|
Just as you need to
update your operating system and programs you also need to up date your
access point and your network adapter to deal with security vulnerabilities.
Updated firmware and drivers often includes security bug fixes and sometimes
adds new security features.
·
Change The
Default Administrator Password.
To improve the security of your
wireless network, you should change the administrative password on your
wireless access point as soon as possible. The default passwords for popular
models of wireless network devices are well known to hackers and often posted
on the Internet.
·
Enable
Encryption.
Encryption is used to improve the
security of the wireless connection by encrypting the data and also
authenticating the client.
The different types of encryption are WEP (Wired Equivalent Privacy), WPA
(Wi-Fi Protected Access), and WPA2.The best type of encryption is WPA2
followed by WPA then WEP. The best key length is 256 followed by 128 then 64.
·
Change The
Default SSID .
To improve the security of your
wireless network, change the SSID (Service Set Identifier) to a different
name than the default.
Changing the SSID will not prevent someone from hacking your network but when
a hacker finds a default SSID, they see it as a poorly configured network and
are much more likely to attack it.
The SSID is a sequence of case sensitive alphanumeric characters (letters or
numbers) having a maximum length of 32 characters.
·
Disable
SSID Broadcast (Beacon).
In wireless networking, the access
point typically broadcasts the SSID over the air at regular intervals. Once
your wireless clients have manually configured a profile for the access point
you should disable SSID broadcast.
Disabling SSID broadcasts decreases the likelihood that a hacker will try to
log in to your network, as more likely the hacker will bypass your network
seeking easier targets elsewhere.
·
Enable MAC
Address Filtering.
Every network adapter possesses a
unique identifier called the Physical Address or MAC Address.
·
To set up MAC
address filtering, you as the network administrator must configure a list of
clients (based on the MAC Address) that will be allowed to connect to your
network.
·
Once enabled,
whenever the access point receives a request to connect to your network, it
compares the MAC address of that client against the administrator's list.
Clients on the list are able to connect to the network as normal; clients not
on the list are denied any access to the network.
·
Enable IP
Address Filtering.
Some access points allow you to
filter IP addresses the same way as in MAC filtering.
Clients on the list
are able to connect to the network as normal; clients not on the list are
denied any access to the network.
·
Disable
DHCP.
DHCP automatically assigns all
clients (Including hackers) on the network an IP address. Disabling DHCP
makes it harder for hackers to access your network.
When you disable DHCP on your access point you need to configure all your
clients with static IP addresses.
·
Replacing
the Access Point Antenna.
An access point normally contains
an omni directional antenna that radiates signal equally well in all
directions.
Omni directional antennas are more likely to bleed signal outside the house
into neighboring areas where the signal can be accessed by hackers.
Directional antennas allows the signal to be aimed towards the area of the
house where wireless devices are located reducing the chances that a hacker
might pick up the signal. If possible lower the transmit power on the access
point.
·
Disable
File and Printer Sharing.
If you must share files or folders
do not share the entire hard drive but only share what you need to share and
password protect everything with strong passwords.
Use NetBEUI as the protocol for file and Printer sharing.
·
Turn
Off the Access Point When Not In Use.
The best security measure, shutting
down the access point will prevent hackers from accessing your wireless
network.
|