Tips for Wi-Fi Security at Home
Aug 3, 08:40 AM by Jonathan CamenischI just saw this in the SANS Ough security newsletter, and thought it was a pretty good rundown for laypeople.
Many people rush through setting up wireless home networks to get their Internet connectivity working as quickly as possible. While this is understandable, it is also risky because unless properly secured, wireless networks are a security problem waiting to happen. Today’s Wi-Fi networking products don’t always help the situation either. Their security features are complicated and can be time-consuming to set up correctly. You may wish to retain the services of a qualified technician to help you be sure the job gets done right. Here are some tips for how
you can improve the security of your home wireless network. Next month we’ll provide tips for improving Wi-Fi security while on the road.
- Replace that old access point. If your access point is older than 2 or 3 years, it probably doesn’t include the latest security protocols. At a cost of $75 or less, an up-to-date access point is cheap insurance against having your computers broken into. [See point on WPA2 below. if your access point provides WPA2, it’s new enough; don’t replace it. -jc]
- Change the default passwords on your wireless access point. The default passwords are simple, often posted on the manufacturer’s website, and well-known to hackers. Change them immediately, and use strong passwords.
- Use WPA2 security. Older wireless access points offer WEP and WPA security which provide only weak and unreliable security. Verify that your wireless access point supports WPA2 (Wi-Fi Protected Access, version 2). If it does not have WPA2, don’t use it. Get another one that does.
- Change the default SSID. Wireless access points use a network name called the SSID (service set identifier). Manufacturers ship their products with the same SSID. While knowing the SSID does not by itself allow a hacker to break into your network, it is a start. More importantly, operating your access point with the default SSID suggests that security has not been handled well, and that encourages hacking.
- Do not Auto-Connect to open Wi-Fi networks. Connecting to an open Wi-Fi network, such as a free, public wireless hotspot or your neighbor’s wireless access point, exposes your computer to security risks. Most computers have a setting which will allow these connections to happen automatically without notifying you. Make sure auto-connect is shut off.
- Enable the hardware firewall on your wireless access point. If your access point does not have a hardware firewall, don’t use it. Get another one that does.
- Position your access point carefully. It is normal for Wi-Fi signals to leak out through walls of your home. While a small amount of signal leakage is not a problem, the further the signal spills out into the neighborhood, the easier it is for others to pick it up. That is the first step toward someone gaining access to your wireless access point without your permission. Position your access point near the center of your home, rather than near a window or an outside wall.
- Turn off your access point if you aren’t using it. If it’s not turned on, hackers can’t break in. [Confession: I don’t do this. It is a good idea, but I’m too lazy. -jc]
- If you don’t feel confident about the security of your wireless access point, don’t use it. Get advice and answers to your questions from a computer consultant knowledgeable about wireless security. [Feel free to post here if you have particular quesitons. -jc]
More information:
http://arstechnica.com/security/news/2008/04/wireless-security.ars
_______________
Copyright 2009, SANS Institute (http://www.sans.org)
Editorial Board: Bill Wyman, Alan Reichert, Walt Scrivens, Barbara
Rietveld, Alan Paller.
Permission is hereby granted for any person to redistribute this in
whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. We request that redistributions include attribution for the source of the material.
Readers are invited to subscribe for free at
https://www.sans.org/newsletters/ouch
A good alternative to turning off your wireless access point is to turn off SSID broadcast. That way there’ll still be signal, but it’ll be much harder for others to see.
— Matt Field Apr 27, 08:17 PM #