Setup a Secure Wireless Network

Creating a secure wireless network at home is more significant than many realize. Safeguarding the various amounts of personal data stored on home PC’s should be of utmost concern. I’ve drove around my neighborhood and found numerous unsecure wireless access points. If I wanted to, I could have waltzed into their network and acquired any unsecured data and transmissions. Instead, I notified the owner of the vulnerability. It is amazing how oblivious the masses are to wireless security. Hence, this article.

What needs to happen in a nutshell: purchasing the right hardware, appropriately configuring the wireless access point, installing beneficial software, setting up operating system security, and smart computer usage.

What is a Wireless Network?

A Wireless Local Area Network, or WLAN, is the linking of two or more computers without the use of a wired connection. The popularity of “going wireless” and the use of Laptops is growing in both business and home networks. The aggravation and mess that Ethernet cables and massive desktops create is an obvious benefit of installing a wireless network over a traditional LAN. Setting up a wireless infrastructure is also less physically and logistically demanding. However, with wireless flexibility comes a price.

The problem with wireless
Wired networks have a few characteristics that are advantageous over the WLAN. Wired technology, such as cables, hubs, and switches, have been in development for much longer than their wireless counterparts. Therefore, traditional Ethernet connected networks are more reliable, faster, and secure. Unfortunately, Wireless LANs also suffer from interference of various home appliances. Technology in the wireless family is ever improving, and will at some point rival the performance, dependability, and security of wired devices. Regardless of wireless’ shortcomings, mobility and the absence of cables may be more important to some.

Wireless network technology
Before I get into how to properly secure a wireless network, I would like to explain the technology just a bit. The three popular standards for wireless communications are IEEE 802.11a, 802.11b, and 802.11g commonly referred to as Wi-Fi. 802.11a transfers data up to 54 Mbps at a frequency of 5 GHz, is the most expensive, and is utilized by businesses more so than home users. 802.11b can only reach a data transfer of 11 Mbps at a frequency of 2.4 GHz, is more affordable, and use to be seen in home networks quite frequently. The newer wireless standard is 802.11g which is an extension of 802.11b, but allowing for 54 Mbps data transfer rate.

An important security concern for wireless networks is that 802.11b and 802.11g both transmit over the unlicensed radio spectrum of 2.4 GHz. The signal can be intercepted hundreds of feet away giving neighbors and anyone with enough desire a direct gateway into your network. To protect the gateway and secure your machines, multilevel security measures have to be implemented. However, there are currently a variety of standards in development that are attempting to improve upon the security of wireless technology.

Wireless Needs
Assessing the needs of your wireless network is an important part of choosing the right equipment. Any wireless infrastructure requires a wireless Network Interface Card and a Wireless Access Point with the same standard, such as 802.11g. I do not suggest connecting systems Ad-Hoc, they are void of the protections offered by routing devices. Security concerns can be addressed with correct configuration of access points, firewalls, authentication requirements, access permissions, and encryption techniques.

Many router manufacturers offer step by step installation instructions via documentation or software. The basic setup is the connection of the wireless access point (router) to your service provider’s modem. Follow the wizard’s directions and connect the computers to the network. Immediately update drivers for all devices, hardware, and the operating system.

How to Configure a Wireless Router

The wireless router requires configuring before any sense of security is available. The first thing you should do is place the wireless hub as close to the center of your house as possible. This will reduce the area of service outside the home. You want to keep your Wi-Fi broadcast radius to a minimum.

The next step should be to enable the wireless encryption, such as WEP or WPA. Wired Equivalent Privacy (WEP) encrypts traffic regardless of network protocol at the physical and data level layers. Unfortunately, the WEP encryption key is vulnerable to sniffing attacks. WPA is the newest encryption system implemented with the latest wireless standard 802.11i. WPA can utilize a pre-shared key mode where encryption keys are automatically changed and authenticated between devices after a specified period of time, or after a specified number of packets has been transmitted. Encryption is a key element of a multilayered defense.

Many wireless access points broadcast their Service Set Identifier (SSID) to allow for roaming connections. A home network has little use for this feature and should be disabled. It is also advised to change the default network name and password. Turning off broadcasting will hide the SSID from unauthorized users without powerful scanning software.

Disabling the dynamic hose configuration protocol would add another layer of protection. By manually assigning IP addresses you eliminate the routers ability to non discretionally distribute IP addresses. Unfortunately, all the systems on the network now need their TCP/IP settings manually inputted. See your Operating system and wireless router’s manual on how to do these steps.

Additional Wireless Security Measures

Firewalls
Another component of the wireless access point should be a firewall. A Firewall is software built into a device that runs on at least one network interface. The firewall’s rule base determines what data is to be transmitted. Various rules can be configured, with appropriate syntax, to suit the user’s needs. To allow access of private machines the user will need to enable port forwarding on the network address translation (NAT) and define in the firewall’s rule set what IP addresses are allowed access. Devices containing firewalls built for homes are customarily user friendly with step by step manuals. Each is different, so please refer to the manufacturers instructions for specifics.

Microsoft has released a Windows Firewall with XP’s service pack 2 for persons without routers containing firewall protection. Microsoft’s firewall is fairly simple to set up. Configuring access exceptions to programs, user defined inbound traffic, and identifying local systems are easy. Microsoft even incorporated a wizard for file sharing and other settings making security for the “non-techie” achievable. However, I recommend a more robust solution, such as the firewalls included in complete security packages or even a cheap third party stand alone firewall .

Access Control List
Home networks are small enough to create a MAC access control list. A MAC address is the unique identifier attached to each network card. Enabling MAC ID filtering will create a list of approved systems which have access to the network. To locate the MAC address type ipconfig /all in the command prompt. Add the resulting displayed physical address into the MAC ID access list. This will help prevent users with unauthorized MAC addresses from entering the network.

AntiVirus
After the wireless access point is properly configured, a few basic measures should be taken on the attached systems. Security has many facets, two of which are the need to prevent unauthorized access and the need to support authorized access. The installation of antivirus software is an integral part of protecting users from the multitude of malicious software that is constantly traversing the internet. The software should be from a reputable company, automatically updated, and able to clean or quarantine infections. It should also scan stored files, random access memory, removable media, e-mail, and web transmissions. You could go with the popular but expensive brandname Symantec Norton AntiVirus , try discount versions MacroVirus or Custodia , or attempt to manage a free solution, such as AVG

User Accounts
Administrative and user account security needs to be considered. Many home networks are connected to the internet through a constant broadband connection. Users should define strong passwords to protect their accounts. Unneeded protocols, applications, and services should be disabled or uninstalled to limit the exposure to threats unnecessarily. The automatic launching of programming languages, such as Java, JavaScript, and Active X, should be turned off in the web browser and email client’s settings. Due to the storing of logon and email information, the disabling of cookies is also recommended. Customize security restrictions are configured in Internet Explorer through the use of the internet options menu, where websites can be categorized and prohibited at the user’s discretion. I have written up a tutorial on the proper way to configure user accounts for Windows XP Home. Regardless of which version of Windows you are operating, the steps are fairly similar. See the secure user accounts walkthrough for specifics.

Additional considerations should be taken if security is a high priority. Email encryption may be important to some, especially individuals working at home. You may consider using Pretty Good Privacy (PGP) which uses both symmetric and asymmetric encryption. SC Magazine recently rated PGP’s Whole Disk Encryption the "Easiest to Install" and a "Best Buy." Also, implementing a system auditing or intrusion detection system is important, otherwise intrusions may go unnoticed.

I also recommend disabling file and print sharing if you don’t need it. If you are only using the wireless technology for a roaming internet connection and don’t intend to share files with other systems on the network, follow Microsoft’s instructions below.

To configure a network to safely share files and printers on a network adapter exposed to the Internet, unbind File and Printer sharing to TCP/IP binding to the exposed adapter:

  1. Click Start, point to Settings, click Control Panel, and then double-click Network.
  2. Click TCP/IP->Network adapter, click Properties, and then click the Bindings tab.
  3. Click to clear the File and Printer Sharing check box, click OK, and then click OK. Restart your computer.
  4. Install NetBEUI. Click Start, point to Settings, click Control Panel, and then double-click Network.
  5. Click Add, click Protocol, under Manufacturers, click Microsoft and then double-click NetBEUI.
  6. Click OK to restart your computer.

These procedures should be repeated on computers that need to share files or obtain access to shared files but whose adapter is exposed to the Internet.

Regardless of how many security tactics are employed, no network is flawlessly safe from intrusion. Therefore, intelligent browsing of the internet and smart email management is of utmost importance.

- Do not linger on shady websites
- Download content from reputable sources only
- Do not open mail from an unfamiliar address
- Be wary of all attachments
- Basically, use common sense

I’ve previously written an article about phishing scams if you wish to expand your awareness of the internet’s fraudulent activity. If you have any questions, feel free to comment.