Tips for Securing a Home Wireless Network

Setting up a home wireless network can launch you into cyberspace with relative ease. However, despite the thrill of surfing from your patio, a non-secure home wireless network contains security holes lurking around the corner. Today's Wi-Fi products don't always help the situation as configuring their security features can be slow and sometimes non-intuitive.

Department of Family Medicine Information Technology Services (ITS) does not provide support for configuring nor troubleshooting home wireless devices. There are numerous wireless vendors and too many variables for the ITS staff to support in regards to a home wireless network. Prior to purchasing a wireless device for your home, be sure to check the wireless vendor's compatibility with your computer(s).

Many hotels and public areas now offer wireless access for free or for a charge. While traveling, you can find a public wireless network by going to http://www.wi-fihotspotlist.com. Be aware that hot spots or public wireless networks have no security features enabled to make them easy for everyone to use, so confidential or sensitive data should not be transmitted over a public wireless network. Due to the many variables in configuring a public wireless network, ITS staff cannot provide support for accessing a public wireless network. Your best point of contact is the establishment that provides the access.

So, where does that leave you? While the ITS staff can't provide support for a home wireless network nor for the use of a public wireless network, ITS staff can provide you with some general best practice recommendations for securing a home wireless network.

The specific configuration steps for the wireless security recommendations below will differ by manufacturer. For specific configuration steps:

• Consult your wireless manufacturer's manual
• Consult your wireless manufacturer's website
• Call your wireless manufacturer's support line for specific security configuration steps.

1) Change Default Administrator Passwords (and Usernames)

At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

2) Turn on (Compatible) Encryption

All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally, you will want to pick the strongest form of encryption, Wi-Fi Protected Access (WPA). However, not all wireless devices are compatible with WPA, so you may need to use Wired Equivalency Protection (WEP). Consult your wireless device manufacturer's manual to determine the appropriate encryption configuration to apply.

3) Change the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." Knowing the SSID does not by itself allow anyone to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring your LAN.

4) Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the "physical address" or "MAC address." Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not as powerful as it may seem. Hacker software programs can fake MAC addresses easily.

5) Disable SSID Broadcast

In Wi-Fi networking, the access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may come and go. In the home, this feature is unnecessary, and it increases the likelihood an unwelcome neighbor or hacker will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

6) Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of "leakage" outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach across streets and through neighboring homes. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize this leakage.