Wireless Networks are by their very nature not secure.
When you setup your home/small business wireless network it is a good idea to secure the network to protect against eavesdropping, stealing, and unauthorised access to your private data.
Securing Wireless (Wi-Fi)) Networks
There are several steps you can take to setup a secure wireless network (home or small business).
There are three common techniques available, which can be used independently of each other, or together. They are:
- Broadcast SSID prevention
- Mac Address Restrictions
Every Network has an identity or name known as the SSID (service set identifier).
They normally broadcast this ID so any wireless devices in the area know they are there.
The client device will see a list of networks listed by name, and he can select the network from the list or enter the name in the network connection dialogue.
If the client device didn’t know the network name then it couldn’t connect.
You can prevent your wireless network from broadcasting the name by turning off Broadcast SSID.
The problem with turning off broadcast SSID is that anyone who wants to configure a wireless device to connect to your network will need to know the name in advance.
If, as in a typical home network, you only have a fixed number of client computers then you can set this up yourself.
If you are setting up a wireless network for a small business, hotel/guest house etc then you will need to have a way of letting new users easily find out the network name and you will also need to have a procedure for changing the name periodically.
You should note that although the SSID is not being broadcast it can easily be found by professional/knowledgeable eavesdroppers using specialist equipment.
Therefore it isn’t considered to be a very powerful security option and is seldom used.
Mac Address Restrictions
This is a very powerful security feature that limits access to your wireless network to particular devices.
Every device connected to a wireless network has a MAC (media access control) address.
The address is in effect the address of the network adapter (wireless or Ethernet), and is assigned by the adapter manufacturer, and is unique.
To configure this you need to configure each wireless access point to only allow communication from a specified addresses. To setup Mac Address filtering/restrictions you need to:
- Find the MAC address of each device (computer/laptop).
- Enter these addresses in the list of allowed addresses on the Wireless access point/router. If you have multiple access points then each needs to be configured.
Because of the need to find each MAC address for each device then this technique is unsuitable for environments were the client machines that connect to your Wireless Network change i.e. hotel, public network etc.
If you do have a static network of machines then this is recommended.
You should also bear in mind that the MAC address is on the network adapter, and so if your wireless USB adapter breaks, and you replace it with a new one, then this will have its own MAC address, and you will need to reconfigure your Access points.
You should also note that the MAC address can be spoofed by a professional/knowledgeable eavesdroppers using specialist equipment.
Wireless Encryption (WPE and WPA)
Securing your wireless network using Wireless encryption techniques secures the data between your computer and the wireless access point.
This type of security makes it difficult for anyone to eavesdrop on the wireless signal or “steal” your Internet connection by connecting to your Internal network.
There are two method of encryption used in Wi-Fi Networks
- WEP (Wired Equivalent Privacy) encryption –
- WPA (Wireless protected access) encryption –
WEP (Wired Equivalent Privacy)
This is an old form of encryption that has many flaws, but it does provide a good level of security against casual snooping but not against professional eavesdroppers.
It has been superseded by the newer and more secure WPA but it is widely used because it is universally supported.
After selecting it you will need to enter a pass key which is either 5 or 13 Hex pairs, depending on whether you use a 64 bit or 128 bit (recommended) encryption.
The Pass key is effectively a random number that you can just make up or some systems will auto generate them based on a passphrase/password which you enter.
In either case the same key is used on all the clients that connect to that access point.
I copy the key into notepad and put it on a floppy or memory stick to make it easier to configure the client machines.
WPA (Wireless protected access)
This is intended to replace the Older WEP for providing encryption in Wi-Fi wireless networks.
You should ensure that all of your clients are capable of supporting it before you use it.
Some machines may require software updates or new hardware for this
There are two modes of WPA available:
- PSK (pre shared key) also called Personal or no server mode. This is the common mode used in small business/ home networks.
- With Server- Requires a Radius server and is used in Enterprise wireless Networks, and is not considered here.
In this mode the wireless access point is assigned a passphrase (PSK) and the same passphrase is used by each client machine that connects to that access point.
Note: A Passphrase is like a password but much longer. A typical password is 6-10 characters whereas a passphrase is much longer.
In WPA the passphrase/password is typically between 8-40 characters, with a minimum length of 20 characters recommended.
You will often see the word password used instead of passphrase. See Passphrase FAQs for more details.
Related Articles and Resources: