Fi connections to the Internet. Their software and equipment of choice is from Netstumbler or Cain & Abel and a full Wi-Fi IEEE 802.11b kit for a laptop is only $150.00. If they already have a wireless network card in their laptop computer then all they need is the Netstumbler or Cain & Abel software, both of which are free. That is how easy it is to get at unprotected computers.

A few years back, a "war driver" was caught, nude from the waist down, performing illegal Internet activity one very early morning in front of someone's home in a west Toronto suburb. He was using their open wireless Internet connection for this activity and he actually lived 250 miles away. Don't let this happen to you because you will be charged if illegal Internet activity is traced to your Internet account. To learn more about how an Internet account is traced, press the information window titled What Internet Servers Learn About You once you close this window.

WPA with 802.11n is now the IEEE Wi-Fi Protected Access Standard

The highlight of the new WPA standard is the speed which is based on "Multiple-Input Multiple-Output (MIMO) Technology", sometimes referred to as "Smart Antenna Systems". The comparison of the Over-the-Air (OTA) estimated wireless speeds is:

    IEEE WLAN Standard 802.11a      54 Mbps
    IEEE WLAN Standard 802.11b      11 Mbps
    IEEE WLAN Standard 802.11g      54 Mbps
    IEEE WLAN Standard 802.11n    200+ Mbps (Some manufacturers claim that their 802.11n wireless routers are nine times faster than their older 802.11g models.)