Five easy steps to secure your WLAN
Wireless connections are more and more popular everyday.
Wireless Home Network makes the work and home entertaiment easier, yet also enables unauthorised access to your private network.
Some people don’t mind someone else using their own net, some even think about it in the terms of hospitality, like giving the water to the traveller, they give the free internet access to everybody.
Unfortunately there a lot of people that want to use the internet for bad purposes, and the automated scripts you can find browsing the net make the wireless hijacking possible even to unskilled person.
In this article I want to show some basic ways how to make your WLAN more secure.
They are sometimes very obvious, suprisingly many of people still don’t take even these basic steps.
The typical net I reffer here is AP router connected to Internet provider, and some laptops/Pcs with wireless card receiving the signal within the house, yet these advices are useful in any configuration.
Here are the basic steps to secure WLAN :
1. Switch off the router while not using
2. Lower the transmission signal to minimum
3. Disable broadcasting the name of your AP
4. Enable WEP (WAP) encrypting
5. Turn on MAC-filtering
1. Switch off the router while not using
I know that this advice sounds a bit ridiculous, yet during my wandering around I have seen
plenty of working AP stations with noone using it like on night, for example.
( I usually DO NOT hang around outside peoples houses during the night, I just leave in a big city,
where even looking out the window you will receive many of AP broadcast signals. )
When you finish your work in the office, or when you leave home for weekend, switch the power off your rourter. At least you can ‘unplug’ the internet connection from your AP, but it is better to turn it off completely. Even, when there is no internet connection, the hacker can connect with your router, get into AP settings, and get neccessary information to use it in the future.
2. Lower the transmission signal to minimum
I think that now everybody has read about noughty person that seats in the car parked on the road near your house and downloads the bad pictures to his laptop using unauthorised access to your WLAN. But the solution to prevent this scenario is often very simple.
If you don’t want the poeple from outside to use your internet, don’t send the signal outside the house.
Usually the new routers have the default transmission power set to maximum, to make sure that the signal is received properly.
Now the range of the new router easily eccess 100 meters, but quite often you only need the wireless to connect to the next room that is no more than 10 meters from AP.
So if you don’t need to send the signal outside you house:
1.Choose the farthest position from your rourter in which you will use your laptop.
2.Connect to your AP.
3.In routers settings try to lower the transmission signal to the point in which you still get proper connection.
There are good chances that with half of your AP transmission power you can use your internet inside your flat, while noughty person from outside will not have high enough
broadcasted signal to connect to.
3. Disable broadcasting the name of your AP
Again you have that option in settings of most of the newer routers.
You have to check if after disabling the computer card has no problems with connecting to your AP, as sometimes older model cannot find the AP if no name is broadcasted.
This will at least prevent the accidental user from connecting to your net.
Windows wireless settings use so called ‘zero-config’ configuration.
When you switch on wireless connection on you laptop (or when you start Windows )
the wireless card tries to connect with the AP’s that names has in computer memory,
but if there are no known names, the card tries to connect with any AP that is in the range
starting from the AP the with strongest signal.
But if laptop cannot see the name of your AP it cannot automatically connect to it.
The ‘bad boy’ still can connect to your net , but you’ve made it a bit harder to do it.
4. Enable WEP (WAP) encrypting
Many has been said that WEP encryption is already dead, and true is that skilled person can break the encryption within minutes but it is still better than nothing.
But if you use ( any ) encryption :
a)people cannot get connected to your net by accident, the have to know the key, thus they have to break deliberately to your AP to be able to use internet.
b)if the ‘bad boy’ se you AP protected he would leave your web and go into unprotected one as an easier target
If you have possibility use WAP or WAP2 encryption, just make sure that your receiving card works with this king of encryption.
WAP encryption is breakable, but in most of the cases it needs the waste computing power, time and effort noone would invest to break our LAN.
(That is for the end of year 2008, with the rapid progress, you can expect it to be broken within few years).
5. Turn on MAC-filtering
Every piece of hardware used in network has its own unique number known as MAC.
So when your wireless card communicate with router it is recognised by that unique number.
Each card then connects to the Access Point has to produce the MAC number to which the signal will be send.
In the AP settings you can set the permission to access only for your card’s MAC, and if someone else tries to connect to AP its number is rejected ( filtered ).
There are some ways to change the MAC number of the wireless card, so this isn’t the secure way, however one of the best methods of prevention.
So these were the basic ways of securing the wireless connections, they don’t make in unbreakable though, but at least harder to get into.