Most WLAN hardware has gotten easy enough to set up that many users simply plug it in and start using the network without giving much thought to security. Nevertheless, taking a few extra minutes to configure the security features of your wireless router or access point is time well spent. Here are some of the things you can do to protect your wireless network:
1. Enable WEP (Wired Equivalent Privacy). This provides some basic encryption of packets between your wireless network cards and your Access Point. It is intended to also block connection by other computers which don't have the matching encryption key, however it is not particularly difficult to monitor a connection and learn the key. However it's far better than having no WEP at all.
2. WPA (Wi-Fi Protected Access) is a stronger (and newer) encryption method. To enable WPA you'll need an Access Point, wireless network cards, and operating systems which all have WPA support. If WPA is available, use it. Otherwise use WEP.
3. MAC address filtering. Each Ethernet device has a unique numeric hardware address called the MAC address (Media Access Control Address). This can be used to only allow known computers to connect to your Access Point. Enable Mac Address Filtering in your Access Point, then one by one ad permission for connection by each of your computers.
4. Change the SSID from the default. SSID (service set identifier) is sometimes called the "network name" for a wireless network. Typically Access Points are shipped with a SSID that's easy to guess, such as "default" or the name of the maker of the Access Point. Choose a SSID that's not easy to guess - not your last name, company name, pet name, etc.
5. Turn off SSID broadcast on the Access Point. Typically an Access Point broadcasts its SSID. This makes it easy to find available access points and connect to them. After turning off SSID broadcast on the Access Point you'll have to manually enter the desired SSID on each wireless network adaptor.
6. Turn off the DHCP server on your router. Then manually allocate the IP address for your router and for each computer on the network, Turning off DHCP means that any computer that has got past the previous steps won't automatically discover a compatible IP address.
7. Restrict the range of available IP addresses that your router will allow to connect. If you have manually set IP addresses on all your computers they should be in a small range of addresses. Only allow those few computers to connect.
8. Set up a software firewall (such as Zone Alarm) on each computer. Configure it to only allow connections from computers within the restricted range of IP addresses used by your computers.
9. Enable logs on your router. Depending on the router these may log outgoing connections, and/or incoming traffic, and/or attacks and/or more. Check your logs daily - this is the alarm that will detect unexpected activity.
10. Consider using user ID and password protection on any shared drives and folders on your systems. That way, even if someone intrudes into your network it will be harder for them to read or corrupt your files, or do other damage
No comments:
Post a Comment