If you have ever had a bite out of a wireless network, then you must already be an addict. Wireless networking is an extremely easy way to take advantage of Internet connectivity while freeing yourself from the short leash of the Cat5E cable. In fact, connecting to your own wireless network is so comfortable that your neighbors might want a piece of it for themselves.
Getting robbed of your bandwidth is old news, but leaving your wireless network unsecured can lead to much more unpleasant situations than slow Internet traffic. Wireless routers can be tampered with, DNS servers can be changed to point legit domains to obscure servers that steal banking and/or
email credentials. Shortly put, leaving your wireless network open is not the wisest thing you could do.
Securing your wireless Internet connection is not the most difficult of things as it might seem at the first glance, so here are the essential steps you need to take for completely cable-and-hassle-free web-surfing sessions.
The vast majority of the wireless routers and/or access points (access points are just like routers, only that they don't allow wired clients) come with no security options factory enabled, which means that any wireless client in your network's range will be able to connect to it immediately.
The first and the most critical aspect is changing your administrator credentials immediately. As long as the default password is still active, your router is at its peak vulnerability. The default passwords are posted on publicly-available websites, so anyone who knows or takes a guess at which brand your router is, can log in as administrator and spoof your DNS data. After having successfully changed your default password to something difficult enough to crack, you might consider turning off the remote management option, in order to deny router management over the web.
Another essential step would be changing your default SSID. All wireless access points and routers broadcast a network name, also known as SSID (Service set identifier). Default SSID names would hint the intruder at the brand and model of your router, thus increasing the chance of the hacker using a specially designed tool to exploit your router's security flaws.
Just imagine that you haven't changed the default password and the attacker identifies your network as say Linksys. A quick search on the web would show the attacker that Linksys routers are set by default to "admin" username and "admin" password. The complete list of default usernames and passwords sorted by manufacturers
can be found here. You may want to change your SSID to something identifiable, yet discrete. Disabling the SSID is also possible, but it's less recommended, given the fact that it would make it difficult for other legit users to connect to the network as well.
Another critical aspect of the wireless network is enabling encryption. While WEP encryption is widely supported on both newer and older models of wireless routers, it can be cracked easier than the new WPA algorithm. Encryption will cloak all the data sent between the client and the router and would make packet sniffing harder to intercept and decode. Wireless pirates won't be able to connect to your network without the pre-set password. Many users are using the WPA Pre-Shared Key option, that would ask for a 10-character or longer password, made of uppercase, lowercase, symbols and/or numbers.
MAC filtering is another safety measure that would contribute to your network's safety, but won't make it bulletproof. A MAC (Media Access Control) address is an allegedly unique identification number that distinguishes a network adapter amongst the others on a network. It makes identification possible and sometimes it decides which IP is allocated to a specific computer. MAC filtering will refuse any connection from a MAC number that is not added to the trusty list. However, MAC addresses can easily be spoofed and will add some extra hassle while setting up your network but extra safety is advised.
Last, but not least, you might consider reducing your WLAN transmitter power. That means that the stronger your WLAN signal is, the more the chances are for it to be attacked. Most of the time, you won't need a wireless network to stretch outside your house or office. You can adjust the signal strength by tinkering with the default values until you get a reasonably strong signal inside the building.
