Wireless Networks are by their very nature not secure. When you setup your home/small business wireless network it is a good idea to secure the network to protect against eavesdropping, stealing, and unauthorised access to your private data.

Securing Wireless Networks

There are several steps you can make to setup a secure wireless network (home or small business).

There are three common techniques available, which can be used independently of each other or together. They are:

• Broadcast SSID prevention
• Mac Address Restrictions
• Encryption

Broadcast SSID

Every Network has an identity or name. This they normally broadcast so any wireless devices in the area know they are there. The client computer will see a list of networks listed by name and he can then configure the client computer to access the network by entering the name in the network connection dialogue.

If the client computer didn’t know the network name then it couldn’t connect. Hence it is advisable to prevent your wireless network from broadcasting the name. This you do by turning off Broadcast SSID. The SSID (Service Set identifier) is the network name.

The problem with turning off broadcast SSID is that anyone who wants to configure a wireless device to connect to your network will need to enter the network name in the network connection dialog.

If, as in a typical home network, you only have fixed number of client computers then you can set this up yourself. If you are setting up a wireless network for a small business, hotel/guest house etc then you will need to have a way of letting new users easily find out the network name. You will also need to have a procedure for changing the name periodically.

You should note that although the SSID is not being broadcast it can easily be found by professional/knowledgeable eavesdroppers using specialist equipment.

Mac Address Restrictions

This is a very powerful security feature that limits access to your wireless network to particular devices.

Every device connected to a wireless network has a MAC (media access control) address. The address is in effect the address of the network adaptor (wireless or Ethernet) and is assigned by the adaptor manufacturer and is unique.

To configure this you need to configure each wireless access point to only allow communication from specified addresses. To setup Mac Address filtering/restrictions you need to:

1. Find the MAC address of each device (computer/laptop). See Finding the MAC address on Windows for details.
2. Enter these addresses in the list of allowed addresses on the Wireless access point/router. If you have multiple access points then each needs to be configured.

Because of the need to find each MAC address for each device then this technique is unsuitable for environments were the Client machines that connect to your Wireless Network change i.e. hotel, public network etc.

If you do have a static network of machines then this is recommended. You should also bear in mind that the MAC address is on the network adapter and so if your wireless USB adapter breaks, and you replace it with a new one, then this will have its own MAC address, and you will need to reconfigure your Access points.

You should note that the MAC address can be spoofed by by professional/knowledgeable eavesdroppers using specialist equipment.

Wireless Encryption (WPE and WPA)

Securing your wireless network using Wireless encryption techniques secures the data between your computer and the wireless access point. If the data then goes onto a LAN or to the Internet it is not encrypted.

This type of security makes it difficult for anyone to eavesdrop on the wireless signal or “steal” your Internet connection by connecting to your Internal network.

There are two method of encryption used in Wireless Networks

• WEP (Wired Equivalent Privacy) encryption -
• WPA (Wireless protected access) encryption -

WEP (Wired Equivalent Privacy)

This is an old form of encryption that has many flaws but it does provide a good level of security against casual snooping but not against professional eavesdroppers.

It has been superseded by the newer and more secure WPA but it is widely used because it is universally supported.

After selecting it you will need to enter a pass key which is either 5 or 13 Hex pairs depending on whether you use a 64 bit or 128 bit (recommended) encryption.

The Pass key is effectively a random number that you can just make up or some systems will auto generate them based on a passphrase/password which you enter.

In either case the same key is used on all the clients that connect to that access point. I copy the key into notepad and put it on a floppy or memory stick to make it easier to
configure the client machines.

WPA (Wireless protected access)

This is intended to replace the Older WEP for providing encryption in wireless networks. You should ensure that all of your clients are capable of supporting it before you use. Some machines may require software updates or new hardware for this

There are two modes of WPA available:

• PSK (pre shared key) also called Personal or no server mode. This is the common mode used in small business/ home networks.
• With Server- Requires a Radius server and is used in Enterprise wireless Networks, and is not considered here.

Pre-Shared Key

In this mode the wireless access point is assigned a passphrase (PSK) and the same passphrase is used by each client machine that connects to that access point.

Note: A Passphrase is like a password but much longer. A typical password is 6-10 characters whereas a passphrase is much longer. In WPA the passphrase/password is typically between 8-40 characters, with a minimum length of 20 characters recommended. You will often see the word password used instead of passphrase. See
Passphrase FAQs for more details.

Related Posts by Main Category- WiFi