Home Networking With HALNet ADSL
Home       Print this page
Wireless Access Point Security

     Think SECURITY!! You are asking to be hacked when you set up a wireless network at home without any security measures in place. There are several things you can do to help protect you from hackers driving through the neighborhood or the mooching neighbor that's too cheap to buy his own broadband service. Remember, you are responsible for what happens on your network. If a neighbor's virus infected Windows box is spewing spam and other such things from your DSL connection then the service will be interupted until the network can me made secure.
Steps to Protect:
Encryption - Turn on WEP (Wired Equivalent Privacy) and set it to the highest level that your AP (Access Point) supports. If your router doesn't have key generator built-in then there are some handy sites, such as mine, that can be found with Google that can generate a WEP key for you (This is a nice one too). Make sure you write the hex code down and keep it in a safe place, because you will have to have it to set up your other computers. WARNING: 64bit WEP is eaisly cracked, so go with 128bit if your hardware supports it. Either one is, at least, a good deterrent for the moochers.

SSID - Change the default SSID (Service Set IDentifier) assigned to your AP. People know that if it says "default" then the person that set it up doesn't have a clue about security. Some APs even allow you to turn off SSID broadcasting (also known as a "closed network"). This is one of the most important features you could look for when shopping for a router. What they can't see won't tempt them.

Filtering - Enable MAC Filtering! This will prevent anyone from accessing your network without you manually adding their address to the list (this includes your own computers). In order to find out what the MAC address of your computer's wireless card is, you will need to, with Windows at least, open a DOS prompt and type "ipconfig /all | more" and look for the Physical Address (something like 0E-23-80-43-E3-D4). There may be more than one ethernet device listed if you have a modem (HINT: The PPP Adapter is a dialup modem, NOT the ethernet card) or Firewire (The 1394 adaptor). You may be fortunate enough to have a router that can provide you with a list of associated clients that you can choose from. Read the manual that came with the router for more information on how to make use of this feature since they are all different.

Password - Change the default password for your AP! Anyone can look up the default on a site like CIRT.net. Don't forget to write it down and put it in a safe place (like on a Post-It under your keyboard or taped to the bottom of the router).      These precautions just might save your data and your dignity. Ex: There was an AP a couple of blocks away from my home that had "linksys" for the SSID... Less than a week after noticing it, someone changed it to "gothacked". How embarrassing! One could even flash your router with a bogus binary file, effectivly making a paperweight out of it, so think about it before you end up on someone's scorecard.

Join HAL-PC
http://www.hal-pc.org
4543 Post Oak Place Dr. Suite 200
Houston, Tx 77027-3103
713/993-3300


This site is designed to be of some assistance, however is not meant to be your sole source of information. By following the suggestions given on this page you understand that you do these things at your own risk. The steps mentioned here may or may not work for your purposes. There is no warranty or support of any kind provided by HAL-PC for the topics discussed in this site. The only support for your home network that is given is by me personally, at my choosing, on my own time, and via email only.
I know... I hate disclaimers too.

[Powered by FreeBSD]