Recently, I noticed some strangeness on my home wireless network. Sometimes the speed would be slower than normal, I couldn't print to my printer, and some of my more advanced router settings (for port forwarding, firewall, etc.) would seem to be "lost".

As it turns out, my laptop was attaching to my next-door-neighbor's network. When I went to help him out, we saw that he could see HIS neighbor's network! Both had failed to do some basic wireless security.

Failing to secure your network could have several negative consequences. First, it's your network. You don't want freeloaders using your bandwidth. You also don't want them seeing your shared folders, using your printer, and downloading questionable or illegal content from your IP address!

So here we go with WiFi 101: security settings.

SSID

It stands for service set identifier, but think of it as your network name. Wireless routers, by default, broadcast their network name. Any device that comes in range can see the network and attempt to connect. Step 1 in securing your network? Stop broadcasting your SSID! Log onto your router (the exact steps vary router by router, but usually you can do this by browsing to http://192.168.0.1 or http://192.168.1.1, and entering a username and password: try 'admin' for both).

Look for a checkbox or radio button that says "Wireless SSID broadcast", and disable it. This means only computers that already know the network name, can find the network.

Router Login

While we're here, change the default router password and username to something you can remember. On most Linksys routers, you can do this by following the 'Administration' link.

WEP

Wired Equivalent Privacy: it's an encryption scheme, to secure the traffic between your wireless computer and your router. Use it! WEP works by generating a set of keys (passwords), based on a seed phrase. You can generate 64-bit or 128-bit keys. Write down the keys, because your laptop will need them in order to talk to the router once WEP is enabled.

MAC Filter

Every Ethernet card has a unique number, called a "MAC (Media Access Control) address". Think of it as digital serial number for your network card. On Windows machines, if you go to a command prompt (DOS window), and type ipconfig /all , you can see your MAC address. Look for "Physical Address", it will be a series of 2-digit numbers separated by dashes or colons. Careful! You might have two, one for your "built-in" network card, and another for your wireless card.

Routers can be configured to only talk to specific MAC addresses. I recommend doing this as well. Even if someone discovers your SSID and WEP keys (you wrote them on a sticky and stuck it on your monitor) the router can refuse them because they aren't "on the list".

Laptop Setup

Once your router is configured to

  • Disable SSID broadcast
  • Use WEP encryption
  • Use MAC filtering

then it's time to configure your laptops and wireless devices to see the router.

For Windows machines, you can use the "Wireless Network Setup wizard" in the control panel. You'll enter the SSID name, the WEP key, and so on.

Conclusion

WiFi is definitely convenient, but don't neglect security! Protect your network and yourself by configuring your router's security settings.

Please be aware that none of the techniques you've described will prevent a hacker entering your network.

SSIDs can be sniffed easily, whether they're broadcasted or not. Because the packets are still flying throught the air, a passive sniffer will collect and identify the ssid within minutes.

The WEP encryption algorithm is fundamentally flawed, and can be broken in approx 3 minutes, as demonstrated by the FBI and now used by most hackers.
WPA is far stronger, particularly if you use a secure password. If you're setting up a new wireless network it's worth looking for hardware that supports WPA.

MAC addresses are broadcasted in every packet, so sniffing software will again enable anyone who really wants to get in to spoof your mac address and make the router think they are you.

If you really want to secure your network, then you need WPA with a secure password - see the secure password generator at https://www.grc.com/passwords

However if all you want to do is stop your next door neighbour accidentally using your access point, I guess WEP, MAC address filtering or not broadcasting your SSID will do the trick.

Hello,

I agree with Dave... Wireless security is hard to come by, and WEP is not sufficient. It can be hacked, scanned, and thumped without too much effort.

You might also be able to limit the exposure of the network by placing the access point in the basement, and / or toggling the transmit power to the least available. I know that on my Buffalo Technology's Access Point can change the output power to something very minimal. Placing the node low to the ground limits the range.

Christian

Good feedback, thanks! My primary motivation for the article was to get people to at least do the minimum to prevent careless or accidental network intrusion.

If you're in a situation where you're pitted against a determined hacker, then perhaps wireless isn't the way to go!

Most of my wifi installations are in student digs, where you never know what the people in the next rooms get up to, so I guess that influences my outlook lol.

Wifi is essential in those situations because most owners don't want holes drilled in their walls.

I'd say that if you're in a quiet town or village where you know your neighbours, wep is all you need.

If your in a city, large town, rental accomodation etc, you need something a bit more secure like WPA, just in case.

WEP cracking utilities are far too freely available for my liking. Still, at least only some wifi adaptors are supported - otherwise every kid would have a go!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.