Task 5 : Protect your Wireless network connection.

Wireless networks are becoming more and more popular these days, in consumers homes. To see how true this is, all you need to do is turn on the wireless function on your wireless access capable computer and you will see how many wireless points are available in your immediate neighborhood. I could see 5 wireless points in my neighborhood. Part of the reasons for the increased popularity is better wi-fi technology and partly due to the dropping and affordable prices of wireless network routers. With this increased popularity also means greater exposure to network intrusion. This is especially true if the user does not take the necessary precaution to protect his/her wireless network.

As I had mentioned that in my neighborhood I see 5 wireless network points. Out of these 5, one is unsecured. Meaning that there is no encryption protection on that network. If I wish, I could connect to that access point with minimum effort, and could then be able to surf the Internet. Hijacking someone's wireless network to surf the Internet may pose a minor problem for the owner, there is an even more serious problem of security. Now, once someone gets connected to your wireless network, in essence they are in your home network. What that means is that they are even inside your firewall (what good does your firewall do in this situation?) and they could access all the network resources such as like your printer. Worse than that they will be able to access your computer if they put in a little extra effort. Are you worried now? Hopefully you are one of those who have a secured wireless network. If not, please read now for some steps you can take to protect yourself.

Steps to protect your wireless network

1. Change the default administrator name and password
   When you first bring home your wireless router, it comes with a default administrator account and password. Being default also means that others who bought the same router will have the same default administrator account. Now it doesn't take much brain power to see the implication of that. An administrator login is necessary to make changes to the configuration of your wireless router. More often than not, this will be a webpage from the router that first require you to log in. So the first thing you should do when you log in to configure your router, is to change the administrator username and password.


2. Change the default SSID An SSID is also referred to as a network name for your access point/ wireless router. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." Knowing the SSID does not by itself allow others to break into your network but it is an invitation. When someone finds a default SSID, what it says to them is this is a poorly configured network, and hence they are much more likely to attack it. Therefore change the default SSID immediately while you are configuring your wireless router.


3. Disable SSID Broadcast
   A wireless access point or router typically broadcasts the network name (SSID) at regular intervals. When your computer searches for wireless access points, it displays a list of access points available in the vicinity, by their SSIDs. This makes it easy to identify the network that you want to connect to. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Most wireless routers allow the SSID broadcast feature to be disabled by the administrator.


4. Turn on the WPA / WEP Encryption
   All Wireless router supports some form of encryption, which essentially scrambles messages sent over wireless networks so that they cannot be easily read by someone else. Although wireless routers, access points, and wireless computer adapters for residential use shipped with encryption capabilities, most manufacturers turned encryption off by default. Many home wireless users never bothered to turn it on, leaving them no security nor protection from intruders. Several encryption technologies exist for Wi-Fi today. You will want to pick the stronger form of encryption that works with your wireless network such as DES, VPN, and WPA. However the stronger encryption usually requires more configuration on your part and hence a greater understanding to begin with. If you do not feel ready to do that, at least turn on the most basic one, which is the WEP encryption.

   WEP has three settings: Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not difficult to crack, and using it es reduce performance slightly. While there is no extra performance cost to encrypting the longer 128-bit key, there is a cost to transmitting the extra data over the network. 128-bit security is not much more difficult than 64-bit to crack, so if you are concerned about performance, consider using 64-bit.

   The WEP concept of passphrase is introduced so that you do not have to enter complicated strings for keys by hand. The passphrase you enter will be converted into complicated keys. Choose passphrases the same manner you would for important passwords.



5. Enable MAC Address Filtering
   Each piece of networking equipment possesses a unique identifier called the MAC address or its physical address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many of the wireless routers offer the owners the option to enter in the MAC addresses of all their home equipment,and then restricts the network to only allow connections only to devices with those known MAC address. This method will offer a little extra security but be aware that hackers and their software programs can easily fake MAC addresses.


6. Assign Static IP Addresses
   An extra security step one can take to further deter intrusion is to assign static IP addresses to your computers. Typically most wireless network lean towards using dynamic IP addresses. It does make life more convenient for the owner, not having to keep track of static IP addresses and let the router handles all these chores. Unfortunately, this convenience also works to the advantage of network intruders, who can easily obtain valid IP addresses from your network's DHCP pool. If you are more concern about security over convenience, then turn off the DHCP service on the router, set a fixed IP address range instead, then configure each connecting computer with a unique IP address from that address range. This is not for the faint hearted novice computer users though. But it is an extra option to consider nevertheless when security is a priority. Again this method is not foolproof, as a determined attacker would be able to sniff out the valid IP address to use.


7. Turn Off the wireless router when not being used over extended periods of time
   A simple precaution and yet could help to reduce the possible intruders on your wireless network. If it isn't on, nobody could get in. Period. Of course this isn't practical if you are constantly using it during the day. I make it a habit to turn off my wireless router at night when I go to bed. It may even extend the life of your router, since leaving it on 24x7 means that the parts continue to remain hot all the time, which somewhat diminishes its lifespan.