Wireless - How To Protect Yourself
This security list assumes that your wireless network is already set up and needs to be secured. The types of encryption listed here also have several sub-types that you may be able to use depending on what type of network you are securing. I have listed only the basic types as they will work in most wireless home networks.
- Determine what kind of encryption and authentication that your wireless device(s), access point and software can use. If it is WEP only, then an upgrade of the firmware for your adapter, may allow you to use the much more secure WPA. WPA provides more security features for your network. If you can afford to replace all hardware, eg the access point, wireless network adapter, router or hub, with ones that will support the latest encryption standards, then doing so would be a wise choice.
Use WPA with a pre-shared Keys, called WPA-PSK for the most secure encryption on a home network.
- Make sure if you can only use WEP for security, that you choose 128 bit encryption rather than 40 bit encryption, both on your router and for your network card. This setting is chosen during setup of WEP.
- Choose an alphanumeric (1-9,A-Z) or hexadecimal (1-9, A-F) string of at least 20 characters to use as your Network Key. Make sure it is not a familiar name that could be guessed such as "p@ssw0rd".
- Make certain that your router has a long alphanumeric password that is different from the Network Key.
- Change your Network Key frequently if your WEP setup doesn’t do it automatically. Please remember all devices on your network must share the same Network Key so you will have to change the Key on every device on the network. WPA changes the Network Key automatically and frequently.
- Each network card whether wired or wireless will have a MAC address (physical address), which identifies the card. MAC address filtering can be used to limit the devices that can connect to your PC and/or your network. You can determine the MAC address of each device and enter them in the router’s settings. This will prevent any other MAC address from connecting to your network. However, hackers have tools to find and change the MAC addresses so they can log on to your network, so setting the MAC address filter is not 100% secure.
- Each wireless network adapter and router comes with a Network Name called an SSID. For example the LinkSys routers Network Name (SSID) is "LinkSys". Always change these as the default names are well known. This provides a minimal increase in security unless you turn off broadcast of the name, because the SSID is included in the header of all data being exchanged by your network.
- Turn off DHCP in the Network settings, and assign an IP address range to every device on the network using the Private IP address ranges. Private IP rangers are 10.0.0.0 - 10.255.255.255;172.16.0.0 - 220.127.116.11; 192.168.0.0 - 192.168.255.255, then assign a specific IP address within the range you choose (or the router chooses), to each device on the network. When choosing an IP range make sure the range is limited to the number of devices in the network. For Example if you have 2 laptops, a desktop computer and a router, you might choose the range 192.168.0.0 to 192.168.0.4. In this way it leaves no open IP addresses for a hacker to use.
- Remove any unrecognized networks from the list of "Preferred Networks"
- Turn off the setting for "connect automatically to non-preferred networks". This will prevent your PC from making automatic unwanted connections to any network or PC with a signal in your area.
- Change the name of the Administrator account to something else, if you are able. This is to prevent access to your computer using the built-in Administrator account that everyone has on their Windows PC.
- Change the default Administrator password to a long alphanumeric string, because the default passwords are well known by hackers.
- Disable remote access to your PC or network if you do not need it.
- Use Remote Desktop (if using XP sp2) to connect to a computer at home, when away.
- Disable Simple File Sharing in Folder Options > View Tab, unless you need it.
- Disable Microsoft File and Printer Sharing in the properties of the wireless Network connection if you don’t need it.
- Enable "Virtual Private Networking" in Windows for secure transactions and to connect to a business network. VPN acts like a tunnel for your communications, protecting them from anyone trying to eavesdrop. However, VPN does slow performance so you may not want to use it all the time.
- Always use secure websites that use SSL encryption for any private transactions
- Configure Outlook Express to use SSL security for all email both sending and receiving.
- If you use the Windows Firewall in XP sp2, make sure there is nothing checked on the ‘exceptions’ tab.
- Position your router or access point in the middle of your house away from windows. This will minimize the distance that you’re your devices have a strong signal outside of your home, and within your neighbourhood. A small adjustment that with all other settings can increase your security.
- If using a public network such as a library, be aware that the data you exchange with them is not encrypted so your security needs to be at it’s highest while connected to them.
- Sometimes when only WEP is available with your wireless network adapter, you will find that a wireless gaming adapter supports WPA and you can use it instead.
- Minimize the amount of important information you keep on a wireless laptop, such as banking account numbers, passwords or credit card numbers.
- Turn off the router when you are not using the wireless devices. Doing this will minimize the amount of time when anyone can get into your network when you are not using it.