WyzGuys Computer Tutors

 Computer Instruction. Web Design Instruction,  and Web Hosting 

 

Securing Your Access Point

 

Related Sites

Wyzco
Computer Classes
Computer Support
Web Hosting
Internet E-Mail

Site Navigation

Home
Registration
Resources
What Is Wi-Fi?
How Wi-Fi Works
Wireless Access
Pros & Cons
Security Issues
DIY Wi-Fi
Equipment
Installation
Securing Your WAP
Parental Controls
Conclusion
Thanks
Evaluation

Securing Your Wireless Network

Many wireless networks I see are set up unsecured, using the default administrator account and password.  Not only can others (neighbors) connect to these networks without your permission, they may be able to see the personal information located on your computer.  Using fairly unsophisticated equipment, someone could view your wireless traffic, capturing user IDs and passwords for internet accounts for on-line banks, brokerages, and shopping sites, and credit card numbers you use while on line.  A clever hacker may be able to breach your network from the Internet.

So you need to enable the security features of your Wireless Access Point.

Change Your Default Administrative Password

The Linksys WAPs use admin for the password.  This information is available on the Linksys site, but I’ve seen master lists on the Internet of default passwords for every kind of networking device ever made.  This information is available to anyone, including hackers.  Change the password to something you will remember, but cannot be easily guessed.  At least sevn characters, including upper and lower case letters, numbers, and some symbols, would be best.  For example, something like P@ssw0rd.  Don’t use this one by the way, it is well known.  It is ok to put the password on a label and stick it to the WAP, since this step protects you from Internet based attacks.

Change the Default SSID

On a Linksys WAP this name is Linksys.  Change it to something else. I use WyzGuys.  If you have a neighbor using the same equipment, it will make it easier for you to find your own network when connecting.  It is recommended that you turn off SSID broadcasting, but I do not do this myself.  I like to be able to find my network if I am having connection problems.

Enable Network Address Translation (NAT)

This is usually the default setting, but this does provide an extra layer of security by using a range of private IP addresses that serves to hide your computer from the Internet.  Hackers would only be able to see your access point at the most.

Disable Router Management from the Internet

There may be a feature that would allow you to change WAP settings from the Internet.  If this is available, you should disable this feature.

Enable WEP or WPA Encryption

This step scrambles your wireless traffic across the network, and makes it impossible for others to view your sessions in the clear, or in plain English.

It also prevents other computers that don’t have your encryption key from connecting to your network at all.  The strongest option is WPA2, followed by WPA, 128-bit WEP, then 64-bit WEP.  Here again, anything is better than nothing.  Linksys allows you to generate your encryption key, which is a hexadecimal or base16 number using an easy to remember passphrase.  This can be problematic if you want to share your wireless connection with a visitor or guest, or if your kids are hosting a LAN party.  You would need to turn off encryption temporarily, or share your key with your guests.

Enable the SPI Firewall

This should be a default setting, if not enable it.  Stateful packet inspection means that the access point will look at the contents of each data packet coming from the Internet for malicious or suspicious content, and discard those packets that it finds non-conforming.

Use MAC Address Filtering

Every network card has two addresses, an IP address and a MAC address.  An IP or Internet Protocol Address is a 32 bit number that is assigned to the computer, and can be changed.  It looks like this:  192.168.1.114. 

The MAC (Media Access Control) address, also called the physical, hardware or machine address, is a unique 48-bit hexadecimal number that looks like 00-11-F5-5C-9C-38.  This number is hard coded into each network card.  Like snowflakes, no two are identical, and this number cannot be changed.  You can restrict connections to your access point to certain MAC addresses only.

Here again, you would have to add guests to the Allow List.  You can find your computer’s IP and MAC addresses by clicking on Start, Run.  Then type cmd in the Run Dialog box.  A Command or DOS window opens.  Set your cursor at the command prompt, and type ipconfig /all.  (There is a space between ipconfig and /all.)

Network Security Recommendations

The following security options are the ones I use and recommend:

  • Change the default administrative password.

  • Disable Router Management from the Internet.

  • Enable the SPI firewall.

  • Use NAT.

  • Use 64-bit WEP encryption.

  • Change the SSID broadcast name. 

 

I do not turn off the SSID broadcast, or use MAC filtering.  I have found this to be sufficiently secure, while still allowing for some network flexibility.

 

I also secure each computer on my network.  I run Windows Update in full automatic mode every day.  I also run Zone Alarm Internet Security Suite on every computer on my network, for anti-virus, anti-spam, anti-spyware and pop-up protection.  I run full system scans for viruses and spyware every day.  I update for new virus definitions every day.  I also run Windows Defender and SpyBot Search and Destroy for additional spyware protection.  I admit to being extra paranoid, but I have not had a serious virus or spyware infection on any of my seven computers in over 3 years, including my teen age son’s computer.

 

Back To Exercise Next

 

Curriculum developed by WyzGuys Computer Tutors

All Rights Reserved - updated 05/11/2006

Hosted by WyzHost.com

contact support@wyzhost.com