Network Systems DesignLine | Securing a wireless network--The basics--Part III

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 
 HOW-TO

Securing a wireless network--The basics--Part III

Here's a third segment of Chapter 2 of Home Network Security Simplified--an easy-to-follow explanation of how to make sure that your home network is secure--why it's important, and amazingly, how few of us actually do it. Part III covers the how of changing a default password to enabling wireless encryption.
By Jim Doherty, Neil Anderson Print This Story Send As Email Discuss This Story Reprints

Page 1 of 2

Network Systems Designline
(02/12/2007 1:05 AM EST)

Rate this article
WORSE | BETTER
1 2 3 4 5
Here are Part I and Part II.


Here is an overview of the steps you'll go through in this section:

  • Change the router's default password.
  • Stop advertising your wireless network.
  • Enable wireless encryption.
  • Disable ad-hoc networking.
    • Prevent unintentional roaming.

Change the Router's Default Password
As previously mentioned, routers from the same manufacturers all come with the same password. Although it may be easy to keep it the way it is out of the box, it is well worth the 30 seconds it takes to change it.

Here are the configuration steps that you need to do:

  1. Access the wireless router using your Internet browser.
  2. Click the Setup tab.
  3. Click the change password option.

Stop Advertising Your Wireless Network
By default, wireless routers are set up to broadcast their SSID to make it easy for wireless cards to learn the wireless network without having to know information in advance. Nice feature, bad security practice. Broadcasting the SSID of our wireless home network is entirely unnecessary. So, the first step to securing our network is to shut it off.

Here' s the configuration steps that we need to do:

  1. Access the wireless router using your Internet browser. You should be connected via a wired connection because any change you make could break the connection between the router and the computer if you have only a wireless connection at the time.
  2. Click the Wireless tab.
  3. On the line labeled Wireless SSID Broadcast, checkmark Disable (See Figure 3)


    4. Figure 3. Disabling the SSID Broadcast

  4. While you are on that screen, change the SSID name to something random (write it down). Remember that you also need to change the name on the wireless set screen of each computer you access this network with.
  5. Click Save Settings. That's it!

Very Important: As a reminder, never use the default SSID that the wireless router is set up with. (For Linksys products this is linksys). If the SSID is not being broadcast but is easily guessed by intruders, your wireless network is still vulnerable. Change the SSID to something else, such as a random series of uppercase letters, lowercase letters, and numbers. Write it down.

Enable Wireless Encryption
Even with reduced visibility to your wireless network,, a more sophisticated eavesdropper still might be able to learn the SSID and try to obtain access, so you need more security. The next step to securing the wireless network is to turn on encryption. Again, by default, encryption is disabled in wireless router products out of the box. To turn on encryption, we make up a secret key (see the previous section on encryption) that is known only by the wireless router and the wireless NICs in our wireless network (NIC stands for network interface card, which is the wireless-enabled card in your computer that allows connection to a wireless router). To communicate, this secret key must be known; otherwise the conversation is unintelligible.

In general, both the wireless router and all wireless cards in your network have to be running the same encryption method. However, depending on the age of the wireless product, they may not support all options listed in Table 1. The key then is to examine what each device (including the router) supports and use the highest level of encryption that all of them can handle. Meaning, start at the top of the table, if all your devices support WPA2, use it. If even one of the devices you plan to network doe not, you either need to replace it with one that does or go down in the table (for example, WPA or 128-bit WEP).

Very Important: Keep in mind that even 128-bit WEP is pretty good and will defeat "curious neighbors," but it will not keep a real hacker out. WPA2 is approaching the level of wireless network security that large corporations rely on. So, although you do not need to be overly alarmed if your network "only" supports 128-bit WEP, you should consider upgrading to products that support WPA, or better yet WPA2.

After you choose your method of encryption, you need to implement it on the wireless router and all wireless cards in your network. Each device must be "told" what the super-secret key is to be able to join the conversation.



Page 2: next page Print This Story Send As Email Discuss This Story Reprints

Page 1 | 2


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts
    GE Corporation seeking Lead Systems Analyst in Van Buren Township, MI

    Osram Sylvania seeking Sr Applications Engineer in Danvers, MA

    Accolo, Inc. seeking User Experience Engineer in Reston, VA

    Johnson Controls, Inc seeking Project Development Engineer in Pittsburg, PA

    WhiteHat Security seeking User Interface Engineer in Santa Clara, CA

    More career-related news, resources and job postings for technology professionals


     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service