Home Wireless Security
Adapted from an interview with Prof. Eugene Spafford, Purdue University.
While no wireless network can be 100% secure, these are steps you can take
to make it much more difficult for malicious users to compromise your network.
You'll need to check the documentation that came with your wireless equipment
for details on implementing these changes.
Change your access point's administrator password
Your Wireless Access Point (WAP) will ship either with a default admin password,
or no admin password at all. Change this immediately! Be sure to choose a
password that you can remember, but would be hard to guess.
Change your WAP's SSID
Your WAP will come out of the box with a standard "name", or SSID.
The SSID will vary by manufacturer; typical names include "linksys" and "default." Potential
trespassers know this and search for WAPs with default SSIDs. Change this
immediately to a unique SSID of your choice.
Disable SSID broadcasting
Most WAPs will broadcast their SSID, inviting any nearby computers to try and
connect to them. Turning off this feature forces malicious users to know
your SSID before they can connect.
Enable and require encryption
By default, all data sent over your wireless network is unencrypted, making
it easy for malicious parties to intercept anything and everything you're
sending and receiving over the network: passwords, pictures, etc. Most wireless
networking products will support 128-bit WEP encryption, and many newer products
will support the superior WPA encryption. You should enable the strongest
encryption available on your WAP and require that connecting computers use
it.
Enable MAC Address filtering
This feature allows only certain computers to connect to your WAP, making it
much more difficult for trespassers to use your network.
Update drivers and firmware
Check with your equipment manufacturer for updated WAP firmware and wireless
card drivers. Firmware is the software that runs on your WAP. Vendors from
time to time update their firmware to fix bugs and to remove security holes.
New security features and fixes are often introduced in these updates, so
it's important to keep up-to-date.
Use encrypted connections when possible
For an additional level of security, use encrypted connections for activities
like viewing web pages, checking email, and transferring files. Many internet
service providers now offer SSL-encrypted email and secure FTP services;
if yours does not, encourage them to do so.
Run security software and keep your OS patched
It's essential that all computer users keep up-to-date with threats to their
machines. Windows machines are most frequently targeted for attack, so Windows
users must be especially careful to protect their machines against threats
and keep up-to-date with patches via Windows Update.
Good options for
security software for Windows include:
Symantec Anti-Virus Corporate Edition - Available for Penn
faculty, staff and students at: http://www.upenn.edu/computing/product/.
ZoneAlarm Basic from ZoneLabs - A powerful personal firewall
tool that helps protect against external attacks and keeps programs on your
computer from accessing the internet without your
knowledge.
Mac OS X users should use the Software Update feature on their machines to
download and install security updates.
More Info
Source: Professor Eugene Spafford, Executive Director Center for Education and Research in Information Assurance and Security
|
