What does my friend need to know to protect her wireless network?

My friend just got a wireless router and cable modem for high speed internet access. She has it all working but I have heard that if you do not take precautions, people can use your banwidth and get into your network. What does she need to know specifically to prevent that?

The manuals that came with her wireless gear should cover a basic method for securing the network.

She needs to set her wireless NOT to broadcast her SSID - essentially the name of her network. This will prevent the average schmuck from finding it.

Then she needs to put wireless encryption on her network - so that people without the access key cannot use her network.

As for the manuals - eh, maybe, maybe not. If the manuals are unhelpful, then search the internet for your particular brand of router and you should be able to find instructions for securing your network.

  • Peter Wiggen

Well, you can be as permissive or paranoid as you want. I’ll explain a couple of concepts but I can’t explain exactly how to set this up for your routers, because many routers are different.

Before you get started, you have to learn how to do a couple of things. First, you have to know where to look in your computer to understand if you have a wireless connection or not. Next, you have to educate yourself on how to set certain options in the router. Generally this is as easy as pointing a web browser to the router, which comes up looking like a web page with blanks to fill in and boxes to check. Also, you need to set these same options on the network card in your computer. Also, you need to understand the factory reset procedure in case you lock yourself out of the router while doing these procedures.

Once you know these things, here are things to change, in increasing order of difficulty:

  1. Change the SSID of your network to something other than the default. This way, someone with the same kind of router won’t accidentally get on your network, and hackers looking for the most common vulnerabilities will have to look a bit harder. Many routers ship with identical SSID’s (for example, NETGEAR or LINKSYS). This is basically the name of your network and it can be anything. Use a somewhat random name that isn’t easily associated with you (don’t use your name, address, pet’s name, etc).
  2. Change the IP address of your network to something other than the default. Likewise, this decreases the likelihood of unwanted access through the most common routes. Choose something in the format of 192.168.x.0, where is is a number between 2 and 254.

The above 2 options are fairly easy ways to hide yourself in plain sight, but you’re still broadcasting in clear text, which could be snooped by anyone willing to put out a little effort. The below procedures are actual security procedures and are a tiny bit more difficult but worth doing.

  1. Choose a WEP password and use it. This encrypts your data so that other wireless units cannot understand the data you are transmitting. Most routers will have a blank where you enter a passphrase, and you click OK, and it gives you 4 codes. Take this code and enter it on the network adapter of each computer you’re using.
  2. Set up an ACL (access control list). This is an access control list on your router. Once you’ve done this, only computers you trust can access your router (and therefore your network connection). You go to each computer in your house, find the MAC address, and then put it the appropriate place in your router.

You have to be aware that if you do any of the above, on the router, and don’t get the setting identical on your computer, your computer will act like it doesn’t have a wireless connection. Don’t be alarmed, the wireless radio didn’t go dead, your computer just can’t “hear” it until you get the settings right.

If you do number 3 or 4, be prepared for a little trial and error and possibly locking yourself out of your router once or twice. That’s why I mention that you should learn the factory reset procedure.

Thank you for the answers!

If all of your equipment can do it, WPA is better than WEP.

Be sure to change the administrator password on the router. It’s usually trivial - something like “admin” or “linksys”

Yes, recap on what was said about disabling the SSID broadcast and changing the administrator password. That’s important.

However, if you’ve got funky wireless devices like printers or whatnot, you might want to turn SSID on temporarily just to help them find the network. Setting this stuff up through the postage-stamp-sized LCD display of a network printer isn’t much fun.

On a related note, just how secure can a wireless network be? One of my techie friend was telling me that even if you encrypt your netowrk, set up an access control list and use the latest encryption key, it can at most keep out a determined hacker for about five minutes.

True of false?

Wireless or not, you can’t make any network 100% hack-proof, but you can strengthen it enough that intruders will probably skip your network in favor of an easier target. You can’t make your home burglar-proof, but most people sleep fairly soundly with a deadbolt on the front door, and even more so with a dog and alarm system.

If the access point is using WEP, true. WPA is harder to crack, but, like any password-based encryption, it is still vulnerable to attacks that rely on bad password choices.

True in principle, somewhat exaggerated in practice.

If someone is determined to hack your wireless network, the hardware and software exist to suss out your access control, SSID and WEP/WPA key. That said, these tools are typically used by professional hackers/crackers, and they’re usually after bigger fish. The vast majority of people who would break into your network are amateurs looking for a free connection, frequently cruising around looking for an unprotected access point (“wardriving”)—and the precautions mentioned are enough to keep them away, especially if there is someone nearby who hasn’t taken them.

It’s something like car theft: if a pro is really after your car, he’s probably gonna get it no matter what you do. But the casual thief or joyrider will pass up a car with the doors locked if there’s one with the key in the ignition a few doors down.