How to make your wireless network secure

[SteveR]

Hiya peeps,

As I have no technical knowledge about the Supra to share, I figured I'd try to be useful by posting some advice I've written about securing your home wireless network. This is just general sound advice that anyone could come up with after a bit of research, but as I already know it (it's partly related to my job) I figured I'd share the wealth in case it's any use to anyone....

--------

 

I hope this is of some help to someone....

 

To make your home wireless network more-than-secure-enough (for home use), do the following;

 

Step 0. - thanks MaveriK - Change the administrative password on your network device(s). Make the password strong (see 'notes' section below)

 

 

Step 1. Enable WPA-PSK on your wireless access point/wireless router. If you don't have this option use "WEP", if there are several WEP options simply choose the one with the biggest number after it. WEP isn't as good as WPA-PSK so always use the latter if you can.

 

NB: The above will require you to pick and enter a password. It is important that you make this password 'strong' (see 'notes' section below).

 

(By doing this only devices that have the correct password will be allowed to join your network. As you've picked a password only you know* this means only your devices will be able to join.)

 

 

Step 2. Change the SSID of your network from it's default to something not obvious, and switch off anything that says "SSID broadcast". You'll probably need to tell your wireless devices the name of your network, but big deal.

 

(Changing the SSID from "Belkin" or "Cisco" or whatever it is set to 'out-of-the'box' stop someone knowing what make/model it is likely to be and thus what attacks might work in it. DON'T set it to "Steve's Network, or "34 Steve Street" or whatever cos that just makes theives know you have computer equipment!)

(Switching off the SSID broadcast makes it harder for people to spot your network even exists and thus makes it less prone to attack.)

 

 

Step 3. (optional) If you're a tad paranoid or worried that someone might still guess your password somehow, then you can also carry out this step. To be honest though step 1 will have secured your network....

 

Tell your access point/wireless router to enable "MAC filtering" - you will need to know the MAC Address of each device you will want to allow onto your network, and enter these into the list of allowed devices on the router/access point.

 

(By doing this you put into place a 'guest list' of sorts - anyone not on the list isn't allowed in.)

 

 

If you're not sure how to do step 3 don't worry, just carry out step 1 (and 2 if you can) and you'll be fine anyway.

 

 

Abbreviations I've used:

WPA-PSK = Wireless Protected Access - Pre-Shared Key. It's a form of encryption that until recently was unbreakable. It is only susceptable to a brute-force 'dictionary' attack, so use a strong password and you'll be fine

WEP

MAC Address = a unique* (in the whole world) address of your wireless device that identifies that device and distinguishes it from all other network devices.

WLAN = Wireless LAN

LAN = Local Area Network

SSID = Service set identifier. Ignore that, just think of it as the 'name' of your network.

 

Notes

'Strong' Passwords

A strong password will be reasonably long (say 10+ characters), mix uppercase and lowercase letters with numbers and symbols and make it something NOT obvious - avoid something that someone could guess, e.g. your house number, name, pets name, car, whatever.

 

An example of a 'strong' password might be "sPAGh3tt1_H0oP5". A stronger password still would be even longer and made up of completely random letters, numbers and characters - simply write the password down and stick the piece opf paper to your wireless router/Access Point; this might not sound like a good idea when taken at face value, but think about it - if anyone breaks into your house the last thing you'll be worried about is the security of your WiFi network!

 

* = Passwords can be broken if someone is determined enough, but the longer and more complex your password the exponentially harder this become, so a good, strong password is effectively impossible to break. Remember that there are dozens if not hundreds of unprotected networks nearby that are far easier to use; so long as you're not the easiest target (i.e. carry out these steps) you'll be safe.

 

MAC Addresses

* = these can be 'spoofed' but again no-one will go to those lengths to attack a home network when your neighbour has an unprotected and wide-open WLAN

 

Handy Hints:

1 - (Thanks ARK) - turn the access point off when you're not using it - reduces the window of opportunity for wardrivers, because it's always just a matter of time for breaking in. And it saves electricity, trivial though it may be.

[SteveR]

Any questions or if anything's not clear, post here and I'l try to help

[MaveriK]

MAC Address = a unique* (in the whole world) address of your wireless device that identifies that device and distinguishes it from all other network devices.

 

Or if you install decnet can be over written with a new value.

 

Nice write up though but i would include changing the default admin password on the box itself.

[JohnA]

Very nice.

 

I had to do all of the above (save MAC filtering) after I found out that characters would park outside in the dark and drain the bandwidth, then just drive off.

There is a whole network of them, They Live

[SteveR]

Very nice.

 

I had to do all of the above (save MAC filtering) after I found out that characters would park outside in the dark and drain the bandwidth, then just drive off.

There is a whole network of them, They Live

 

They're called 'Wardrivers' (or 'war walkers' if they're too cheap to have a vehicle, lol). People share addresses of 'open' and hackable networks on the internet for others to take advantage of too.

 

The deal is - make yourself a smaller/harder/invisible target, and you'll get left alone. Why attack a protected network when there are loads of muppets with wide open ones?

 

One thing I didn't mention was that, if someone uses your network to do illegal activities and the authorities decide to look into it, it's you that gets investigated as it was your ISP account that was used. Very tricky to prove it wasn't you, or at least a huge PITA to go through, I suspect.

[SteveR]

Nice write up though but i would include changing the default admin password on the box itself.

Yeah good call, it's easy for me to forget stuff like that - I'll add it in.

 

It's also a good plan to switch off any options to allow administration of the box from a wireless connection, if it can do that.

[carl0s]

Very tricky to prove it wasn't you, or at least a huge PITA to go through, I suspect.

 

Well, if your wifi was wide open, it'd be quite a good get out clause actually

[Ark]

I'd add: turn the access point off when you're not using it - reduces the window of opportunity for wardrivers, because it's always just a matter of time for breaking in. And it saves electricity, trivial though it may be.

[SteveR]

Bump!

- just in case it's of any use to anyone who didn't see it first time round