Monday, August 04, 2008

How to secure wireless network

I'm mainly writing down the point to secure a "HOME" wireless network.

1. Change SSID
Many -- almost all -- wireless router comes with default SSID (service set Identifier) - kind of unique in itself. Something like linksys router uses "linksys" as default SSID. So if you are using a default SSID that gives more information about your wireless network. Its something like broadcasting "Hey I am a wireless router and you can connect to me. And yeah by the way, I am linksys router". Though that may not be much, but it give information to a potentiality hacker to know which router you are using and may be narrow down to one which he should try to hack or use -- may be get on net and know what are possible attack on that and try them.

Better set SSID to some random junk characters. Copy the SSID and save for later use.

This may not be much security, but its good not to offer low hanging fruits -- encouraging someone to actually get them.

2. Hide SSID
So the other people can't see it. Hide SSID by disabling SSID broadcast. So they will not see your network and not try to connect to them.

3. Change router's password
Again most router are shipped with default password. For example linksys router has the default password as admin. And its very easy to get default password for these boxes. Just google for "default password" and find the vendor and model. So if you have default password, someone can logoin to your router and change configuration, may be stealing all the bandwidth or do much more than that.

4. Disable remote administration
By disabling remote administration, actually you are saying "No can can change my router without connecting to wireless router through a wire." That's pretty cool. So no one out there can change your wireless router stuffs. That's a very much important.

5. Carefully upgrade firmware
Upgrade firmware if you really need to. Check the change log and find out if there is really some critical upgrade that you should install in. Secondly never upgrade the firmware on wireless, always connect physically to router and upgrade firmware.

6. Enable encryption
Most important point and a must. Enable encryption on your router so that no one can actually sniff the packet and know what you are doing or be man in middle. And it would be good to use a intelligent password - like mix of upper case and lower case, alpha numeric, numbers and large string so that its practically impossible -- or at least hard enough - to break it. May be use some kind of random key generator to do that. (and save the password somewhere safe and secure)

That will do a lot to make your network secure. There are even other stuff like "MAC Address filtering" but that may not be of much use cause mac address is actually sent as part of IP packet. so ...... anyway do that if you wish so.